cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix client assertions for Okta

Browse source
This commit is contained in:
David Sharnoff 2024-08-15 09:36:16 -07:00
parent b6f3b1e65b
commit 05431e2155
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/client/rp/relying_party.go
View file

@ -541,7 +541,7 @@ func CodeExchangeHandler[C oidc.IDClaims](callback CodeExchangeCallback[C], rp R
rp.CookieHandler().DeleteCookie(w, pkceCode) rp.CookieHandler().DeleteCookie(w, pkceCode)
} }
if rp.Signer() != nil { if rp.Signer() != nil {
assertion, err := client.SignedJWTProfileAssertion(rp.OAuthConfig().ClientID, []string{rp.Issuer()}, time.Hour, rp.Signer()) assertion, err := client.SignedJWTProfileAssertion(rp.OAuthConfig().ClientID, []string{rp.Issuer(), rp.OAuthConfig().Endpoint.TokenURL}, time.Hour, rp.Signer())
if err != nil { if err != nil {
unauthorizedError(w, r, "failed to build assertion: "+err.Error(), state, rp) unauthorizedError(w, r, "failed to build assertion: "+err.Error(), state, rp)
return return

4
pkg/oidc/token_request.go
View file

@ -74,8 +74,8 @@ type AccessTokenRequest struct {
ClientID string `schema:"client_id"` ClientID string `schema:"client_id"`
ClientSecret string `schema:"client_secret"` ClientSecret string `schema:"client_secret"`
CodeVerifier string `schema:"code_verifier"` CodeVerifier string `schema:"code_verifier"`
ClientAssertion string `schema:"client_assertion"` ClientAssertion string `schema:"client_assertion,omitempty"`
ClientAssertionType string `schema:"client_assertion_type"` ClientAssertionType string `schema:"client_assertion_type,omitempty"`
} }
func (a *AccessTokenRequest) GrantType() GrantType { func (a *AccessTokenRequest) GrantType() GrantType {