PKCE implementation

2026-03-14 14:16:06 +00:00 · 2023-04-08 15:42:50 +02:00
parent f27a14c860
commit 06feac925b
6 changed files with 158 additions and 33 deletions
--- a/src/runtime/composables/useAuth.ts
+++ b/src/runtime/composables/useAuth.ts
@@ -1,5 +1,6 @@
 import {CookieRef, navigateTo, useCookie, useRuntimeConfig} from "#app";
 import {ModuleOptions} from "../../module";
+import {generateRandomString, getChallengeFromVerifier} from "../support";

 declare interface ComposableOptions {
  fetchUserOnInitialization: boolean
@@ -7,6 +8,7 @@ declare interface ComposableOptions {

 let user: CookieRef<any>;
 let accessToken: CookieRef<any>;
+let refreshToken: CookieRef<any>;

 export default async (options: ComposableOptions = {
  fetchUserOnInitialization: false
@@ -14,8 +16,9 @@ export default async (options: ComposableOptions = {
  const authConfig = useRuntimeConfig().public.oauth as ModuleOptions;
  if (user == null) user = useCookie('oauth_user');
  if (accessToken == null) accessToken = useCookie('oauth_access_token');
+  if (refreshToken == null) refreshToken = useCookie('oauth_refresh_token');

-  const fetchUser = async () => {
+  const fetchUser = async (): Promise<void> => {
    try {
      const response = await fetch(authConfig.endpoints.userInfo, {
        headers: {
@@ -32,15 +35,28 @@ export default async (options: ComposableOptions = {
    }
  }

-  const signIn = async () => {
+  const signIn = async (): Promise<void> => {
+    const state = useCookie<string>('oauth_state');
+    state.value = generateRandomString();
+
    // create oauth authorization url
    const params = new URLSearchParams({
      client_id: authConfig.clientId,
      redirect_uri: window.location.origin + authConfig.redirect.callback,
-      response_type: 'token',
-      scope: authConfig.scope.join(' ')
+      response_type: authConfig.responseType,
+      scope: authConfig.scope.join(' '),
+      state: state.value,
+      prompt: authConfig.prompt
    })

+    if (authConfig.responseType === 'code') {
+      const codeVerifier = useCookie<string>('oauth_code_verifier');
+      codeVerifier.value = generateRandomString();
+
+      params.set('code_challenge', await getChallengeFromVerifier(codeVerifier.value))
+      params.set('code_challenge_method', 'S256')
+    }
+
    window.location.href = `${authConfig.endpoints.authorization}?${params.toString()}`
  };

@@ -61,11 +77,15 @@ export default async (options: ComposableOptions = {
    return navigateTo(authConfig.redirect.logout)
  }

-  const setBearerToken = async (token: string, tokenType: string, expires: number) => {
+  const setBearerToken = async (token: string, tokenType: string, expires: number): Promise<void> => {
    accessToken.value = {token, tokenType, expiresAt: Date.now() + expires * 1000};
    await fetchUser()
  }

+  const setRefreshToken = async (token: string, tokenType: string, expires: number): Promise<void> => {
+    refreshToken.value = {token, tokenType, expiresAt: Date.now() + expires * 1000};
+  }
+
  // Initialize the user if the option is set to true
  if (options.fetchUserOnInitialization) {
    await fetchUser()
@@ -82,8 +102,10 @@ export default async (options: ComposableOptions = {
    signIn,
    signOut,
    setBearerToken,
+    setRefreshToken,
    bearerToken,
    accessToken,
+    refreshToken,
    authConfig
  }
 }