Merge pull request #604 from openziti/fix.2282.oidc.totp.flow

andrewpmartinez · web-flow · commit 02841ee7dc78 · 2024-08-01T15:29:32.000-04:00
related to openziti/ziti#2282 totp OIDC flow fixes
diff --git a/edge-apis/authwrapper.go b/edge-apis/authwrapper.go
@@ -735,7 +735,7 @@ func oidcAuth(clientTransportPool ClientTransportPool, credentials Credentials,
 			return nil, fmt.Errorf("remote op login response is expected to be HTTP status %d got %d with body: %s", http.StatusOK, resp.StatusCode(), resp.Body())
 		}
 
-		authRequestId := resp.Header().Get(AuthRequestIdHeader)
+		authRequestId := payload.AuthRequestId
 		totpRequiredHeader := resp.Header().Get(TotpRequiredHeader)
 		totpRequired := totpRequiredHeader != ""
 		totpCode := ""
@@ -775,11 +775,14 @@ func oidcAuth(clientTransportPool ClientTransportPool, credentials Credentials,
 				}
 
 				return nil, apiErr
-
 			}
 		}
 
-		tokens := <-rpServer.TokenChan
+		var tokens *oidc.Tokens[*oidc.IDTokenClaims]
+		select {
+		case tokens = <-rpServer.TokenChan:
+		case <-time.After(30 * time.Minute):
+		}
 
 		if tokens == nil {
 			return nil, errors.New("authentication did not complete, received nil tokens")

Original file line number	Diff line number	Diff line change
`@@ -735,7 +735,7 @@ func oidcAuth(clientTransportPool ClientTransportPool, credentials Credentials,`
`735`	`735`	`return nil, fmt.Errorf("remote op login response is expected to be HTTP status %d got %d with body: %s", http.StatusOK, resp.StatusCode(), resp.Body())`
`736`	`736`	`}`
`737`	`737`
`738`		`- authRequestId := resp.Header().Get(AuthRequestIdHeader)`
	`738`	`+ authRequestId := payload.AuthRequestId`
`739`	`739`	`totpRequiredHeader := resp.Header().Get(TotpRequiredHeader)`
`740`	`740`	`totpRequired := totpRequiredHeader != ""`
`741`	`741`	`totpCode := ""`
`@@ -775,11 +775,14 @@ func oidcAuth(clientTransportPool ClientTransportPool, credentials Credentials,`
`775`	`775`	`}`
`776`	`776`
`777`	`777`	`return nil, apiErr`
`778`		`-`
`779`	`778`	`}`
`780`	`779`	`}`
`781`	`780`
`782`		`- tokens := <-rpServer.TokenChan`
	`781`	`+ var tokens oidc.Tokens[oidc.IDTokenClaims]`
	`782`	`+ select {`
	`783`	`+ case tokens = <-rpServer.TokenChan:`
	`784`	`+ case <-time.After(30 * time.Minute):`
	`785`	`+ }`
`783`	`786`
`784`	`787`	`if tokens == nil {`
`785`	`788`	`return nil, errors.New("authentication did not complete, received nil tokens")`