whs-authz-authn/oauth-backend
1
0
Fork 0
mirror of https://github.com/j93es/oauth-backend.git synced 2026-06-04 22:51:26 +09:00
Code Issues Projects Releases Packages Wiki Activity

Update nonce_check.py

Browse source
This commit is contained in:
sultanofdisco 2025-06-10 02:13:29 +09:00
commit 2bb887939a
1 changed files with 9 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

19
addon/nonce_check.py
View file

@ -40,14 +40,13 @@ class NonceChecker:
""" """
res = flow.response res = flow.response
# 1. JSON 응답에 id_token 있음 # 1. JSON 응답에 id_token 있음
try: if "application/json" in res.headers.get("content-type", ""):
if "application/json" in res.headers.get("content-type", ""): try:
data = res.json() data = res.json()
return data.get("id_token") return data.get("id_token")
else: except Exception:
return None pass
except Exception:
pass
# 2. Location 헤더에서 id_token 파싱 (예: #id_token=...&access_token=...) # 2. Location 헤더에서 id_token 파싱 (예: #id_token=...&access_token=...)
location = res.headers.get("location", "") location = res.headers.get("location", "")
@ -66,7 +65,7 @@ class NonceChecker:
def decode_id_token(self, flow) -> dict: def decode_id_token(self, flow) -> dict:
res = flow.response res = flow.response
id_token = self.extract_id_token(res) id_token = self.extract_id_token(flow)
if not id_token: if not id_token:
return {} return {}
try: try:
@ -85,12 +84,12 @@ class NonceChecker:
parsed = urlparse(url) parsed = urlparse(url)
fragment_params = parse_qs(parsed.fragment) fragment_params = parse_qs(parsed.fragment)
if "id token" in fragment_params: if "id_token" in fragment_params:
# id_token이 fragment에 있는 경우 # id_token이 fragment에 있는 경우
id_token = fragment_params["id token"][0] id_token = fragment_params["id_token"][0]
return True return True
id_token = self.extract_id_token(res) id_token = self.extract_id_token(flow)
decoded = self.decode_id_token(id_token) decoded = self.decode_id_token(id_token)
nonce = decoded.get("nonce") nonce = decoded.get("nonce")