Merge pull request #672 from dataplane-app/sso-login

saul-data · web-flow · commit 26c12997a63e · 2024-08-09T11:45:47.000+01:00
fix header too large 421
diff --git a/app/mainapp/routes/apiroutes.go b/app/mainapp/routes/apiroutes.go
@@ -18,15 +18,29 @@ import (
 	"github.com/gofiber/fiber/v2"
 )
 
+type OIDCBody struct {
+	Code  string `json:"code"`
+	State string `json:"state"`
+}
+
 func APIRoutes(app *fiber.App) {
 
 	// ------- OPEN ROUTES ------
 	public := app.Group("/app/public/api")
-	public.Get("/oidc/callback", func(c *fiber.Ctx) error {
+	public.Post("/oidc/callback", func(c *fiber.Ctx) error {
 
 		ctx := c.Context()
 
-		oauth2Token, erra := authoidc.OIDCConfig.Exchange(ctx, c.Query("code"))
+		oidcbody := new(OIDCBody)
+
+		if errb := c.BodyParser(oidcbody); errb != nil {
+			return c.Status(http.StatusUnauthorized).JSON(fiber.Map{
+				"Data Platform": "Dataplane",
+				"Error":         "Auth token body parse: " + errb.Error(),
+			})
+		}
+
+		oauth2Token, erra := authoidc.OIDCConfig.Exchange(ctx, oidcbody.Code)
 		if erra != nil {
 			return c.Status(http.StatusUnauthorized).JSON(fiber.Map{
 				"Data Platform": "Dataplane",
@@ -128,7 +142,7 @@ func APIRoutes(app *fiber.App) {
 			})
 		}
 
-		if nonceCheck.State != c.Query("state") {
+		if nonceCheck.State != oidcbody.State {
 			return c.Status(http.StatusUnauthorized).JSON(fiber.Map{
 				"Data Platform": "Dataplane",
 				"Error":         "Request expired. SSO state not found, please login again.",
diff --git a/frontend/src/pages/SSORedirect.jsx b/frontend/src/pages/SSORedirect.jsx
@@ -15,10 +15,15 @@ const SSORedirect = () => {
         try {
             // loop through each query parameter and add all of them to api endpoint
             const queryParams = new URLSearchParams(window.location.search);
-            const apiEndpoint = '/oidc/callback?' + queryParams.toString();
+            // + queryParams.toString()
+            const apiEndpoint = '/oidc/callback';
+            const body = {
+                code: queryParams.get('code'),
+                state: queryParams.get('state'),
+            };
             // console.log(apiEndpoint);
 
-            PublicAPI(apiEndpoint, {}, 'GET').then((response) => {
+            PublicAPI(apiEndpoint, JSON.stringify(body), 'POST').then((response) => {
                 if (response.status === 200) {
                     setAuthStrategy('success');
                     localStorage.setItem('refresh_token', response.body.refresh_token);
