Skip to content

Commit

Permalink
Improve authorization error (#137)
Browse files Browse the repository at this point in the history 
When using a custom allowed_redirect_uris for specific roles
we don't show a relationship between the role and the
redirect_uri when an authorization error occurred,
frustrating the user thinking that the problem is in
the role and not in the allowed_redirect_uris flag.
  • Loading branch information
@ramonberrutti @tvoran
ramonberrutti authored and tvoran committed Oct 29, 2020
1 parent 5aa3d0e commit 36d010f
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions cli.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,9 +168,10 @@ func fetchAuthURL(c *api.Client, role, mount, callbackport string, callbackMetho
return "", "", err
}

redirectURI := fmt.Sprintf("%s://%s:%s/oidc/callback", callbackMethod, callbackHost, callbackport)
data := map[string]interface{}{
"role": role,
"redirect_uri": fmt.Sprintf("%s://%s:%s/oidc/callback", callbackMethod, callbackHost, callbackport),
"redirect_uri": redirectURI,
"client_nonce": clientNonce,
}

Expand All @@ -184,7 +185,7 @@ func fetchAuthURL(c *api.Client, role, mount, callbackport string, callbackMetho
}

if authURL == "" {
return "", "", fmt.Errorf("Unable to authorize role %q. Check Vault logs for more information.", role)
return "", "", fmt.Errorf("Unable to authorize role %q with redirect_uri %q. Check Vault logs for more information.", role, redirectURI)
}

return authURL, clientNonce, nil
Expand Down

0 comments on commit 36d010f

Please sign in to comment.