Merge pull request #3246 from quay/joseph.schorr/QUAY-1079/oidc-improvements

OIDC improvements
2018-09-12 16:17:51 -04:00 · 2018-09-12 16:17:51 -04:00 · 54aca8206b
commit 54aca8206b
parent 867e809ddc 90c0e34945
4 changed files with 60 additions and 12 deletions
--- a/endpoints/oauth/login.py
+++ b/endpoints/oauth/login.py
@ -182,12 +182,12 @@ def _register_service(login_service):
  @oauthlogin_csrf_protect
  def callback_func():
    # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
    if error:
      return _render_ologin_error(login_service.service_name(), error)

    # Exchange the OAuth code for login information.
-    code = request.args.get('code')
+    code = request.values.get('code')
    try:
      lid, lusername, lemail = login_service.exchange_code_for_login(app.config, client, code, '')
    except OAuthLoginException as ole:
@ -217,12 +217,12 @@ def _register_service(login_service):
  @oauthlogin_csrf_protect
  def attach_func():
    # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
    if error:
      return _render_ologin_error(login_service.service_name(), error)

    # Exchange the OAuth code for login information.
-    code = request.args.get('code')
+    code = request.values.get('code')
    try:
      lid, lusername, _ = login_service.exchange_code_for_login(app.config, client, code, '/attach')
    except OAuthLoginException as ole:
@ -258,12 +258,12 @@ def _register_service(login_service):
  @oauthlogin_csrf_protect
  def cli_token_func():
    # Check for a callback error.
-    error = request.args.get('error', None)
+    error = request.values.get('error', None)
    if error:
      return _render_ologin_error(login_service.service_name(), error)

    # Exchange the OAuth code for the ID token.
-    code = request.args.get('code')
+    code = request.values.get('code')
    try:
      idtoken, _ = login_service.exchange_code_for_tokens(app.config, client, code, '/cli')
    except OAuthLoginException as ole:
@ -281,17 +281,17 @@ def _register_service(login_service):
  oauthlogin.add_url_rule('/%s/callback' % login_service.service_id(),
                          '%s_oauth_callback' % login_service.service_id(),
                          callback_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])

  oauthlogin.add_url_rule('/%s/callback/attach' % login_service.service_id(),
                          '%s_oauth_attach' % login_service.service_id(),
                          attach_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])

  oauthlogin.add_url_rule('/%s/callback/cli' % login_service.service_id(),
                          '%s_oauth_cli' % login_service.service_id(),
                          cli_token_func,
-                          methods=['GET'])
+                          methods=['GET', 'POST'])

 # Register the routes for each of the login services.
 for current_service in oauth_login.services: