From 266025629672adf97e70fefd8621b42b9fd9c8f1 Mon Sep 17 00:00:00 2001 From: David Mulder Date: Wed, 22 May 2024 15:55:53 -0600 Subject: [PATCH] Fix a refresh token leak in debug from msal Signed-off-by: David Mulder --- Cargo.toml | 2 +- src/common/src/idprovider/himmelblau.rs | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 050548c..174c159 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,7 +38,7 @@ tracing-subscriber = "^0.3.17" tracing = "^0.1.37" himmelblau_unix_common = { path = "src/common" } kanidm_unix_common = { path = "src/glue" } -msal = { version = "0.2.0" } +msal = { version = "0.2.3" } graph = { path = "src/graph" } clap = { version = "^4.5", features = ["derive", "env"] } clap_complete = "^4.4.1" diff --git a/src/common/src/idprovider/himmelblau.rs b/src/common/src/idprovider/himmelblau.rs index 061cbf6..8d65ad2 100644 --- a/src/common/src/idprovider/himmelblau.rs +++ b/src/common/src/idprovider/himmelblau.rs @@ -16,9 +16,10 @@ use idmap::SssIdmap; use kanidm_hsm_crypto::{LoadableIdentityKey, LoadableMsOapxbcRsaKey, PinValue, SealedData, Tpm}; use msal::auth::{ BrokerClientApplication, ClientInfo, - DeviceAuthorizationResponse as msal_DeviceAuthorizationResponse, EnrollAttrs, IdToken, - MFAAuthContinue, UserToken as UnixUserToken, + DeviceAuthorizationResponse as msal_DeviceAuthorizationResponse, IdToken, MFAAuthContinue, + UserToken as UnixUserToken, }; +use msal::discovery::EnrollAttrs; use msal::error::{MsalError, AUTH_PENDING, DEVICE_AUTH_FAIL, REQUIRES_MFA}; use reqwest; use std::collections::HashMap;