From 147092311f26f0b2e56a78a53ac8f241c6b62ba9 Mon Sep 17 00:00:00 2001 From: Hiroyuki Wada Date: Sun, 14 Oct 2018 02:43:00 +0900 Subject: [PATCH] Fix redirect_uri because the use of localhost is NOT RECOMMENDED in RFC 8252. See https://tools.ietf.org/html/rfc8252#section-8.3 --- cmd/get_cred.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/get_cred.go b/cmd/get_cred.go index 649743f..c3eefec 100755 --- a/cmd/get_cred.go +++ b/cmd/get_cred.go @@ -80,6 +80,7 @@ func getCred(cmd *cobra.Command, args []string) { } Writeln("Login successful!") + Traceln("ID token: %s", tokenResponse.IDToken) awsFedType := client.config.GetString(AWS_FEDERATION_TYPE) @@ -232,15 +233,14 @@ func createSAMLResponse(client *OIDCClient, samlAssertion string) (string, error } func doLogin(client *OIDCClient) (*TokenResponse, error) { - listener, err := net.Listen("tcp", "localhost:") + listener, err := net.Listen("tcp", "127.0.0.1:") if err != nil { return nil, errors.Wrap(err, "Cannot start local http server to handle login redirect") } port := listener.Addr().(*net.TCPAddr).Port - // TODO: support PKCE clientId := client.config.GetString(CLIENT_ID) - redirect := fmt.Sprintf("http://localhost:%d", port) + redirect := fmt.Sprintf("http://127.0.0.1:%d", port) v, err := pkce.CreateCodeVerifierWithLength(pkce.MaxLength) if err != nil { return nil, errors.Wrap(err, "Cannot generate OAuth2 PKCE code_challenge") @@ -333,7 +333,7 @@ func launch(client *OIDCClient, url string, listener net.Listener) string { } func GetFreePort() (int, error) { - addr, err := net.ResolveTCPAddr("tcp", "localhost:0") + addr, err := net.ResolveTCPAddr("tcp", "127.0.0.1:0") if err != nil { return 0, err }