Track oidc authorizations by app, not client
This commit is contained in:
parent
d1312fe627
commit
3301a48750
@ -176,7 +176,7 @@ class OpenIDController extends Controller {
|
||||
{
|
||||
text: req.T('common.grant'),
|
||||
action: 'redirect',
|
||||
next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
|
||||
next: `/openid/grant-and-save/${application.id}/${uid.toLowerCase()}`,
|
||||
},
|
||||
{
|
||||
text: req.T('common.grant_once'),
|
||||
@ -189,9 +189,9 @@ class OpenIDController extends Controller {
|
||||
}
|
||||
|
||||
async grant_and_save(req, res, next) {
|
||||
if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
|
||||
if ( !req.user.has_authorized({ client_id: req.params.app_id }) ) {
|
||||
req.user.authorize({
|
||||
client_id: req.params.client_id,
|
||||
client_id: req.params.app_id,
|
||||
api_scopes: ['openid-connect'],
|
||||
})
|
||||
|
||||
|
@ -7,7 +7,7 @@ const openid = {
|
||||
],
|
||||
|
||||
get: {
|
||||
'/grant-and-save/:client_id/:uid': [
|
||||
'/grant-and-save/:app_id/:uid': [
|
||||
'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
|
||||
],
|
||||
'/interaction/:uid': [
|
||||
|
Loading…
Reference in New Issue
Block a user