github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 09:46:30 -05:00
Code Issues Projects Releases Packages Wiki Activity

Generic OAuth2: Set state: true

Browse source 
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
This commit is contained in:
Dexter Chua 2020-06-16 16:45:23 +08:00
parent 1945a73c11
commit 852868419d
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/lib/web/auth/oauth2/index.ts
View file

@ -17,7 +17,8 @@ export const OAuth2Middleware: AuthMiddleware = {
clientSecret: config.oauth2.clientSecret, clientSecret: config.oauth2.clientSecret,
callbackURL: config.serverURL + '/auth/oauth2/callback', callbackURL: config.serverURL + '/auth/oauth2/callback',
userProfileURL: config.oauth2.userProfileURL, userProfileURL: config.oauth2.userProfileURL,
scope: config.oauth2.scope scope: config.oauth2.scope,
state: true
}, passportGeneralCallback)) }, passportGeneralCallback))
OAuth2Auth.get('/auth/oauth2', passport.authenticate('oauth2')) OAuth2Auth.get('/auth/oauth2', passport.authenticate('oauth2'))