cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

token introspection

Browse source
This commit is contained in:
Livio Amstutz 2021-02-03 10:42:01 +01:00
parent 4b426c899a
commit 345fc7e837
4 changed files with 28 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

23
pkg/op/token_intospection.go
View file

@ -3,6 +3,7 @@ package op
import (
"errors"
"net/http"
"strings"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/utils"
@ -22,20 +23,24 @@ func introspectionHandler(introspector Introspector) func(http.ResponseWriter, *
}
func Introspect(w http.ResponseWriter, r *http.Request, introspector Introspector) {
//validate authorization
callerToken := r.Header.Get("authorization")
response := oidc.NewIntrospectionResponse()
token, err := ParseTokenInrospectionRequest(r, introspector.Decoder())
if err != nil {
utils.MarshalJSON(w, response)
return
}
tokenID, subject, ok := getTokenIDAndSubject(r.Context(), introspector, token)
callerToken, callerSubject, ok := getTokenIDAndSubject(r.Context(), introspector, strings.TrimPrefix(callerToken, oidc.PrefixBearer))
if !ok {
utils.MarshalJSON(w, response)
return
}
err = introspector.Storage().SetUserinfoFromToken(r.Context(), response, tokenID, subject, r.Header.Get("origin"))
introspectionToken, err := ParseTokenInrospectionRequest(r, introspector.Decoder())
if err != nil {
utils.MarshalJSON(w, response)
return
}
tokenID, subject, ok := getTokenIDAndSubject(r.Context(), introspector, introspectionToken)
if !ok {
utils.MarshalJSON(w, response)
return
}
err = introspector.Storage().SetIntrospectionFromToken(r.Context(), response, tokenID, subject, callerToken, callerSubject)
if err != nil {
utils.MarshalJSON(w, response)
return