fix: oidc should throw more specific error when cookie is not set

klarna-incubator · Sep 29, 2023 · 3415160 · 3415160
1 parent 174ab4f
commit 3415160
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/plugins/oidc/src/index.ts b/plugins/oidc/src/index.ts
@@ -81,11 +81,11 @@ export class OIDCIdentityProvider implements IdentityProvider {
       response_types: ["code"],
     });
 
-    const key = await this.sessionSecret.getValue();
-    if (!key) {
+    const cryptoKey = await this.sessionSecret.getValue();
+    if (!cryptoKey) {
       throw new Error("No session secret configured for OIDC Auth Provider");
     }
-    this.sessionCryptoKey = key;
+    this.sessionCryptoKey = cryptoKey;
   }
 
   /**
@@ -147,6 +147,10 @@ export class OIDCIdentityProvider implements IdentityProvider {
       throw new Error("Request is undefined or null");
     }
 
+    if (!ctx.currentRequest.cookies["oidc-code"]) {
+      throw new Error("oidc-code cookie is not set");
+    }
+
     const [ct, iv, authTag] =
       ctx.currentRequest.cookies["oidc-code"].split(".");
     // TODO: make oidc security parameters configurable, since different providers want different things.