-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(auth/external): add some missing url params for external auth PKCE
exchanges
#2812
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
PKCE
search paramsPKCE
search params
@@ -1053,12 +1051,22 @@ export class MedplumClient extends EventTarget { | |||
redirectUri: string, | |||
loginRequest: BaseLoginRequest | |||
): string { | |||
const { codeChallenge, codeChallengeMethod } = loginRequest; | |||
if (!codeChallengeMethod) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this always true? I think PKCE is optional for external auth.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the way that it's implemented there is always a call to ensureCodeChallenge()
as far as I can tell. I'll double check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is currently the only place where client.getExternalAuthRedirectUri()
is called:
medplum/packages/core/src/client.ts
Lines 1014 to 1015 in 8be748f
const loginRequest = await this.ensureCodeChallenge(baseLogin); | |
window.location.assign(this.getExternalAuthRedirectUri(authorizeUrl, clientId, redirectUri, loginRequest)); |
So in the current codebase it will always have a codeChallenge
and codeChallengeMethod
. I think in this case it's better to do this check because if they aren't there in the current codebase it is likely a bug and not intentional.
I could see a case for it being more general maybe, but if it's not planned yet then this is probably better IMO.
PKCE
search paramsPKCE
exchanges
Kudos, SonarCloud Quality Gate passed! |
Use data migrations in version numbers (#2816) Fixes #2784 - Data migrations framework (#2786) Fixes #2817 - add jose to bot lambda layer (#2818) Move "public" resources into R4 Project (#2591) fix(auth/external): add some missing url params for external auth `PKCE` exchanges (#2812) Experiment: remove prettier from ESLint config, try out Biome (Rome fork) (#2748) Fixes #2808 - handle observation groups in DiagnosticReportDisplay (#2809) Adding content for Titan case study (#2806) QuestionnaireForm Cleanup (#2801) UI Clone for Lab Order Questionnaire (#2787) Lab order bot (#2791) Blog Post: GraphQL vs. Rest (#2781) Fixes #2761 - docs for bot logs and aws athena (#2779) Adding EMPI documentation (#2754) Example on Lab Ordering demo (#2716) Fixed links on about page (#2777) Adding blog material (#2776) Fixes #2771 - handle numeric return values from bots (#2775) New www 'about' page (#2770)
Use data migrations in version numbers (#2816) Fixes #2784 - Data migrations framework (#2786) Fixes #2817 - add jose to bot lambda layer (#2818) Move "public" resources into R4 Project (#2591) fix(auth/external): add some missing url params for external auth `PKCE` exchanges (#2812) Experiment: remove prettier from ESLint config, try out Biome (Rome fork) (#2748) Fixes #2808 - handle observation groups in DiagnosticReportDisplay (#2809) Adding content for Titan case study (#2806) QuestionnaireForm Cleanup (#2801) UI Clone for Lab Order Questionnaire (#2787) Lab order bot (#2791) Blog Post: GraphQL vs. Rest (#2781) Fixes #2761 - docs for bot logs and aws athena (#2779) Adding EMPI documentation (#2754) Example on Lab Ordering demo (#2716) Fixed links on about page (#2777) Adding blog material (#2776) Fixes #2771 - handle numeric return values from bots (#2775) New www 'about' page (#2770)
Closes #2810