add validate callback loading state and encryption

2026-01-28 22:00:51 +00:00 · 2025-04-14 20:56:45 -04:00
parent 53be2739bb
commit aa3b527f67
11 changed files with 155 additions and 22 deletions
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -28,6 +28,7 @@ import {
    generateSessionToken,
    serializeSessionCookie
 } from "@server/auth/sessions/app";
+import { decrypt } from "@server/lib/crypto";

 const paramsSchema = z
    .object({
@@ -90,10 +91,21 @@ export async function validateOidcCallback(
            );
        }

+        const key = config.getRawConfig().server.secret;
+
+        const decryptedClientId = decrypt(
+            existingIdp.idpOidcConfig.clientId,
+            key
+        );
+        const decryptedClientSecret = decrypt(
+            existingIdp.idpOidcConfig.clientSecret,
+            key
+        );
+
        const redirectUrl = generateOidcRedirectUrl(existingIdp.idp.idpId);
        const client = new arctic.OAuth2Client(
-            existingIdp.idpOidcConfig.clientId,
-            existingIdp.idpOidcConfig.clientSecret,
+            decryptedClientId,
+            decryptedClientSecret,
            redirectUrl
        );