Skip to content

Commit

Permalink
👽 AuthConfig 增加忽略校验 state 的参数
Browse files Browse the repository at this point in the history
  • Loading branch information
@zhangyd-c
zhangyd-c committed Jun 28, 2020
1 parent 179287f commit fbeb4c6
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
19 changes: 19 additions & 0 deletions src/main/java/me/zhyd/oauth/config/AuthConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import com.xkcoding.http.config.HttpConfig;
import lombok.*;
import me.zhyd.oauth.model.AuthCallback;

/**
* JustAuth配置类
Expand Down Expand Up @@ -79,4 +80,22 @@ public class AuthConfig {
* @since 1.15.5
*/
private HttpConfig httpConfig;

/**
* 忽略校验 {@code state} 参数,默认不开启。当 {@code ignoreCheckState} 为 {@code true} 时,
* {@link me.zhyd.oauth.request.AuthDefaultRequest#login(AuthCallback)} 将不会校验 {@code state} 的合法性。
*
* 使用场景:当且仅当使用自实现 {@code state} 校验逻辑时开启
*
* 以下场景使用方案仅作参考:
* 1. 授权、登录为同端,并且全部使用 JustAuth 实现时,该值建议设为 {@code false};
* 2. 授权和登录为不同端实现时,比如前端页面拼装 {@code authorizeUrl},并且前端自行对{@code state}进行校验,
* 后端只负责使用{@code code}获取用户信息时,该值建议设为 {@code true};
*
* <strong>如非特殊需要,不建议开启这个配置</strong>
*
* 该方案主要为了解决以下类似场景的问题:
* @see <a href="https://github.com/justauth/JustAuth/issues/83">https://github.com/justauth/JustAuth/issues/83</a>
*/
private boolean ignoreCheckState;
}
4 changes: 3 additions & 1 deletion src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,9 @@ public AuthDefaultRequest(AuthConfig config, AuthSource source, AuthStateCache a
public AuthResponse login(AuthCallback authCallback) {
try {
AuthChecker.checkCode(source, authCallback);
AuthChecker.checkState(authCallback.getState(), source, authStateCache);
if (!config.isIgnoreCheckState()) {
AuthChecker.checkState(authCallback.getState(), source, authStateCache);
}

AuthToken authToken = this.getAccessToken(authCallback);
AuthUser user = this.getUserInfo(authToken);
Expand Down

0 comments on commit fbeb4c6

Please sign in to comment.