From 018dfe18245a496bbb2421134b9a649723d08253 Mon Sep 17 00:00:00 2001 From: Dan Funk Date: Thu, 21 Nov 2024 15:23:30 -0500 Subject: [PATCH 1/2] be consistent about how the redirect uri is generated. --- .../services/authentication_service.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py index fc61f3834..999715a18 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py @@ -285,12 +285,16 @@ def generate_state(redirect_url: str, authentication_identifier: str) -> bytes: ) return state + def get_redirect_uri_for_login_to_server(self): + host_url = request.host_url.strip("/") + login_return_path = url_for("/v1_0.spiffworkflow_backend_routes_authentication_controller_login_return") + redirect_url_to_use = f"{host_url}{login_return_path}" + return redirect_url_to_use + def get_login_redirect_url(self, state: str, authentication_identifier: str, redirect_url: str | None = None) -> str: redirect_url_to_use = redirect_url if redirect_url_to_use is None: - host_url = request.host_url.strip("/") - login_return_path = url_for("/v1_0.spiffworkflow_backend_routes_authentication_controller_login_return") - redirect_url_to_use = f"{host_url}{login_return_path}" + redirect_url_to_use = self.get_redirect_uri_for_login_to_server() login_redirect_url = ( self.open_id_endpoint_for_name("authorization_endpoint", authentication_identifier=authentication_identifier) + f"?state={state}&" @@ -301,20 +305,23 @@ def get_login_redirect_url(self, state: str, authentication_identifier: str, red ) return login_redirect_url - def get_auth_token_object(self, code: str, authentication_identifier: str, redirect_url: str = "/v1.0/login_return") -> dict: + def get_auth_token_object(self, code: str, authentication_identifier: str) -> dict: backend_basic_auth_string = ( f"{self.client_id(authentication_identifier)}:{self.__class__.secret_key(authentication_identifier)}" ) backend_basic_auth_bytes = bytes(backend_basic_auth_string, encoding="ascii") backend_basic_auth = base64.b64encode(backend_basic_auth_bytes) + redirect_to_use = self.get_redirect_uri_for_login_to_server() + headers = { "Content-Type": "application/x-www-form-urlencoded", "Authorization": f"Basic {backend_basic_auth.decode('utf-8')}", } + data = { "grant_type": "authorization_code", "code": code, - "redirect_uri": f"{self.get_backend_url()}{redirect_url}", + "redirect_uri": redirect_to_use, } request_url = self.open_id_endpoint_for_name( From 8a007f917ac62c239e0c9542015e777da412ae55 Mon Sep 17 00:00:00 2001 From: Dan Funk Date: Thu, 21 Nov 2024 15:37:17 -0500 Subject: [PATCH 2/2] fix pyl --- .../spiffworkflow_backend/services/authentication_service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py index 999715a18..e3b500642 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py @@ -285,7 +285,7 @@ def generate_state(redirect_url: str, authentication_identifier: str) -> bytes: ) return state - def get_redirect_uri_for_login_to_server(self): + def get_redirect_uri_for_login_to_server(self) -> str: host_url = request.host_url.strip("/") login_return_path = url_for("/v1_0.spiffworkflow_backend_routes_authentication_controller_login_return") redirect_url_to_use = f"{host_url}{login_return_path}"