Skip to content

Commit 28316ed

Browse files
author
Dorian Weidler
committed
Fixing disableAtHashCheck
1 parent a1652dc commit 28316ed

File tree

2 files changed

+64
-68
lines changed

2 files changed

+64
-68
lines changed

docs/injectables/OAuthService.html

+52-54
Original file line numberDiff line numberDiff line change
@@ -860,8 +860,8 @@ <h3 id="methods">
860860

861861
<tr>
862862
<td class="col-md-4">
863-
<div class="io-line">Defined in <a href="" data-line="1986"
864-
class="link-to-prism">projects/lib/src/oauth-service.ts:1986</a></div>
863+
<div class="io-line">Defined in <a href="" data-line="1984"
864+
class="link-to-prism">projects/lib/src/oauth-service.ts:1984</a></div>
865865
</td>
866866
</tr>
867867

@@ -1174,8 +1174,8 @@ <h3 id="methods">
11741174

11751175
<tr>
11761176
<td class="col-md-4">
1177-
<div class="io-line">Defined in <a href="" data-line="2110"
1178-
class="link-to-prism">projects/lib/src/oauth-service.ts:2110</a></div>
1177+
<div class="io-line">Defined in <a href="" data-line="2108"
1178+
class="link-to-prism">projects/lib/src/oauth-service.ts:2108</a></div>
11791179
</td>
11801180
</tr>
11811181

@@ -1287,8 +1287,8 @@ <h3 id="methods">
12871287

12881288
<tr>
12891289
<td class="col-md-4">
1290-
<div class="io-line">Defined in <a href="" data-line="2120"
1291-
class="link-to-prism">projects/lib/src/oauth-service.ts:2120</a></div>
1290+
<div class="io-line">Defined in <a href="" data-line="2118"
1291+
class="link-to-prism">projects/lib/src/oauth-service.ts:2118</a></div>
12921292
</td>
12931293
</tr>
12941294

@@ -1562,8 +1562,8 @@ <h3 id="methods">
15621562

15631563
<tr>
15641564
<td class="col-md-4">
1565-
<div class="io-line">Defined in <a href="" data-line="2180"
1566-
class="link-to-prism">projects/lib/src/oauth-service.ts:2180</a></div>
1565+
<div class="io-line">Defined in <a href="" data-line="2178"
1566+
class="link-to-prism">projects/lib/src/oauth-service.ts:2178</a></div>
15671567
</td>
15681568
</tr>
15691569

@@ -1739,8 +1739,8 @@ <h3 id="methods">
17391739

17401740
<tr>
17411741
<td class="col-md-4">
1742-
<div class="io-line">Defined in <a href="" data-line="2078"
1743-
class="link-to-prism">projects/lib/src/oauth-service.ts:2078</a></div>
1742+
<div class="io-line">Defined in <a href="" data-line="2076"
1743+
class="link-to-prism">projects/lib/src/oauth-service.ts:2076</a></div>
17441744
</td>
17451745
</tr>
17461746

@@ -2088,8 +2088,8 @@ <h3 id="methods">
20882088

20892089
<tr>
20902090
<td class="col-md-4">
2091-
<div class="io-line">Defined in <a href="" data-line="1905"
2092-
class="link-to-prism">projects/lib/src/oauth-service.ts:1905</a></div>
2091+
<div class="io-line">Defined in <a href="" data-line="1903"
2092+
class="link-to-prism">projects/lib/src/oauth-service.ts:1903</a></div>
20932093
</td>
20942094
</tr>
20952095

@@ -2131,8 +2131,8 @@ <h3 id="methods">
21312131

21322132
<tr>
21332133
<td class="col-md-4">
2134-
<div class="io-line">Defined in <a href="" data-line="1921"
2135-
class="link-to-prism">projects/lib/src/oauth-service.ts:1921</a></div>
2134+
<div class="io-line">Defined in <a href="" data-line="1919"
2135+
class="link-to-prism">projects/lib/src/oauth-service.ts:1919</a></div>
21362136
</td>
21372137
</tr>
21382138

@@ -2175,8 +2175,8 @@ <h3 id="methods">
21752175

21762176
<tr>
21772177
<td class="col-md-4">
2178-
<div class="io-line">Defined in <a href="" data-line="1928"
2179-
class="link-to-prism">projects/lib/src/oauth-service.ts:1928</a></div>
2178+
<div class="io-line">Defined in <a href="" data-line="1926"
2179+
class="link-to-prism">projects/lib/src/oauth-service.ts:1926</a></div>
21802180
</td>
21812181
</tr>
21822182

