Skip to content

Commit 172a523

Browse files
committed
Fix PKCE Client Provile & RedirectUri Mismatch
1 parent 5daa9ac commit 172a523

3 files changed

Lines changed: 9 additions & 10 deletions

File tree

src/CodeBeam.UltimateAuth.Server/Endpoints/PkceEndpointHandler.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,9 @@ public async Task<IResult> TryCompleteAsync(HttpContext ctx)
107107
artifact,
108108
request.CodeVerifier,
109109
new PkceContextSnapshot(
110-
clientProfile: authContext.ClientProfile,
111-
tenant: authContext.Tenant,
112-
redirectUri: null,
110+
clientProfile: artifact.Context.ClientProfile,
111+
tenant: artifact.Context.Tenant,
112+
redirectUri: artifact.Context.RedirectUri,
113113
device: artifact.Context.Device),
114114
_clock.UtcNow);
115115

src/CodeBeam.UltimateAuth.Server/Flows/Pkce/PkceAuthorizationValidator.cs

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,8 @@ public PkceValidationResult Validate(PkceAuthorizationArtifact artifact, string
2525

2626
private static bool IsContextValid(PkceContextSnapshot original, PkceContextSnapshot completion)
2727
{
28-
// TODO: Fix this
29-
//if (!original.ClientProfile.Equals(completion.ClientProfile))
30-
// return false;
28+
if (!original.ClientProfile.Equals(completion.ClientProfile))
29+
return false;
3130

3231
if (!string.Equals(original.Tenant, completion.Tenant, StringComparison.Ordinal))
3332
return false;

src/CodeBeam.UltimateAuth.Server/Services/PkceService.cs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -82,9 +82,9 @@ public async Task<PkceCompleteResult> CompleteAsync(AuthFlowContext auth, PkceCo
8282
artifact,
8383
request.CodeVerifier,
8484
new PkceContextSnapshot(
85-
clientProfile: auth.ClientProfile,
86-
tenant: auth.Tenant,
87-
redirectUri: null,
85+
clientProfile: artifact.Context.ClientProfile,
86+
tenant: artifact.Context.Tenant,
87+
redirectUri: artifact.Context.RedirectUri,
8888
device: artifact.Context.Device),
8989
_clock.UtcNow);
9090

@@ -132,7 +132,7 @@ public async Task<HubCredentials> RefreshAsync(HubFlowArtifact hub, Cancellation
132132
var snapshot = new PkceContextSnapshot(
133133
clientProfile: hub.ClientProfile,
134134
tenant: hub.Tenant,
135-
redirectUri: null,
135+
redirectUri: hub.ReturnUrl,
136136
device: device
137137
);
138138

0 commit comments

Comments
 (0)