From e4bc8d1778f5a47080f29398e0e0ea4605e2d6f4 Mon Sep 17 00:00:00 2001 From: Sergei Tsoganov Date: Mon, 19 Feb 2024 11:48:47 +0200 Subject: [PATCH] Added webauthn scope support --- .env.example | 2 +- server/index.js | 57 ++++++++++++++++++------------- src/pages/LoginPage/LoginPage.jsx | 12 ++++++- src/translations/en.json | 1 + src/translations/et.json | 1 + 5 files changed, 47 insertions(+), 26 deletions(-) diff --git a/.env.example b/.env.example index 379dac8..be90849 100644 --- a/.env.example +++ b/.env.example @@ -22,7 +22,7 @@ CLIENT_ID=eis_client_dev CLIENT_SECRET=asd123 # Scopes -SCOPE=openid idcard mid smartid +REACT_APP_SCOPE=openid idcard mid smartid # Response type RESPONSE_TYPE=code diff --git a/server/index.js b/server/index.js index 4c42388..b875df3 100644 --- a/server/index.js +++ b/server/index.js @@ -37,7 +37,7 @@ const { REDIRECT_URL, SESSION_SECRET, TOKEN_PATH, - SCOPE, + REACT_APP_SCOPE, RESPONSE_TYPE, } = process.env; @@ -98,31 +98,40 @@ const redirect_uri = : `https://${HOST}${REDIRECT_URL}`; // grant auth -app.use( - grant({ - defaults: { - protocol: 'https', - host: HOST, - state: true, - callback: '/auth/callback', - transport: 'querystring', +const grantConfig = { + defaults: { + protocol: 'https', + host: HOST, + state: true, + callback: '/auth/callback', + transport: 'querystring', + }, + openid: { + authorize_url: ISSUER_URL + AUTH_PATH, + access_url: ISSUER_URL + TOKEN_PATH, + oauth: 2, + key: CLIENT_ID, + secret: CLIENT_SECRET, + scope: REACT_APP_SCOPE, + redirect_uri, + response_type: RESPONSE_TYPE, + callback: REDIRECT_URL, + custom_params: { + ui_locales: LOCALE, }, - openid: { - authorize_url: ISSUER_URL + AUTH_PATH, - access_url: ISSUER_URL + TOKEN_PATH, - oauth: 2, - key: CLIENT_ID, - secret: CLIENT_SECRET, - scope: SCOPE, - redirect_uri, - response_type: RESPONSE_TYPE, - callback: REDIRECT_URL, - custom_params: { - ui_locales: LOCALE, - }, + } +}; + +if (REACT_APP_SCOPE.includes('webauthn')) { + grantConfig.openid.scope = REACT_APP_SCOPE.replace(/(?:^|\s)webauthn(?:\s|$)/, ' ').trim(); + grantConfig.openid.overrides = { + webauthn: { + scope: REACT_APP_SCOPE, }, - }) -); + }; + } + +app.use(grant(grantConfig)); app.use(helmet()); // api diff --git a/src/pages/LoginPage/LoginPage.jsx b/src/pages/LoginPage/LoginPage.jsx index 786ab20..4867561 100644 --- a/src/pages/LoginPage/LoginPage.jsx +++ b/src/pages/LoginPage/LoginPage.jsx @@ -5,7 +5,7 @@ import { Button, Container, Icon, Form } from 'semantic-ui-react'; import PropTypes from 'prop-types'; import { MainLayout, MessageModule } from '../../components'; -const { REACT_APP_SERVER_PORT, REACT_APP_URL } = process.env; +const { REACT_APP_SCOPE, REACT_APP_SERVER_PORT, REACT_APP_URL } = process.env; const authPath = process.env.NODE_ENV === 'development' @@ -48,6 +48,16 @@ function LoginPage({ user, ui }) { + {REACT_APP_SCOPE && REACT_APP_SCOPE.includes('webauthn') && ( + + )} diff --git a/src/translations/en.json b/src/translations/en.json index e2e582d..9fbc057 100644 --- a/src/translations/en.json +++ b/src/translations/en.json @@ -2,6 +2,7 @@ "actions.confirm.no": "No", "actions.confirm.yes": "Yes", "actions.login": "Sign in", + "actions.webauthn-login": "Sign in with a passkey", "actions.save": "Save", "app.title": "EIS Registrant portal", "companies.addresses": "Addresses", diff --git a/src/translations/et.json b/src/translations/et.json index d3d9d89..1d8acb2 100644 --- a/src/translations/et.json +++ b/src/translations/et.json @@ -2,6 +2,7 @@ "actions.confirm.no": "Ei", "actions.confirm.yes": "Jah", "actions.login": "Logi sisse", + "actions.webauthn-login": "Logi sisse pääsuvõtmega", "actions.save": "Salvesta", "app.title": "EIS Registreerijaportaal", "companies.addresses": "Aadressid",