diff --git a/src/core/server/app/middleware/passport/strategies/jwt.ts b/src/core/server/app/middleware/passport/strategies/jwt.ts index 273bce5d3..59e27f227 100644 --- a/src/core/server/app/middleware/passport/strategies/jwt.ts +++ b/src/core/server/app/middleware/passport/strategies/jwt.ts @@ -75,6 +75,13 @@ export class JWTStrategy extends Strategy { throw new Error("token could not be decoded"); } + // TODO: add OIDC support. + // At the moment, OpenID Connect tokens are not supported here directly, + // instead, the default implementation redirects the user to the + // authorization endpoint where they login, and a redirection occurs + // yielding the token to us via the Authorization Code Flow. We then issue a + // Talk Token for that request, that the client uses after. + // Handle SSO integrations. if (this.verifiers.sso.supports(token, tenant)) { return this.verifiers.sso.verify(tokenString, token, tenant); diff --git a/src/core/server/app/middleware/passport/strategies/oidc/index.ts b/src/core/server/app/middleware/passport/strategies/oidc/index.ts index 4405e3697..b9ff305a7 100644 --- a/src/core/server/app/middleware/passport/strategies/oidc/index.ts +++ b/src/core/server/app/middleware/passport/strategies/oidc/index.ts @@ -343,7 +343,10 @@ export default class OIDCStrategy extends Strategy { const { clientID, clientSecret, authorizationURL, tokenURL } = integration; // Construct the callbackURL from the request. - const callbackURL = reconstructURL(req, "/api/tenant/auth/oidc/callback"); + const callbackURL = reconstructURL( + req, + `/api/tenant/auth/oidc/${integration.id}/callback` + ); // Create a new OAuth2Strategy, where we pass the verify callback bound to // this OIDCStrategy instance.