member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(frontend): validate oidc state in callback flow

Browse Source
This commit is contained in:
Chris
2026-03-30 02:47:16 +08:00
parent 70b5f34a74
commit c3f6293c83
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
frontend/src/pages/LoginPage.vue
View File

@@ -51,7 +51,13 @@ async function handleOidcLogin() {
sessionStorage.setItem('post_login_redirect', typeof redirect === 'string' ? redirect : '/me')
const callbackUrl = `${window.location.origin}/auth/callback`
const res = await getOidcAuthorizeUrl(callbackUrl)
window.location.href = res.data.authorize_url
const authorizeUrl = res.data.authorize_url
const parsed = new URL(authorizeUrl)
const state = parsed.searchParams.get('state')
if (state) {
sessionStorage.setItem('oidc_expected_state', state)
}
window.location.href = authorizeUrl
} catch (err) {
const detail = err.response?.data?.detail
if (detail === 'authentik_login_not_configured') {