Skip to content

fix: transient_payload lost in API flow with session token exchange code (PS-482) #4112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
splaunov wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix: transient_payload lost in API flow with session token exchange code (PS-482) #4112

splaunov wants to merge 3 commits into from
+430 −167

Conversation

@splaunov
Copy link
Contributor

@splaunov splaunov commented Sep 19, 2024

When starting oidc api flow with session token exchange code, transient_payload data is lost.
This PR fixes this issue.

Related issue(s)

Checklist

  • [x ] I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • [x ] I am following the
    contributing code guidelines.
  • [x ] I have read the security policy.
  • [x ] I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • [x ] I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments
aeneasr
aeneasr reviewed Sep 19, 2024
View reviewed changes
selfservice/flow/transient_payload.go
}
raw := gjson.GetBytes(flow.GetInternalContext(), internalContextTransientPayloadPath)
if !raw.IsObject() {
return nil, nil
Copy link
Member

@aeneasr aeneasr Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error is always nil, remove it?
selfservice/strategy/oidc/strategy_registration.go
if err := flow.SetTransientPayloadIntoInternalContext(f, sqlxx.JSONRawMessage(p.TransientPayload)); err != nil {
return s.handleError(w, r, f, pid, nil, err)
}
if err := s.d.RegistrationFlowPersister().UpdateRegistrationFlow(ctx, f); err != nil {
Copy link
Member

@aeneasr aeneasr Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this database write really needed?
aeneasr and others added 3 commits October 28, 2024 10:01
@aeneasr
feat: support android webauthn origins
b11d76e 
This patch adds the ability to verify Android APK origins used during WebAuthn/Passkey exchange.

Upgrades go-webauthn and includes fixes for Go 1.23 and workarounds for Swagger.
@aeneasr
autogen: pin v1.3.1 release commit
36e624c
@github-actions @maoanran
Squashed commit of the following:
91327fe 
commit e4779e1
Author: splaunov <splaunov@gmail.com>
Date:   Tue Sep 17 13:49:38 2024 +0300

    fix: transient_payload lost in API flow with session token exchange code (PS-482)
@maoanran maoanran force-pushed the feature/fix-ps-482 branch from e4779e1 to 91327fe Compare March 14, 2025 14:53
@maoanran maoanran requested a review from a team as a code owner March 14, 2025 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@splaunov @aeneasr