suimeng
/
honojs-middleware
mirror of https://github.com/honojs/middleware.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: support empty OIDC client secret with 'none' auth method

Taras Glek (aider) 2025-04-16 10:55:48 +03:00
parent 6c36f525f9
commit 94f8271c81
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
packages/oidc-auth/src/index.ts
View File

@ -113,6 +113,7 @@ const setOidcAuthEnv = (c: Context, config?: Partial<OidcAuthEnv>) => {
if (oidcAuthEnv.OIDC_CLIENT_SECRET === undefined) { if (oidcAuthEnv.OIDC_CLIENT_SECRET === undefined) {
throw new HTTPException(500, { message: 'OIDC client secret is not provided' }) throw new HTTPException(500, { message: 'OIDC client secret is not provided' })
} }
// Allow empty string as valid client secret
oidcAuthEnv.OIDC_REDIRECT_URI = oidcAuthEnv.OIDC_REDIRECT_URI ?? defaultOidcRedirectUri oidcAuthEnv.OIDC_REDIRECT_URI = oidcAuthEnv.OIDC_REDIRECT_URI ?? defaultOidcRedirectUri
if (!oidcAuthEnv.OIDC_REDIRECT_URI.startsWith('/')) { if (!oidcAuthEnv.OIDC_REDIRECT_URI.startsWith('/')) {
try { try {
@ -167,7 +168,14 @@ export const getClient = (c: Context): oauth2.Client => {
const env = getOidcAuthEnv(c) const env = getOidcAuthEnv(c)
let client = c.get('oidcClient') let client = c.get('oidcClient')
if (client === undefined) { if (client === undefined) {
client = { client =
env.OIDC_CLIENT_SECRET === ''
? {
// No client secret provided, use 'none' auth method
client_id: env.OIDC_CLIENT_ID,
token_endpoint_auth_method: 'none',
}
: {
client_id: env.OIDC_CLIENT_ID, client_id: env.OIDC_CLIENT_ID,
client_secret: env.OIDC_CLIENT_SECRET, client_secret: env.OIDC_CLIENT_SECRET,
token_endpoint_auth_method: 'client_secret_basic', token_endpoint_auth_method: 'client_secret_basic',