cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: adjustments to comments for things found while implementing Storage

Browse source
This commit is contained in:
David Sharnoff 2022-09-29 22:18:08 -07:00 committed by GitHub
parent 98851d4ca6
commit 0d721d937e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/client/rp/relying_party.go
View file

@ -248,6 +248,8 @@ func WithClientKey(path string) Option {
} }
// WithJWTProfile creates a signer used for the JWT Profile Client Authentication on the token endpoint // WithJWTProfile creates a signer used for the JWT Profile Client Authentication on the token endpoint
// When creating the signer, be sure to include the KeyID in the SigningKey.
// See client.NewSignerFromPrivateKeyByte for an example.
func WithJWTProfile(signerFromKey SignerFromKey) Option { func WithJWTProfile(signerFromKey SignerFromKey) Option {
return func(rp *relyingParty) error { return func(rp *relyingParty) error {
signer, err := signerFromKey() signer, err := signerFromKey()

2
pkg/oidc/token_request.go
View file

@ -70,6 +70,8 @@ func (a *AccessTokenRequest) SetClientSecret(clientSecret string) {
a.ClientSecret = clientSecret a.ClientSecret = clientSecret
} }
// RefreshTokenRequest is not useful for making refresh requests because the
// grant_type is not included explicitly but rather implied.
type RefreshTokenRequest struct { type RefreshTokenRequest struct {
RefreshToken string `schema:"refresh_token"` RefreshToken string `schema:"refresh_token"`
Scopes SpaceDelimitedArray `schema:"scope"` Scopes SpaceDelimitedArray `schema:"scope"`

3
pkg/op/op.go
View file

@ -133,7 +133,8 @@ type endpoints struct {
//This does not include login. Login is handled with a redirect that includes the //This does not include login. Login is handled with a redirect that includes the
//request ID. The redirect for logins is specified per-client by Client.LoginURL(). //request ID. The redirect for logins is specified per-client by Client.LoginURL().
//Successful logins should mark the request as authorized and redirect back to to //Successful logins should mark the request as authorized and redirect back to to
//op.AuthCallbackURL(provider) which is probably /callback. //op.AuthCallbackURL(provider) which is probably /callback. On the redirect back
// to the AuthCallbackURL, the request id should be passed as the "id" parameter.
func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opOpts ...Option) (OpenIDProvider, error) { func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opOpts ...Option) (OpenIDProvider, error) {
err := ValidateIssuer(config.Issuer) err := ValidateIssuer(config.Issuer)
if err != nil { if err != nil {

5
pkg/op/storage.go
View file

@ -56,7 +56,10 @@ type OPStorage interface {
SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, tokenID, subject, origin string) error SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, tokenID, subject, origin string) error
SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error
GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]interface{}, error) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]interface{}, error)
GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error)
// GetKeyByIDAndUserID is mis-named. It does not pass userID. Instead
// it passes the clientID.
GetKeyByIDAndUserID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error)
ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)
} }