UNPKG

payload-auth-plugin

Version:

Authentication plugin for Payload CMS

github.com/authsmith/payload-auth-plugin

authsmith/payload-auth-plugin

76 lines (66 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import * as oauth from "oauth4webapi" import type { OAuth2ProviderConfig } from "../../../types.js" import { getCallbackURL } from "../../utils/cb.js" import type { PayloadRequest } from "payload" export async function OAuth2Authorization( pluginType: string, request: PayloadRequest, providerConfig: OAuth2ProviderConfig, clientOrigin?: string | undefined, ): Promise<Response> { const callback_url = getCallbackURL( request.payload.config.serverURL, pluginType, providerConfig.id, ) const code_verifier = oauth.generateRandomCodeVerifier() const code_challenge = await oauth.calculatePKCECodeChallenge(code_verifier) const code_challenge_method = "S256" const { authorization_server, client_id, scope, params } = providerConfig const client: oauth.Client = { client_id, } const as = authorization_server const cookies: string[] = [] const cookieMaxage = new Date(Date.now() + 300 * 1000) const authorizationURL = new URL(as.authorization_endpoint as string) authorizationURL.searchParams.set("client_id", client.client_id) authorizationURL.searchParams.set("redirect_uri", callback_url.toString()) authorizationURL.searchParams.set("response_type", "code") authorizationURL.searchParams.set("scope", scope as string) authorizationURL.searchParams.set("code_challenge", code_challenge) authorizationURL.searchParams.set( "code_challenge_method", code_challenge_method, ) if (params) { Object.entries(params).map(([key, value]) => { authorizationURL.searchParams.set(key, value) }) } if (as.code_challenge_methods_supported?.includes("S256") !== true) { const state = oauth.generateRandomState() authorizationURL.searchParams.set("state", state) cookies.push( `__session-oauth-state=${state};Path=/;HttpOnly;SameSite=lax;Expires=${cookieMaxage.toUTCString()}`, ) } cookies.push( `__session-code-verifier=${code_verifier};Path=/;HttpOnly;SameSite=lax;Expires=${cookieMaxage.toUTCString()}`, ) if (clientOrigin && clientOrigin !== undefined) { cookies.push( `__session-client-origin=${clientOrigin};Path=/;HttpOnly;SameSite=lax;Expires=${cookieMaxage.toUTCString()}`, ) } const res = new Response(null, { status: 302, headers: { Location: authorizationURL.href, }, }) for (const c of cookies) { res.headers.append("Set-Cookie", c) } return res }