Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

additional error detection on user_claim

Browse Source
isekai
Jonathan Daggerhart 6 years ago
parent 6917df262f
commit 0d4e4bd006
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File

11
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -376,7 +376,16 @@ class OpenID_Connect_Generic_Client {
if ( ! is_array( $user_claim ) ){ if ( ! is_array( $user_claim ) ){
return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim' ), $user_claim ); return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim' ), $user_claim );
} }
// allow for errors from the IDP
if ( isset( $user_claim['error'] ) ) {
$message = __( 'Error from the IDP' );
if ( !empty( $user_claim['error_description'] ) ) {
$message = $user_claim['error_description'];
}
return new WP_Error( 'invalid-user-claim-' . $user_claim['error'], $message, $user_claim );
}
// make sure the id_token sub === user_claim sub, according to spec // make sure the id_token sub === user_claim sub, according to spec
if ( $id_token_claim['sub' ] !== $user_claim['sub'] ) { if ( $id_token_claim['sub' ] !== $user_claim['sub'] ) {
return new WP_Error( 'incorrect-user-claim', __( 'Incorrect user claim' ), func_get_args() ); return new WP_Error( 'incorrect-user-claim', __( 'Incorrect user claim' ), func_get_args() );

Write Preview
Loading…
Cancel
Save