3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-09 23:27:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: return 401 for some specific error codes (#561)

Browse source 
Fixes #551
This commit is contained in:
Cuong Manh Le 2020-03-26 08:36:03 +07:00 committed by GitHub
parent 9bee6bb648
commit 136a366e5c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
authenticate/handlers.go
View file

@ -279,12 +279,21 @@ func (a *Authenticate) OAuthCallback(w http.ResponseWriter, r *http.Request) err
return nil
}
func (a *Authenticate) statusForErrorCode(errorCode string) int {
switch errorCode {
case "access_denied", "unauthorized_client":
return http.StatusUnauthorized
default:
return http.StatusBadRequest
}
}
func (a *Authenticate) getOAuthCallback(w http.ResponseWriter, r *http.Request) (*url.URL, error) {
// Error Authentication Response: rfc6749#section-4.1.2.1 & OIDC#3.1.2.6
//
// first, check if the identity provider returned an error
if idpError := r.FormValue("error"); idpError != "" {
return nil, httputil.NewError(http.StatusBadRequest, fmt.Errorf("identity provider: %v", idpError))
return nil, httputil.NewError(a.statusForErrorCode(idpError), fmt.Errorf("identity provider: %v", idpError))
}
// fail if no session redemption code is returned
code := r.FormValue("code")