diff --git a/pkg/op/device.go b/pkg/op/device.go index 827c936..48108a0 100644 --- a/pkg/op/device.go +++ b/pkg/op/device.go @@ -77,7 +77,9 @@ func DeviceAuthorization(w http.ResponseWriter, r *http.Request, o OpenIDProvide RequestError(w, r, err) return } - err = storage.StoreDeviceAuthorization(r.Context(), req.ClientID, deviceCode, userCode, req.Scopes) + + expires := time.Now().Add(time.Duration(config.Lifetime) * time.Second) + err = storage.StoreDeviceAuthorization(r.Context(), req.ClientID, deviceCode, userCode, expires, req.Scopes) if err != nil { RequestError(w, r, err) return diff --git a/pkg/op/op.go b/pkg/op/op.go index 2256ca7..a618dc0 100644 --- a/pkg/op/op.go +++ b/pkg/op/op.go @@ -28,7 +28,7 @@ const ( defaultEndSessionEndpoint = "end_session" defaultKeysEndpoint = "keys" defaultDeviceAuthzEndpoint = "/device_authorization" - defaultUserCodeFormEndpoint = "/device" + defaultUserCodeFormEndpoint = "/submit_user_code" ) var ( @@ -124,6 +124,7 @@ type Config struct { GrantTypeRefreshToken bool RequestObjectSupported bool SupportedUILocales []language.Tag + DeviceAuthorization DeviceAuthorizationConfig } type endpoints struct { @@ -153,6 +154,7 @@ type endpoints struct { // /revoke // /end_session // /keys +// /device_authorization // // This does not include login. Login is handled with a redirect that includes the // request ID. The redirect for logins is specified per-client by Client.LoginURL(). @@ -292,7 +294,8 @@ func (o *Provider) GrantTypeJWTAuthorizationSupported() bool { } func (o *Provider) GrantTypeDeviceCodeSupported() bool { - return true + _, ok := o.storage.(DeviceAuthorizationStorage) + return ok } func (o *Provider) IntrospectionAuthMethodPrivateKeyJWTSupported() bool { @@ -329,7 +332,7 @@ func (o *Provider) SupportedUILocales() []language.Tag { } func (o *Provider) DeviceAuthorization() DeviceAuthorizationConfig { - return DeviceAuthorizationConfig{} + return o.config.DeviceAuthorization } func (o *Provider) Storage() Storage { diff --git a/pkg/op/storage.go b/pkg/op/storage.go index b0d31de..9054844 100644 --- a/pkg/op/storage.go +++ b/pkg/op/storage.go @@ -171,7 +171,7 @@ type DeviceAuthorizationStorage interface { // database, the change for collisions increases. Therefore implementers // of this interface must make sure that user codes of expired authentication flows are purged, // after some time. - StoreDeviceAuthorization(ctx context.Context, clientID, deviceCode, userCode string, scopes []string) error + StoreDeviceAuthorization(ctx context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) error // GetDeviceAuthorizatonState returns the current state of the device authorization flow in the database. // The method is polled untill the the authorization is eighter Completed, Expired or Denied.