feat: token introspection (#83)

* introspect * introspect and client assertion * introspect and client assertion * scopes * token introspection * introspect * refactoring * fixes * clenaup * Update example/internal/mock/storage.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * clenaup Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2021-02-15 13:43:50 +01:00 · 2021-02-15 13:43:50 +01:00 · 1518c843de
commit 1518c843de
parent fa92a20615
46 changed files with 1672 additions and 570 deletions
--- a/example/internal/mock/storage.go
+++ b/example/internal/mock/storage.go
@ -184,22 +184,22 @@ func (s *AuthStorage) GetClientByClientID(_ context.Context, id string) (op.Clie
 		return nil, errors.New("not found")
 	}
 	var appType op.ApplicationType
-	var authMethod op.AuthMethod
+	var authMethod oidc.AuthMethod
 	var accessTokenType op.AccessTokenType
 	var responseTypes []oidc.ResponseType
 	if id == "web" {
 		appType = op.ApplicationTypeWeb
-		authMethod = op.AuthMethodBasic
+		authMethod = oidc.AuthMethodBasic
 		accessTokenType = op.AccessTokenTypeBearer
 		responseTypes = []oidc.ResponseType{oidc.ResponseTypeCode}
 	} else if id == "native" {
 		appType = op.ApplicationTypeNative
-		authMethod = op.AuthMethodNone
+		authMethod = oidc.AuthMethodNone
 		accessTokenType = op.AccessTokenTypeBearer
 		responseTypes = []oidc.ResponseType{oidc.ResponseTypeCode}
 	} else {
 		appType = op.ApplicationTypeUserAgent
-		authMethod = op.AuthMethodNone
+		authMethod = oidc.AuthMethodNone
 		accessTokenType = op.AccessTokenTypeJWT
 		responseTypes = []oidc.ResponseType{oidc.ResponseTypeIDToken, oidc.ResponseTypeIDTokenOnly}
 	}
@ -210,26 +210,37 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st
 	return nil
 }

-func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _, _ string) (oidc.UserInfo, error) {
-	return s.GetUserinfoFromScopes(ctx, "", "", []string{})
+func (s *AuthStorage) SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, _, _, _ string) error {
+	return s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{})
 }
-func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _, _ string, _ []string) (oidc.UserInfo, error) {
-	userinfo := oidc.NewUserInfo()
+func (s *AuthStorage) SetUserinfoFromScopes(ctx context.Context, userinfo oidc.UserInfoSetter, _, _ string, _ []string) error {
 	userinfo.SetSubject(a.GetSubject())
 	userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", ""))
 	userinfo.SetEmail("test", true)
 	userinfo.SetPhone("0791234567", true)
 	userinfo.SetName("Test")
 	userinfo.AppendClaims("private_claim", "test")
-	return userinfo, nil
+	return nil
 }
 func (s *AuthStorage) GetPrivateClaimsFromScopes(_ context.Context, _, _ string, _ []string) (map[string]interface{}, error) {
 	return map[string]interface{}{"private_claim": "test"}, nil
 }

+func (s *AuthStorage) SetIntrospectionFromToken(ctx context.Context, introspect oidc.IntrospectionResponse, tokenID, subject, clientID string) error {
+	if err := s.SetUserinfoFromScopes(ctx, introspect, "", "", []string{}); err != nil {
+		return err
+	}
+	introspect.SetClientID(a.ClientID)
+	return nil
+}
+
+func (s *AuthStorage) ValidateJWTProfileScopes(ctx context.Context, userID string, scope oidc.Scopes) (oidc.Scopes, error) {
+	return scope, nil
+}
+
 type ConfClient struct {
 	applicationType op.ApplicationType
-	authMethod      op.AuthMethod
+	authMethod      oidc.AuthMethod
 	responseTypes   []oidc.ResponseType
 	ID              string
 	accessTokenType op.AccessTokenType
@ -262,7 +273,7 @@ func (c *ConfClient) ApplicationType() op.ApplicationType {
 	return c.applicationType
 }

-func (c *ConfClient) AuthMethod() op.AuthMethod {
+func (c *ConfClient) AuthMethod() oidc.AuthMethod {
 	return c.authMethod
 }