Skip to content

Commit

Permalink
Bogus access_token from Entra can cause PKCE redirect loop in ZBR
Browse files Browse the repository at this point in the history
  • Loading branch information
@rentallect
rentallect committed Jan 10, 2025
1 parent 106ea66 commit 4964ebd
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 8 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@
]
},
"dependencies": {
"@openziti/ziti-browzer-core": "^0.51.1",
"@openziti/ziti-browzer-core": "^0.51.2",
"async-mutex": "^0.5.0",
"cheerio": "^1.0.0-rc.12",
"jwt-decode": "^3.1.2",
Expand Down
9 changes: 6 additions & 3 deletions src/ZitiFirstStrategy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -512,7 +512,8 @@ class ZitiFirstStrategy extends CacheFirst /* NetworkFirst */ {

self._initialized = true;

self.logger.trace(`_initialize: complete`);
self.logger.trace(`_initialize: ZitiContext '${self._uuid}' initialize complete`);

}

return resolve(null);
Expand Down Expand Up @@ -1391,7 +1392,7 @@ class ZitiFirstStrategy extends CacheFirst /* NetworkFirst */ {

try {

this.logger.debug(`doing Ziti fetch for: `, request.url);
this.logger.debug(`doing Ziti fetch for: ${request.url}`);

/**
* Instantiate a fresh HTTP Request object that we will push through the ziti-browzer-core which will:
Expand All @@ -1413,7 +1414,9 @@ class ZitiFirstStrategy extends CacheFirst /* NetworkFirst */ {
newHeaders.append( 'referer', request.referrer );
}

newHeaders.append( 'Remote-User', await this._zitiContext.getAccessTokenEmail() );
try {
newHeaders.append( 'Remote-User', await this._zitiContext.getAccessTokenEmail() );
} catch (e) {}

// Propagate any Cookie values we have accumulated
let cookieHeaderValue = '';
Expand Down
8 changes: 4 additions & 4 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -974,10 +974,10 @@
"@types/emscripten" "^1.39.6"
"@wasmer/wasi" "^1.0.2"

"@openziti/ziti-browzer-core@^0.51.1":
version "0.51.1"
resolved "https://registry.yarnpkg.com/@openziti/ziti-browzer-core/-/ziti-browzer-core-0.51.1.tgz#e48ecb306bc508510542ee93c0750db9ad6d402d"
integrity sha512-jf4W+2OKc9NAnqB/iuK+Oh4mZihbWXxLosCc4wK1Ns4CkeLdNK1AjCbk2qx+NpCcmVwZDJk9R+jeJGn70ux9EQ==
"@openziti/ziti-browzer-core@^0.51.2":
version "0.51.2"
resolved "https://registry.yarnpkg.com/@openziti/ziti-browzer-core/-/ziti-browzer-core-0.51.2.tgz#cdff48c4700636c4e85ceb6794ad93318cbf28da"
integrity sha512-pKApSloMsvOIaN09NjLJp7pTciRT8Tn1crBNkF5S09Hx+jLj7StirXB67K7SS7xtgLDy22cCqiOTqoHJvyEYgA==
dependencies:
"@openziti/libcrypto-js" "^0.24.0"
"@openziti/ziti-browzer-edge-client" "^0.7.0"
Expand Down

0 comments on commit 4964ebd

Please sign in to comment.