Skip to content

Commit 5e7ed50

Browse files
shawnhankimshawnhankim
committed
Rename variable name from args to query params
1 parent 6ad8ec6 commit 5e7ed50

File tree

2 files changed

+13
-14
lines changed

2 files changed

+13
-14
lines changed

openid_connect.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ function auth(r, afterSyncCheck) {
4848
return;
4949
}
5050
// Redirect the client to the IdP login page with the cookies we need for state
51-
r.return(302, r.variables.oidc_authz_endpoint + getAuthZArgs(r));
51+
r.return(302, r.variables.oidc_authz_endpoint + getQueryParamsAuthZ(r));
5252
return;
5353
}
5454

@@ -260,16 +260,16 @@ function logout(r) {
260260
r.return(302, r.variables.oidc_logout_redirect);
261261
}
262262

263-
function getAuthZArgs(r) {
263+
function getQueryParamsAuthZ(r) {
264264
// Choose a nonce for this flow for the client, and hash it for the IdP
265265
var noncePlain = r.variables.request_id;
266266
var c = require('crypto');
267267
var h = c.createHmac('sha256', r.variables.oidc_hmac_key).update(noncePlain);
268268
var nonceHash = h.digest('base64url');
269-
var authZArgs = "?response_type=code&scope=" + r.variables.oidc_scopes + "&client_id=" + r.variables.oidc_client + "&redirect_uri="+ r.variables.redirect_base + r.variables.redir_location + "&nonce=" + nonceHash;
269+
var queryParams = "?response_type=code&scope=" + r.variables.oidc_scopes + "&client_id=" + r.variables.oidc_client + "&redirect_uri="+ r.variables.redirect_base + r.variables.redir_location + "&nonce=" + nonceHash;
270270

271-
if (r.variables.oidc_authz_extra_args) {
272-
authZArgs += "&" + r.variables.oidc_authz_extra_args;
271+
if (r.variables.oidc_authz_extra_query_params) {
272+
queryParams += "&" + r.variables.oidc_authz_extra_query_params;
273273
}
274274

275275
r.headersOut['Set-Cookie'] = [
@@ -283,11 +283,11 @@ function getAuthZArgs(r) {
283283
var pkce_code_challenge = c.createHash('sha256').update(pkce_code_verifier).digest('base64url');
284284
r.variables.pkce_code_verifier = pkce_code_verifier;
285285

286-
authZArgs += "&code_challenge_method=S256&code_challenge=" + pkce_code_challenge + "&state=" + r.variables.pkce_id;
286+
queryParams += "&code_challenge_method=S256&code_challenge=" + pkce_code_challenge + "&state=" + r.variables.pkce_id;
287287
} else {
288-
authZArgs += "&state=0";
288+
queryParams += "&state=0";
289289
}
290-
return authZArgs;
290+
return queryParams;
291291
}
292292

293293
function idpClientAuth(r) {

openid_connect_configuration.conf

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,16 +8,15 @@ map $host $oidc_authz_endpoint {
88
#www.example.com "https://my-idp/oauth2/v1/authorize";
99
}
1010

11-
map $host $oidc_authz_extra_args {
12-
# Extra arguments to include in the request to the IdP's authorization
11+
map $host $oidc_authz_extra_query_params {
12+
# Extra query params to include in the request to the IdP's authorization
1313
# endpoint.
14-
# Some IdPs provide extended capabilities controlled by extra arguments,
14+
# Some IdPs provide extended capabilities controlled by extra query params,
1515
# for example Keycloak can select an IdP to delegate to via the
1616
# "kc_idp_hint" argument.
17-
# Arguments must be expressed as query string parameters and URL-encoded
18-
# if required.
17+
# It must be expressed as query string params and URL-encoded if required.
1918
default "";
20-
#www.example.com "kc_idp_hint=another_provider"
19+
#www.example.com "kc_idp_hint=another_provider";
2120
}
2221

2322
map $host $oidc_token_endpoint {

0 commit comments

Comments
 (0)