cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(op): add opentelemetry to token endpoint (#436)

Browse source 
* feat(op): add opentelemetry to token endpoint

* drop go 1.18, add 1.21, do not fail fast
This commit is contained in:
Tim Möhlmann 2023-09-01 11:53:14 +03:00 committed by GitHub
parent 5ade1cd9de
commit 1683b319ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 113 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/op/token_code.go
View file

@ -11,6 +11,10 @@ import (
// CodeExchange handles the OAuth 2.0 authorization_code grant, including
// parsing, validating, authorizing the client and finally exchanging the code for tokens
func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
ctx, span := tracer.Start(r.Context(), "CodeExchange")
defer span.End()
r = r.WithContext(ctx)
tokenReq, err := ParseAccessTokenRequest(r, exchanger.Decoder())
if err != nil {
RequestError(w, r, err)
@ -45,6 +49,9 @@ func ParseAccessTokenRequest(r *http.Request, decoder httphelper.Decoder) (*oidc
// ValidateAccessTokenRequest validates the token request parameters including authorization check of the client
// and returns the previous created auth request corresponding to the auth code
func ValidateAccessTokenRequest(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, Client, error) {
ctx, span := tracer.Start(ctx, "ValidateAccessTokenRequest")
defer span.End()
authReq, client, err := AuthorizeCodeClient(ctx, tokenReq, exchanger)
if err != nil {
return nil, nil, err
@ -64,6 +71,9 @@ func ValidateAccessTokenRequest(ctx context.Context, tokenReq *oidc.AccessTokenR
// AuthorizeCodeClient checks the authorization of the client and that the used method was the one previously registered.
// It than returns the auth request corresponding to the auth code
func AuthorizeCodeClient(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (request AuthRequest, client Client, err error) {
ctx, span := tracer.Start(ctx, "AuthorizeCodeClient")
defer span.End()
if tokenReq.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {
jwtExchanger, ok := exchanger.(JWTAuthorizationGrantExchanger)
if !ok || !exchanger.AuthMethodPrivateKeyJWTSupported() {
@ -104,6 +114,9 @@ func AuthorizeCodeClient(ctx context.Context, tokenReq *oidc.AccessTokenRequest,
// AuthRequestByCode returns the AuthRequest previously created from Storage corresponding to the auth code or an error
func AuthRequestByCode(ctx context.Context, storage Storage, code string) (AuthRequest, error) {
ctx, span := tracer.Start(ctx, "AuthRequestByCode")
defer span.End()
authReq, err := storage.AuthRequestByCode(ctx, code)
if err != nil {
return nil, oidc.ErrInvalidGrant().WithDescription("invalid code").WithParent(err)