mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-07-18 19:36:02 +00:00
fix: thread resource indicator through OAuth consent flow
The consent page extracted client_id, redirect_uri, scope, state, code_challenge from URL params but silently dropped `resource`. Without it the auth code had no resource binding, tokens were issued with audience=null, and the MCP handler's RFC 8707 audience check rejected every token — "There was a problem connecting TREK." Fix: extract `resource` from URLSearchParams and forward it through oauthApi.validate() and oauthApi.authorize(). Add the field to both API type signatures.
This commit is contained in:
@@ -143,6 +143,7 @@ export const oauthApi = {
|
|||||||
state?: string
|
state?: string
|
||||||
code_challenge: string
|
code_challenge: string
|
||||||
code_challenge_method: string
|
code_challenge_method: string
|
||||||
|
resource?: string
|
||||||
}) => apiClient.get('/oauth/authorize/validate', { params }).then(r => r.data),
|
}) => apiClient.get('/oauth/authorize/validate', { params }).then(r => r.data),
|
||||||
|
|
||||||
/** Submit user consent (approve or deny) */
|
/** Submit user consent (approve or deny) */
|
||||||
@@ -154,6 +155,7 @@ export const oauthApi = {
|
|||||||
code_challenge: string
|
code_challenge: string
|
||||||
code_challenge_method: string
|
code_challenge_method: string
|
||||||
approved: boolean
|
approved: boolean
|
||||||
|
resource?: string
|
||||||
}) => apiClient.post('/oauth/authorize', body).then(r => r.data),
|
}) => apiClient.post('/oauth/authorize', body).then(r => r.data),
|
||||||
|
|
||||||
clients: {
|
clients: {
|
||||||
|
|||||||
@@ -34,6 +34,7 @@ export default function OAuthAuthorizePage(): React.ReactElement {
|
|||||||
const state = params.get('state') || ''
|
const state = params.get('state') || ''
|
||||||
const codeChallenge = params.get('code_challenge') || ''
|
const codeChallenge = params.get('code_challenge') || ''
|
||||||
const ccMethod = params.get('code_challenge_method') || ''
|
const ccMethod = params.get('code_challenge_method') || ''
|
||||||
|
const resource = params.get('resource') || undefined
|
||||||
|
|
||||||
// Load auth state once, then validate
|
// Load auth state once, then validate
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
@@ -57,6 +58,7 @@ export default function OAuthAuthorizePage(): React.ReactElement {
|
|||||||
code_challenge: codeChallenge,
|
code_challenge: codeChallenge,
|
||||||
code_challenge_method: ccMethod,
|
code_challenge_method: ccMethod,
|
||||||
response_type: 'code',
|
response_type: 'code',
|
||||||
|
resource,
|
||||||
})
|
})
|
||||||
setValidation(result)
|
setValidation(result)
|
||||||
|
|
||||||
@@ -99,6 +101,7 @@ export default function OAuthAuthorizePage(): React.ReactElement {
|
|||||||
code_challenge: codeChallenge,
|
code_challenge: codeChallenge,
|
||||||
code_challenge_method: ccMethod,
|
code_challenge_method: ccMethod,
|
||||||
approved,
|
approved,
|
||||||
|
resource,
|
||||||
})
|
})
|
||||||
setPageState('done')
|
setPageState('done')
|
||||||
window.location.href = result.redirect
|
window.location.href = result.redirect
|
||||||
|
|||||||
Reference in New Issue
Block a user