TornadoCash/siwe-oidc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use cryptographically secure client secrets

Browse Source
This commit is contained in:
Simon Bihel 2022-02-19 14:45:49 +00:00
parent 3bdd57ed56
commit 950a493dc4
No known key found for this signature in database
GPG Key ID: B7013150BEAA28FD
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/oidc.rs
View File

@ -540,7 +540,11 @@ pub async fn register(
db_client: &DBClientType, db_client: &DBClientType,
) -> Result<CoreClientRegistrationResponse, CustomError> { ) -> Result<CoreClientRegistrationResponse, CustomError> {
let id = Uuid::new_v4(); let id = Uuid::new_v4();
let secret = Uuid::new_v4(); let secret: String = rand::thread_rng()
.sample_iter(&Alphanumeric)
.take(16)
.map(char::from)
.collect();
let redirect_uris = payload.redirect_uris().to_vec(); let redirect_uris = payload.redirect_uris().to_vec();
for uri in redirect_uris.iter() { for uri in redirect_uris.iter() {
@ -560,7 +564,7 @@ pub async fn register(
); );
let entry = ClientEntry { let entry = ClientEntry {
secret: secret.to_string(), secret: secret.clone(),
metadata: payload, metadata: payload,
access_token: Some(access_token.clone()), access_token: Some(access_token.clone()),
}; };
@ -572,7 +576,7 @@ pub async fn register(
EmptyAdditionalClientMetadata::default(), EmptyAdditionalClientMetadata::default(),
EmptyAdditionalClientRegistrationResponse::default(), EmptyAdditionalClientRegistrationResponse::default(),
) )
.set_client_secret(Some(ClientSecret::new(secret.to_string()))) .set_client_secret(Some(ClientSecret::new(secret)))
.set_registration_client_uri(Some(ClientConfigUrl::from_url( .set_registration_client_uri(Some(ClientConfigUrl::from_url(
base_url base_url
.join(&format!("{}/{}", CLIENT_PATH, id)) .join(&format!("{}/{}", CLIENT_PATH, id))