cleanup
This commit is contained in:
Livio Amstutz
parent
3782e49234
commit
3d276c59b4
4 changed files with 25 additions and 43 deletions
|
|
@ -19,26 +19,17 @@ type Authorizer interface {
|
|||
Encoder() *schema.Encoder
|
||||
Signer() Signer
|
||||
Issuer() string
|
||||
// ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
|
||||
}
|
||||
|
||||
// type Signer interface {
|
||||
// Sign(claims *oidc.IDTokenClaims) (string, error)
|
||||
// }
|
||||
|
||||
type ValidationAuthorizer interface {
|
||||
Authorizer
|
||||
ValidateAuthRequest(*oidc.AuthRequest, Storage) error
|
||||
}
|
||||
|
||||
// type errorHandler func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
|
||||
// type callbackHandler func(authReq *oidc.AuthRequest, client oidc.Client, w http.ResponseWriter, r *http.Request)
|
||||
|
||||
func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, nil, ErrInvalidRequest("cannot parse form"), authorizer.Encoder())
|
||||
// AuthRequestError(w, r, nil, )
|
||||
return
|
||||
}
|
||||
authReq := new(oidc.AuthRequest)
|
||||
|
|
@ -82,15 +73,13 @@ func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error {
|
|||
if err := ValidateAuthReqResponseType(authReq.ResponseType); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
// return errors.New("Unimplemented") //TODO: impl https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
|
||||
|
||||
// if NeedsExistingSession(authRequest) {
|
||||
// session, err := storage.CheckSession(authRequest)
|
||||
// if NeedsExistingSession(authReq) {
|
||||
// session, err := storage.CheckSession(authReq.IDTokenHint)
|
||||
// if err != nil {
|
||||
// //TODO: return err<
|
||||
// return err
|
||||
// }
|
||||
// }
|
||||
return nil
|
||||
}
|
||||
|
||||
func ValidateAuthReqScopes(scopes []string) error {
|
||||
|
|
@ -124,13 +113,13 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
|
|||
if client.ApplicationType() == ApplicationTypeNative {
|
||||
return nil
|
||||
}
|
||||
return ErrInvalidRequest("redirect_uri not allowed 2")
|
||||
return ErrInvalidRequest("redirect_uri not allowed")
|
||||
} else {
|
||||
if client.ApplicationType() != ApplicationTypeNative {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed 3")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
}
|
||||
if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed 4")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -165,10 +165,6 @@ func (p *DefaultOP) KeysEndpoint() Endpoint {
|
|||
return Endpoint(p.endpoints.JwksURI)
|
||||
}
|
||||
|
||||
func (p *DefaultOP) AuthMethodBasicSupported() bool {
|
||||
return true //TODO: config
|
||||
}
|
||||
|
||||
func (p *DefaultOP) AuthMethodPostSupported() bool {
|
||||
return true //TODO: config
|
||||
}
|
||||
|
|
@ -199,7 +195,6 @@ func (p *DefaultOP) Storage() Storage {
|
|||
|
||||
func (p *DefaultOP) Signer() Signer {
|
||||
return p.signer
|
||||
// return
|
||||
}
|
||||
|
||||
func (p *DefaultOP) IDTokenValidity() time.Duration {
|
||||
|
|
@ -209,10 +204,6 @@ func (p *DefaultOP) IDTokenValidity() time.Duration {
|
|||
return p.config.IDTokenValidity
|
||||
}
|
||||
|
||||
// func (p *DefaultOP) ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) {
|
||||
// return AuthRequestError
|
||||
// }
|
||||
|
||||
func (p *DefaultOP) HandleKeys(w http.ResponseWriter, r *http.Request) {
|
||||
Keys(w, r, p)
|
||||
}
|
||||
|
|
@ -235,20 +226,7 @@ func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
|
|||
CodeExchange(w, r, p)
|
||||
return
|
||||
}
|
||||
p.handleTokenExchange(w, r)
|
||||
}
|
||||
|
||||
func (p *DefaultOP) handleTokenExchange(w http.ResponseWriter, r *http.Request) {
|
||||
ExchangeRequestError(w, r, ErrServerError("not implemented"))
|
||||
return
|
||||
tokenRequest, err := ParseTokenExchangeRequest(w, r)
|
||||
if err != nil {
|
||||
//TODO: return err
|
||||
}
|
||||
err = ValidateTokenExchangeRequest(tokenRequest, p.storage)
|
||||
if err != nil {
|
||||
//TODO: return err
|
||||
}
|
||||
TokenExchange(w, r, p)
|
||||
}
|
||||
|
||||
func (p *DefaultOP) HandleUserinfo(w http.ResponseWriter, r *http.Request) {
|
||||
|
|
|
|||
|
|
@ -6,5 +6,8 @@ func NeedsExistingSession(authRequest *oidc.AuthRequest) bool {
|
|||
if authRequest == nil {
|
||||
return true
|
||||
}
|
||||
return authRequest.IDTokenHint != "" //TODO: impl: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
|
||||
if authRequest.Prompt == oidc.PromptNone {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ type Exchanger interface {
|
|||
Storage() Storage
|
||||
Decoder() *schema.Decoder
|
||||
Signer() Signer
|
||||
AuthMethodBasicSupported() bool
|
||||
AuthMethodPostSupported() bool
|
||||
}
|
||||
|
||||
|
|
@ -142,6 +141,19 @@ func AuthorizeCodeChallenge(tokenReq *oidc.AccessTokenRequest, storage AuthStora
|
|||
return authReq, nil
|
||||
}
|
||||
|
||||
func TokenExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
|
||||
tokenRequest, err := ParseTokenExchangeRequest(w, r)
|
||||
if err != nil {
|
||||
ExchangeRequestError(w, r, err)
|
||||
return
|
||||
}
|
||||
err = ValidateTokenExchangeRequest(tokenRequest, exchanger.Storage())
|
||||
if err != nil {
|
||||
ExchangeRequestError(w, r, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.TokenRequest, error) {
|
||||
return nil, errors.New("Unimplemented") //TODO: impl
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue