AstralTransRocketries/HMCL
1
0
Fork 0
mirror of https://github.com/HMCL-dev/HMCL.git synced 2025-09-13 05:46:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(microsoft): should not pass client secret when refreshing token. Closes #1164.

Browse Source
This commit is contained in:
huanghongxun 2021-11-06 22:32:00 +08:00
parent e8f8617412
commit 5b9be471e3
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HMCL/src/main/java/org/jackhuang/hmcl/game/OAuthServer.java
View File

@ -169,6 +169,10 @@ public final class OAuthServer extends NanoHTTPD implements OAuth.Session {
JarUtils.thisJar().flatMap(JarUtils::getManifest).map(manifest -> manifest.getMainAttributes().getValue("Microsoft-Auth-Secret")).orElse("")); JarUtils.thisJar().flatMap(JarUtils::getManifest).map(manifest -> manifest.getMainAttributes().getValue("Microsoft-Auth-Secret")).orElse(""));
} }
@Override
public boolean isPublicClient() {
return true; // We have turned on the device auth flow.
}
} }
public static class GrantDeviceCodeEvent extends Event { public static class GrantDeviceCodeEvent extends Event {

17
HMCLCore/src/main/java/org/jackhuang/hmcl/auth/OAuth.java
View File

@ -24,6 +24,7 @@ import org.jackhuang.hmcl.util.io.HttpRequest;
import org.jackhuang.hmcl.util.io.NetworkUtils; import org.jackhuang.hmcl.util.io.NetworkUtils;
import java.io.IOException; import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
@ -144,11 +145,17 @@ public class OAuth {
public Result refresh(String refreshToken, Options options) throws AuthenticationException { public Result refresh(String refreshToken, Options options) throws AuthenticationException {
try { try {
RefreshResponse response = HttpRequest.POST(accessTokenURL) Map<String, String> query = mapOf(pair("client_id", options.callback.getClientId()),
.form(pair("client_id", options.callback.getClientId()),
pair("client_secret", options.callback.getClientSecret()),
pair("refresh_token", refreshToken), pair("refresh_token", refreshToken),
pair("grant_type", "refresh_token")) pair("grant_type", "refresh_token")
);
if (!options.callback.isPublicClient()) {
query.put("client_secret", options.callback.getClientSecret());
}
RefreshResponse response = HttpRequest.POST(tokenURL)
.form(query)
.accept("application/json") .accept("application/json")
.ignoreHttpCode() .ignoreHttpCode()
.getJson(RefreshResponse.class); .getJson(RefreshResponse.class);
@ -233,6 +240,8 @@ public class OAuth {
String getClientId(); String getClientId();
String getClientSecret(); String getClientSecret();
boolean isPublicClient();
} }
public enum GrantFlow { public enum GrantFlow {