Merge branch 'master' into scopes

# Conflicts: # pkg/op/authrequest.go # pkg/op/authrequest_test.go
2020-09-07 09:39:28 +02:00 · 2020-09-07 09:39:28 +02:00 · 007a68d861
commit 007a68d861
parent 63fda45cfd 2794ff12d5
20 changed files with 298 additions and 209 deletions
--- a/pkg/op/default_op.go
+++ b/pkg/op/default_op.go
@ -27,6 +27,8 @@ const (
 	AuthMethodBasic AuthMethod = "client_secret_basic"
 	AuthMethodPost             = "client_secret_post"
 	AuthMethodNone             = "none"
+
+	CodeMethodS256 = "S256"
 )

 var (
@ -41,24 +43,25 @@ var (
 )

 type DefaultOP struct {
-	config      *Config
-	endpoints   *endpoints
-	storage     Storage
-	signer      Signer
-	verifier    rp.Verifier
-	crypto      Crypto
-	http        http.Handler
-	decoder     *schema.Decoder
-	encoder     *schema.Encoder
-	interceptor HttpInterceptor
-	retry       func(int) (bool, int)
-	timer       <-chan time.Time
+	config       *Config
+	endpoints    *endpoints
+	storage      Storage
+	signer       Signer
+	verifier     rp.Verifier
+	crypto       Crypto
+	http         http.Handler
+	decoder      *schema.Decoder
+	encoder      *schema.Encoder
+	interceptors []HttpInterceptor
+	retry        func(int) (bool, int)
+	timer        <-chan time.Time
 }

 type Config struct {
 	Issuer                   string
 	CryptoKey                [32]byte
 	DefaultLogoutRedirectURI string
+	CodeMethodS256           bool
 	// ScopesSupported:                   oidc.SupportedScopes,
 	// ResponseTypesSupported:            responseTypes,
 	// GrantTypesSupported:               oidc.SupportedGrantTypes,
@ -130,9 +133,9 @@ func WithCustomKeysEndpoint(endpoint Endpoint) DefaultOPOpts {
 	}
 }

-func WithHttpInterceptor(h HttpInterceptor) DefaultOPOpts {
+func WithHttpInterceptors(interceptors ...HttpInterceptor) DefaultOPOpts {
 	return func(o *DefaultOP) error {
-		o.interceptor = h
+		o.interceptors = append(o.interceptors, interceptors...)
 		return nil
 	}
 }
@ -183,7 +186,7 @@ func NewDefaultOP(ctx context.Context, config *Config, storage Storage, opOpts .

 	p.verifier = rp.NewDefaultVerifier(config.Issuer, "", p, rp.WithIgnoreAudience(), rp.WithIgnoreExpiration())

-	p.http = CreateRouter(p, p.interceptor)
+	p.http = CreateRouter(p, p.interceptors...)

 	p.decoder = schema.NewDecoder()
 	p.decoder.IgnoreUnknownKeys(true)
@ -223,6 +226,10 @@ func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }

+func (p *DefaultOP) CodeMethodS256Supported() bool {
+	return p.config.CodeMethodS256
+}
+
 func (p *DefaultOP) HttpHandler() http.Handler {
 	return p.http
 }