Update to handle basic auth for gittea compatibility

2025-08-05 00:36:01 -04:00 · 2025-08-05 00:36:01 -04:00 · 098927e770
commit 098927e770
parent 948b52998e
3 changed files with 17 additions and 9 deletions
--- a/app/Http/Controllers/OIDCController.php
+++ b/app/Http/Controllers/OIDCController.php
@ -83,7 +83,14 @@ class OIDCController extends Controller
        // whatever comes in the request
        $client = Application::findOrFail($payload['client_id']);

+        // Support basic auth. Sometimes the ID and secret might
+        // come in the header since it's TECHNICALLY part
+        // of the oauth spec
+        $client_id = $request->client_id ?? $request->getUser();
+        $client_secret = $request->client_secret ?? $request->getPassword();
+
        if ($request->has('code_verifier')) {
+
            // PKCE validation
            $verifier = $request->code_verifier;
            $method = $payload['code_challenge_method'] ?? 'plain';
@ -97,13 +104,14 @@ class OIDCController extends Controller
            if (!$valid) {
                abort(403, 'Invalid PKCE code_verifier');
            }
-        } elseif ($request->has('client_id') && $request->has('client_secret')) {
+        } elseif (!empty($client_id) && !empty($client_secret)) {
            // Client credentials validation
-            if ($request->client_id !== $client->client_id) {
+            if ($client_id !== $client->client_id) {
                abort(403, 'Client ID mismatch');
            }

-            if (!hash_equals($client->client_secret, $request->client_secret)) {
+
+            if (!hash_equals($client_secret, $client->client_secret)) {
                abort(403, 'Invalid client secret');
            }
        } else {
--- a/resources/views/livewire/app-info-modal.blade.php
+++ b/resources/views/livewire/app-info-modal.blade.php
@ -38,7 +38,7 @@
            <div x-show="!dockerView" class="space-y-4">
                <flux:input label="Client ID" disabled value="{{$app->client_id}}" copyable />
                <flux:input label="Client Secret" disabled value="{{$app->client_secret}}" copyable />
-                <flux:input label="Redirect URI" disabled value="{{$app->redirect_uri}}" copyable />
+                <flux:input label="OIDC Discovery" disabled value="{{route('auth.openid-configuration')}}" copyable />
                <flux:input label="Authorization Endpoint" disabled value="{{route('auth.authorize')}}" copyable />
                <flux:input label="Token Endpoint" disabled value="{{route('auth.token')}}" copyable />
                <flux:input label="User Endpoint" disabled value="{{route('auth.userinfo')}}" copyable />
--- a/resources/views/livewire/consent-screen.blade.php
+++ b/resources/views/livewire/consent-screen.blade.php
@ -1,5 +1,5 @@
 <div class="flex max-w-xl mx-auto min-h-svh flex-col items-center justify-center gap-6 p-6 md:p-10">
-    <x-card>
+    <x-card class="p-10">
        <flux:heading>You're about to log into</flux:heading>
        <flux:heading size="xl">{{ $client->name }}</flux:heading>
        <flux:separator />