@@ -2216,8 +2216,8 @@ <h3 id="methods">
22162216

22172217
<tr>
22182218
<td class="col-md-4">
2219-
<div class="io-line">Defined in <a href="" data-line="1878"
2220-
class="link-to-prism">projects/lib/src/oauth-service.ts:1878</a></div>
2219+
<div class="io-line">Defined in <a href="" data-line="1876"
2220+
class="link-to-prism">projects/lib/src/oauth-service.ts:1876</a></div>
22212221
</td>
22222222
</tr>
22232223

@@ -2259,8 +2259,8 @@ <h3 id="methods">
22592259

22602260
<tr>
22612261
<td class="col-md-4">
2262-
<div class="io-line">Defined in <a href="" data-line="1867"
2263-
class="link-to-prism">projects/lib/src/oauth-service.ts:1867</a></div>
2262+
<div class="io-line">Defined in <a href="" data-line="1865"
2263+
class="link-to-prism">projects/lib/src/oauth-service.ts:1865</a></div>
22642264
</td>
22652265
</tr>
22662266

@@ -2302,8 +2302,8 @@ <h3 id="methods">
23022302

23032303
<tr>
23042304
<td class="col-md-4">
2305-
<div class="io-line">Defined in <a href="" data-line="1889"
2306-
class="link-to-prism">projects/lib/src/oauth-service.ts:1889</a></div>
2305+
<div class="io-line">Defined in <a href="" data-line="1887"
2306+
class="link-to-prism">projects/lib/src/oauth-service.ts:1887</a></div>
23072307
</td>
23082308
</tr>
23092309

@@ -2345,8 +2345,8 @@ <h3 id="methods">
23452345

23462346
<tr>
23472347
<td class="col-md-4">
2348-
<div class="io-line">Defined in <a href="" data-line="1940"
2349-
class="link-to-prism">projects/lib/src/oauth-service.ts:1940</a></div>
2348+
<div class="io-line">Defined in <a href="" data-line="1938"
2349+
class="link-to-prism">projects/lib/src/oauth-service.ts:1938</a></div>
23502350
</td>
23512351
</tr>
23522352

@@ -2389,8 +2389,8 @@ <h3 id="methods">
23892389

23902390
<tr>
23912391
<td class="col-md-4">
2392-
<div class="io-line">Defined in <a href="" data-line="1932"
2393-
class="link-to-prism">projects/lib/src/oauth-service.ts:1932</a></div>
2392+
<div class="io-line">Defined in <a href="" data-line="1930"
2393+
class="link-to-prism">projects/lib/src/oauth-service.ts:1930</a></div>
23942394
</td>
23952395
</tr>
23962396

@@ -2430,8 +2430,8 @@ <h3 id="methods">
24302430

24312431
<tr>
24322432
<td class="col-md-4">
2433-
<div class="io-line">Defined in <a href="" data-line="1911"
2434-
class="link-to-prism">projects/lib/src/oauth-service.ts:1911</a></div>
2433+
<div class="io-line">Defined in <a href="" data-line="1909"
2434+
class="link-to-prism">projects/lib/src/oauth-service.ts:1909</a></div>
24352435
</td>
24362436
</tr>
24372437

@@ -2719,8 +2719,8 @@ <h3 id="methods">
27192719

27202720
<tr>
27212721
<td class="col-md-4">
2722-
<div class="io-line">Defined in <a href="" data-line="1951"
2723-
class="link-to-prism">projects/lib/src/oauth-service.ts:1951</a></div>
2722+
<div class="io-line">Defined in <a href="" data-line="1949"
2723+
class="link-to-prism">projects/lib/src/oauth-service.ts:1949</a></div>
27242724
</td>
27252725
</tr>
27262726

@@ -2762,8 +2762,8 @@ <h3 id="methods">
27622762

27632763
<tr>
27642764
<td class="col-md-4">
2765-
<div class="io-line">Defined in <a href="" data-line="1968"
2766-
class="link-to-prism">projects/lib/src/oauth-service.ts:1968</a></div>
2765+
<div class="io-line">Defined in <a href="" data-line="1966"
2766+
class="link-to-prism">projects/lib/src/oauth-service.ts:1966</a></div>
27672767
</td>
27682768
</tr>
27692769

@@ -2805,8 +2805,8 @@ <h3 id="methods">
28052805

28062806
<tr>
28072807
<td class="col-md-4">
2808-
<div class="io-line">Defined in <a href="" data-line="2150"
2809-
class="link-to-prism">projects/lib/src/oauth-service.ts:2150</a></div>
2808+
<div class="io-line">Defined in <a href="" data-line="2148"
2809+
class="link-to-prism">projects/lib/src/oauth-service.ts:2148</a></div>
28102810
</td>
28112811
</tr>
28122812

