feat: support Authorization Code Flow

Author: aborn

playground/nuxt.config.ts

@@ -41,7 +41,7 @@ export default defineNuxtConfig({
       issuer: 'http://192.168.26.114:8080/realms/test', // change to your OP addrress
       clientId: 'testClient',
       clientSecret: 'cnuLA78epx8s8vMbRxcaiXbzlS4u8bSA',
-      // callbackUrl: 'http://192.168.26.114:3000/oidc/callback', // optional
+      callbackUrl: 'http://192.168.26.114:3000/oidc/callback', // optional
       scope: [
         'email',
         'profile',
@@ -50,7 +50,7 @@ export default defineNuxtConfig({
     },
     config: {
       debug: true,
-      response_type: 'id_token token',
+      response_type: 'code',
       secret: 'oidc._sessionid',
       cookie: { loginName: '' },
       cookiePrefix: 'oidc._',

src/runtime/server/routes/oidc/callback.ts

@@ -43,9 +43,10 @@ export default defineEventHandler(async (event) => {
     res.end()
   } else if (params.code) {
     // Authorization Code Flow: code -> access_token
-    logger.debug('[CALLBACK]: has code in params')
-    const callBackUrl = op.callbackUrl.replace('cbt', 'callback')
-    const tokenSet = await issueClient.callback(callBackUrl, params, { nonce: sessionid })
+    logger.debug('[CALLBACK]: has code in params, code:' + params.code)
+    const tokenSet = await issueClient.callback(callbackUrl, params, { nonce: sessionid })
+    // logger.info('received and validated tokens %j', tokenSet)
+    // logger.info('validated ID Token claims %j', tokenSet.claims())
     if (tokenSet.access_token) {
       await getUserInfo(tokenSet.access_token)
     }