Validate OIDC Session State

This commit is contained in:
Joel Speed 2018-06-21 11:31:21 +01:00
parent 1b638f32ac
commit cac2c9728d
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB

View File

@ -128,3 +128,14 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
Email: claims.Email, Email: claims.Email,
}, nil }, nil
} }
// ValidateSessionState checks that the session's IDToken is still valid
func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool {
ctx := context.Background()
_, err := p.Verifier.Verify(ctx, s.IDToken)
if err != nil {
return false
}
return true
}