Commit 51704ab1 authored by Revant Nandgaonkar's avatar Revant Nandgaonkar

fix(authorization-server): Updates for security

separate Trusted Client and Skip Authorization Dialog
verified and verified_email claims

allow dialog moved auto approved
parent 2272624a
......@@ -69,6 +69,8 @@ export class OAuth2Service {
name: user.name,
email: user.email,
roles: user.roles,
verified_email: user.email,
verified: user.email ? true : false,
});
}),
);
......
......@@ -213,8 +213,13 @@ export class OAuth2orizeSetup implements OnModuleInit, OnApplicationBootstrap {
async (client, user, done) => {
// Check if grant request qualifies for immediate approval
if (!user) return done(null, false);
// Auto-approve
if (client.isTrusted) return done(null, true);
if (client.isTrusted) {
return done(null, true);
} else if (client.autoApprove) {
return done(null, true);
}
try {
// findByUserIdAndClientId
......
......@@ -10,6 +10,7 @@ export interface Client extends Document {
clientId?: string;
clientSecret?: string;
isTrusted?: number;
autoApprove?: boolean;
redirectUris?: string[];
allowedScopes?: string[];
userDeleteEndpoint?: string;
......
......@@ -13,6 +13,7 @@ const schema = new mongoose.Schema(
clientId: { type: String, default: uuidv4 },
clientSecret: { type: String, default: randomBytes32 },
isTrusted: Number,
autoApprove: Boolean,
redirectUris: [String],
allowedScopes: [String],
userDeleteEndpoint: String,
......
......@@ -4,6 +4,7 @@ import {
IsString,
IsNumberString,
ValidateNested,
IsBoolean,
} from 'class-validator';
import { ApiModelProperty } from '@nestjs/swagger';
import { i18n } from '../../../i18n/i18n.config';
......@@ -23,11 +24,21 @@ export class CreateClientDto {
@IsNumberString()
@IsOptional()
@ApiModelProperty({
description: i18n.__('Skips the Allow/Deny screen if value is 1'),
description: i18n.__(
'Treat this as internal trusted client if trust is greater than 0',
),
type: 'number',
})
isTrusted: number;
@IsBoolean()
@IsOptional()
@ApiModelProperty({
description: i18n.__('Skips the Allow/Deny screen if value is true'),
type: 'boolean',
})
autoApprove: boolean;
@ApiModelProperty({
description: i18n.__(
'Client app endpoint which will receive the token/code',
......
......@@ -74,5 +74,7 @@
"Password less login is already disabled": "Password less login is already disabled",
"Password less login is already enabled": "Password less login is already enabled",
"Bearer Token Revoked Successfully": "Bearer Token Revoked Successfully",
"Invalid Bearer Token": "Invalid Bearer Token"
"Invalid Bearer Token": "Invalid Bearer Token",
"Treat this as internal trusted client if trust is greater than 0": "Treat this as internal trusted client if trust is greater than 0",
"Skips the Allow/Deny screen if value is true": "Skips the Allow/Deny screen if value is true"
}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment