Fix OIDC form and redirect urls (#2695)

Closes #2674
2026-01-27 10:18:54 +00:00 · 2023-11-24 09:01:10 -06:00
parent ef480e1acd
commit 484b5a49ce
3 changed files with 58 additions and 6 deletions
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/components.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/components.ex
@@ -41,6 +41,7 @@ defmodule Web.Settings.IdentityProviders.Components do
  def status(
        %{
          provider: %{
+            adapter: :google_workspace,
            disabled_at: disabled_at,
            adapter_state: %{"status" => "pending_access_token"}
          }
@@ -72,6 +73,41 @@ defmodule Web.Settings.IdentityProviders.Components do
    """
  end

+  def status(
+        %{
+          provider: %{
+            adapter: :openid_connect,
+            disabled_at: disabled_at,
+            adapter_state: %{"status" => "pending_access_token"}
+          }
+        } = assigns
+      )
+      when not is_nil(disabled_at) do
+    ~H"""
+    <div class="flex items-center">
+      <span class="w-3 h-3 bg-red-500 rounded-full"></span>
+      <span class="ml-3">
+        Provisioning
+        <span :if={@provider.adapter_state["status"]}>
+          <.link navigate={
+            ~p"/#{@provider.account_id}/settings/identity_providers/openid_connect/#{@provider}/redirect"
+          }>
+            <button class={~w[
+          text-white bg-primary-600 rounded
+          font-medium text-sm
+          px-2 py-1 text-center
+          hover:bg-primary-700
+          focus:ring-4 focus:outline-none focus:ring-primary-300
+          dark:bg-primary-600 dark:hover:bg-primary-700 dark:focus:ring-primary-800
+          active:text-white/80
+        ]}>connect IdP</button>
+          </.link>
+        </span>
+      </span>
+    </div>
+    """
+  end
+
  def status(%{provider: %{disabled_at: disabled_at}} = assigns) when not is_nil(disabled_at) do
    ~H"""
    <div class="flex items-center">
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/components.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/components.ex
@@ -7,9 +7,9 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Components do
      <.form for={@form} phx-change={:change} phx-submit={:submit}>
        <div class="mb-4">
          <h2 class="mb-4 text-xl font-bold text-gray-900 dark:text-white">
-            Step 1. Create OAuth app
+            Step 1. Create OAuth app in your identity provider
          </h2>
-          Please make sure that following scopes are added to the OAuth application has following access scopes: <.code_block
+          Please make sure that following scopes are added to the OAuth application: <.code_block
            :for={scope <- [:openid, :email, :profile]}
            id={"scope-#{scope}"}
            class="w-full mb-4 whitespace-nowrap rounded"
@@ -20,7 +20,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Components do
                sign_in: url(~p"/#{@account.id}/sign_in/providers/#{@id}/handle_callback"),
                connect:
                  url(
-                    ~p"/#{@account.id}/settings/identity_providers/google_workspace/#{@id}/handle_callback"
+                    ~p"/#{@account.id}/settings/identity_providers/openid_connect/#{@id}/handle_callback"
                  )
              ]
            }
@@ -83,7 +83,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Components do
                  label="Client ID"
                  autocomplete="off"
                  field={adapter_config_form[:client_id]}
-                  placeholder="Client ID from your IDP"
+                  placeholder="Client ID from your IdP"
                  required
                />
              </div>
@@ -93,7 +93,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Components do
                  label="Client secret"
                  autocomplete="off"
                  field={adapter_config_form[:client_secret]}
-                  placeholder="Client Secret from your IDP"
+                  placeholder="Client Secret from your IdP"
                  required
                />
              </div>
@@ -102,7 +102,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Components do
                <.input
                  label="Discovery URL"
                  field={adapter_config_form[:discovery_document_uri]}
-                  placeholder=".well-known URL for your IDP"
+                  placeholder=".well-known URL for your IdP"
                  required
                />
              </div>
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/connect.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/connect.ex
@@ -86,4 +86,20 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Connect do
        |> redirect(to: ~p"/#{account}/settings/identity_providers/openid_connect/#{provider_id}")
    end
  end
+
+  def handle_idp_callback(conn, %{
+        "provider_id" => provider_id,
+        "state" => state,
+        "error" => error,
+        "error_description" => error_description
+      }) do
+    account = conn.assigns.account
+
+    with {:ok, _code_verifier, conn} <-
+           Web.AuthController.verify_state_and_fetch_verifier(conn, provider_id, state) do
+      conn
+      |> put_flash(:error, "Your IdP returned an error (" <> error <> "): " <> error_description)
+      |> redirect(to: ~p"/#{account}/settings/identity_providers/openid_connect/#{provider_id}")
+    end
+  end
 end