@@ -3165,8 +3165,8 @@ <h3 id="methods">
31653165

31663166
<tr>
31673167
<td class="col-md-4">
3168-
<div class="io-line">Defined in <a href="" data-line="2135"
3169-
class="link-to-prism">projects/lib/src/oauth-service.ts:2135</a></div>
3168+
<div class="io-line">Defined in <a href="" data-line="2133"
3169+
class="link-to-prism">projects/lib/src/oauth-service.ts:2133</a></div>
31703170
</td>
31713171
</tr>
31723172

@@ -3638,8 +3638,8 @@ <h3 id="methods">
36383638

36393639
<tr>
36403640
<td class="col-md-4">
3641-
<div class="io-line">Defined in <a href="" data-line="1996"
3642-
class="link-to-prism">projects/lib/src/oauth-service.ts:1996</a></div>
3641+
<div class="io-line">Defined in <a href="" data-line="1994"
3642+
class="link-to-prism">projects/lib/src/oauth-service.ts:1994</a></div>
36433643
</td>
36443644
</tr>
36453645

@@ -3714,8 +3714,8 @@ <h3 id="methods">
37143714

37153715
<tr>
37163716
<td class="col-md-4">
3717-
<div class="io-line">Defined in <a href="" data-line="1895"
3718-
class="link-to-prism">projects/lib/src/oauth-service.ts:1895</a></div>
3717+
<div class="io-line">Defined in <a href="" data-line="1893"
3718+
class="link-to-prism">projects/lib/src/oauth-service.ts:1893</a></div>
37193719
</td>
37203720
</tr>
37213721

@@ -9781,20 +9781,8 @@ <h3 id="inputs">
97819781
loadKeys: () &#x3D;&gt; this.loadJwks()
97829782
};
97839783

9784-
9785-
return this.checkAtHash(validationParams)
9786-
.then(atHashValid &#x3D;&gt; {
9787-
if (
9788-
!this.disableAtHashCheck &amp;&amp;
9789-
this.requestAccessToken &amp;&amp;
9790-
!atHashValid
9791-
) {
9792-
const err &#x3D; &#x27;Wrong at_hash&#x27;;
9793-
this.logger.warn(err);
9794-
return Promise.reject(err);
9795-
}
9796-
97979784
return this.checkSignature(validationParams).then(_ &#x3D;&gt; {
9785+
const atHashCheckEnabled &#x3D; !this.disableAtHashCheck;
97989786
const result: ParsedIdToken &#x3D; {
97999787
idToken: idToken,
98009788
idTokenClaims: claims,
@@ -9803,9 +9791,19 @@ <h3 id="inputs">
98039791
idTokenHeaderJson: headerJson,
98049792
idTokenExpiresAt: expiresAtMSec
98059793
};
9794+
if(atHashCheckEnabled) {
9795+
return this.checkAtHash(validationParams).then(atHashValid &#x3D;&gt; {
9796+
if(this.requestAccessToken &amp;&amp; !atHashValid) {
9797+
const err &#x3D; &#x27;Wrong at_hash&#x27;;
9798+
this.logger.warn(err);
9799+
return Promise.reject(err);
9800+
} else {
98069801
return result;
9802+
}
98079803
});
9808-
9804+
} else {
9805+
return result;
9806+
}
98099807
});
98109808
}
98119809

projects/lib/src/oauth-service.ts

+12-14
Original file line numberDiff line numberDiff line change
@@ -1833,20 +1833,8 @@ export class OAuthService extends AuthConfig implements OnDestroy {
18331833
loadKeys: () => this.loadJwks()
18341834
};
18351835

1836-
1837-
return this.checkAtHash(validationParams)
1838-
.then(atHashValid => {
1839-
if (
1840-
!this.disableAtHashCheck &&
1841-
this.requestAccessToken &&
1842-
!atHashValid
1843-
) {
1844-
const err = 'Wrong at_hash';
1845-
this.logger.warn(err);
1846-
return Promise.reject(err);
1847-
}
1848-
18491836
return this.checkSignature(validationParams).then(_ => {
1837+
const atHashCheckEnabled = !this.disableAtHashCheck;
18501838
const result: ParsedIdToken = {
18511839
idToken: idToken,
18521840
idTokenClaims: claims,
@@ -1855,9 +1843,19 @@ export class OAuthService extends AuthConfig implements OnDestroy {
18551843
idTokenHeaderJson: headerJson,
18561844
idTokenExpiresAt: expiresAtMSec
18571845
};
1846+
if(atHashCheckEnabled) {
1847+
return this.checkAtHash(validationParams).then(atHashValid => {
1848+
if(this.requestAccessToken && !atHashValid) {
1849+
const err = 'Wrong at_hash';
1850+
this.logger.warn(err);
1851+
return Promise.reject(err);
1852+
} else {
18581853
return result;
1854+
}
18591855
});
1860-
1856+
} else {
1857+
return result;
1858+
}
18611859
});
18621860
}
18631861

0 commit comments

Comments
 (0)