Make our oidc client work with multiple differnet clients

InseeFrLab · Oct 9, 2023 · 8cc6faf · 8cc6faf
1 parent 5ead286
commit 8cc6faf
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/web/src/core/adapters/oidc/oidc.ts b/web/src/core/adapters/oidc/oidc.ts
@@ -5,6 +5,7 @@ import { decodeJwt } from "core/tools/jwt";
 import { assert } from "tsafe/assert";
 import { addParamToUrl, retrieveParamFromUrl } from "powerhooks/tools/urlSearchParams";
 import { Evt } from "evt";
+import { fnv1aHashToHex } from "core/tools/fnv1aHashToHex";
 
 export async function createOidc(params: {
     url: string;
@@ -28,6 +29,9 @@ export async function createOidc(params: {
         "silent_redirect_uri": `${window.location.origin}/silent-sso.html`
     });
 
+    const configHash = fnv1aHashToHex(`${url} ${realm} ${clientId}`);
+    const configHashKey = "configHash";
+
     const login: Oidc.NotLoggedIn["login"] = async () => {
         //NOTE: We know there is a extraQueryParameter option but it doesn't allow
         // to control the encoding so we have to hack the global URL Class that is
@@ -59,8 +63,14 @@ export async function createOidc(params: {
 
         Object.defineProperty(window, "URL", { "value": URL });
 
+        const { newUrl: redirect_uri } = addParamToUrl({
+            "url": window.location.href,
+            "name": configHashKey,
+            "value": configHash
+        });
+
         await userManager.signinRedirect({
-            "redirect_uri": window.location.href,
+            redirect_uri,
             "redirectMethod": "replace"
         });
         return new Promise<never>(() => {});
@@ -69,6 +79,16 @@ export async function createOidc(params: {
     read_successful_login_query_params: {
         let url = window.location.href;
 
+        {
+            const result = retrieveParamFromUrl({ "name": configHashKey, url });
+
+            if (!result.wasPresent || result.value !== configHash) {
+                break read_successful_login_query_params;
+            }
+
+            url = result.newUrl;
+        }
+
         const names = ["code", "state", "session_state"];
 
         let dummyUrl = "https://dummy.com";

diff --git a/web/src/core/tools/fnv1aHashToHex.ts b/web/src/core/tools/fnv1aHashToHex.ts
@@ -0,0 +1,8 @@
+export function fnv1aHashToHex(str: string) {
+    let hash = 2166136261;
+    for (let i = 0; i < str.length; i++) {
+        hash ^= str.charCodeAt(i);
+        hash += (hash << 1) + (hash << 4) + (hash << 7) + (hash << 8) + (hash << 24);
+    }
+    return (hash >>> 0).toString(16); // Convert to unsigned 32-bit integer and then to hexadecimal
+}