alice.mosphere.at / indigo
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

address review comments

David Buchanan 00197d61 0c707717

+21 -14
+11 -4
atproto/auth/oauth/oauth.go
··· 579 579 580 580 // High-level helper for completing auth flow: verifies callback query parameters against persisted auth request info, makes initial token request to the auth server, validates account identifier, and persists session data. 581 581 func (app *ClientApp) ProcessCallback(ctx context.Context, params url.Values) (*ClientSessionData, error) { 582 + // There are two callback response formats, for error and non-error conditions, each expecting different 583 + // parameters. 584 + // 585 + // Error responses expect: state, error (and optionally: error_description, error_uri) 586 + // Non-error responses expect: state, iss, code 582 587 583 588 state := params.Get("state") 584 589 if state == "" { ··· 589 594 if err != nil { 590 595 return nil, fmt.Errorf("loading auth request info: %w", err) 591 596 } 597 + // This check should never fail, but it guards against a faulty ClientAuthStore implementation 592 598 if info.State != state { 593 599 return nil, fmt.Errorf("callback state doesn't match request info") 594 600 } ··· 602 608 if err == nil { 603 609 errorUri = &parsedUri 604 610 } 605 - return nil, &ErrCallback{ 606 - code: errorCode, 607 - description: params.Get("error_description"), 608 - uri: errorUri, 611 + return nil, &AuthRequestCallbackError{ 612 + ErrorCode: errorCode, 613 + ErrorDescription: params.Get("error_description"), 614 + ErrorURI: errorUri, 609 615 } 610 616 } 611 617 618 + // If we reached here, there was no `error` and we can process the rest of the parameters 612 619 authserverURL := params.Get("iss") 613 620 authCode := params.Get("code") 614 621 if authserverURL == "" || authCode == "" {
+10 -10
atproto/auth/oauth/types.go
··· 411 411 // Returned by [ClientApp.ProcessCallback] if the AS signals an error in the redirect URL parameters, per rfc6749 section 4.1.2.1 412 412 // 413 413 // NOTE: This is untrusted data and should not be e.g. rendered to HTML without appropriate escaping 414 - type ErrCallback struct { 415 - code string 416 - description string 417 - uri *syntax.URI 414 + type AuthRequestCallbackError struct { 415 + ErrorCode string 416 + ErrorDescription string 417 + ErrorURI *syntax.URI 418 418 } 419 419 420 - func (e *ErrCallback) Error() string { 421 - res := "callbackError: " + e.code 422 - if e.description != "" { 423 - res += ": " + e.description 420 + func (e *AuthRequestCallbackError) Error() string { 421 + res := "OAuth request callback error: " + e.ErrorCode 422 + if e.ErrorDescription != "" { 423 + res += ": " + e.ErrorDescription 424 424 } 425 - if e.uri != nil { 426 - res += " (" + e.uri.String() + ")" 425 + if e.ErrorURI != nil { 426 + res += " (" + e.ErrorURI.String() + ")" 427 427 } 428 428 return res 429 429 }