Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-05-31 12:15:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): validate oauth profile has a sub (#15967)

Browse Source
This commit is contained in:
Jason Rasmussen 2025-02-08 17:01:28 -05:00 committed by GitHub
parent fb21950ad8
commit 758bcd1e97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/repositories/oauth.repository.ts
View File

@ -43,7 +43,12 @@ export class OAuthRepository {
const params = client.callbackParams(url); const params = client.callbackParams(url);
try { try {
const tokens = await client.callback(redirectUrl, params, { state: params.state }); const tokens = await client.callback(redirectUrl, params, { state: params.state });
return await client.userinfo<OAuthProfile>(tokens.access_token || ''); const profile = await client.userinfo<OAuthProfile>(tokens.access_token || '');
if (!profile.sub) {
throw new Error('Unexpected profile response, no `sub`');
}
return profile;
} catch (error: Error | any) { } catch (error: Error | any) {
if (error.message.includes('unexpected JWT alg received')) { if (error.message.includes('unexpected JWT alg received')) {
this.logger.warn( this.logger.warn(