feat(op): Server interface (#447)

* first draft of a new server interface * allow any response type * complete interface docs * refelct the format from the proposal * intermediate commit with some methods implemented * implement remaining token grant type methods * implement remaining server methods * error handling * rewrite auth request validation * define handlers, routes * input validation and concrete handlers * check if client credential client is authenticated * copy and modify the routes test for the legacy server * run integration tests against both Server and Provider * remove unuse ValidateAuthRequestV2 function * unit tests for error handling * cleanup tokenHandler * move server routest test * unit test authorize * handle client credentials in VerifyClient * change code exchange route test * finish http unit tests * review server interface docs and spelling * add withClient unit test * server options * cleanup unused GrantType method * resolve typo comments * make endpoints pointers to enable/disable them * jwt profile base work * jwt: correct the test expect --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-28 17:30:08 +03:00 · 2023-09-28 17:30:08 +03:00 · 0f8a0585bf
commit 0f8a0585bf
parent daf82a5e04
28 changed files with 3654 additions and 126 deletions
--- a/example/server/exampleop/op.go
+++ b/example/server/exampleop/op.go
@ -40,7 +40,7 @@ var counter atomic.Int64
 // SetupServer creates an OIDC server with Issuer=http://localhost:<port>
 //
 // Use one of the pre-made clients in storage/clients.go or register a new one.
-func SetupServer(issuer string, storage Storage, logger *slog.Logger) chi.Router {
+func SetupServer(issuer string, storage Storage, logger *slog.Logger, wrapServer bool) chi.Router {
 	// the OpenID Provider requires a 32-byte key for (token) encryption
 	// be sure to create a proper crypto random key and manage it securely!
 	key := sha256.Sum256([]byte("test"))
@ -77,12 +77,17 @@ func SetupServer(issuer string, storage Storage, logger *slog.Logger) chi.Router
 		registerDeviceAuth(storage, r)
 	})

+	handler := http.Handler(provider)
+	if wrapServer {
+		handler = op.NewLegacyServer(provider, *op.DefaultEndpoints)
+	}
+
 	// we register the http handler of the OP on the root, so that the discovery endpoint (/.well-known/openid-configuration)
 	// is served on the correct path
 	//
 	// if your issuer ends with a path (e.g. http://localhost:9998/custom/path/),
 	// then you would have to set the path prefix (/custom/path/)
-	router.Mount("/", provider)
+	router.Mount("/", handler)

 	return router
 }
--- a/example/server/main.go
+++ b/example/server/main.go
@ -27,7 +27,7 @@ func main() {
 			Level:     slog.LevelDebug,
 		}),
 	)
-	router := exampleop.SetupServer(issuer, storage, logger)
+	router := exampleop.SetupServer(issuer, storage, logger, false)

 	server := &http.Server{
 		Addr:    ":" + port,
--- a/example/server/storage/client.go
+++ b/example/server/storage/client.go
@ -185,7 +185,7 @@ func WebClient(id, secret string, redirectURIs ...string) *Client {
 		authMethod:                     oidc.AuthMethodBasic,
 		loginURL:                       defaultLoginURL,
 		responseTypes:                  []oidc.ResponseType{oidc.ResponseTypeCode},
-		grantTypes:                     []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeRefreshToken},
+		grantTypes:                     oidc.AllGrantTypes,
 		accessTokenType:                op.AccessTokenTypeBearer,
 		devMode:                        false,
 		idTokenUserinfoClaimsAssertion: false,