diff --git a/src/oidcclients.js b/src/oidcclients.js index 0b06ff067..8d99db11f 100644 --- a/src/oidcclients.js +++ b/src/oidcclients.js @@ -68,11 +68,20 @@ async function get(id) { return { id: ID_DEVELOPMENT, secret: 'notused', - application_type: 'native', // have to use native here to support plaintext http, this however makes it impossible to skip consent screen + application_type: 'native', // have to use native here to support plaintext http on localhost response_types: ['code', 'code token'], grant_types: ['authorization_code', 'implicit'], loginRedirectUri: 'http://localhost:4000/authcallback.html' }; + } else if (id === ID_CLI) { + return { + id: ID_CLI, + secret: 'notused', + application_type: 'native', // have to use native here to support plaintext http on localhost + response_types: ['code'], + grant_types: ['authorization_code'], + loginRedirectUri: 'http://localhost:1312/callback' + }; } const result = await database.query(`SELECT ${OIDC_CLIENTS_FIELDS} FROM ${OIDC_CLIENTS_TABLE_NAME} WHERE id = ?`, [ id ]); diff --git a/src/oidcserver.js b/src/oidcserver.js index eef14e18f..137048c42 100644 --- a/src/oidcserver.js +++ b/src/oidcserver.js @@ -92,7 +92,7 @@ class StorageAdapter { const expiresAt = expiresIn ? new Date(Date.now() + (expiresIn * 1000)) : 0; // only AccessToken of webadmin are stored in the db. Dashboard uses REST API and the token middleware looks up tokens in db - if (this.name === 'AccessToken' && (payload.clientId === oidcClients.ID_WEBADMIN || payload.clientId === oidcClients.ID_DEVELOPMENT)) { + if (this.name === 'AccessToken' && (payload.clientId === oidcClients.ID_WEBADMIN || payload.clientId === oidcClients.ID_DEVELOPMENT || payload.clientId === oidcClients.ID_CLI)) { const expires = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS; // oidc uses the username as accountId but accesstoken identifiers are userIds