fix: parse max_age and prompt correctly (and change scope type) (#105)

* fix: parse max_age and prompt correctly (and change scope type) * remove unnecessary omitempty
2021-06-16 08:34:01 +02:00 · 2021-06-16 08:34:01 +02:00 · 400f5c4de4
commit 400f5c4de4
parent 0591a0d1ef
16 changed files with 98 additions and 85 deletions
--- a/pkg/oidc/authorization.go
+++ b/pkg/oidc/authorization.go
@ -44,39 +44,39 @@ const (

 	//PromptNone (`none`) disallows the Authorization Server to display any authentication or consent user interface pages.
 	//An error (login_required, interaction_required, ...) will be returned if the user is not already authenticated or consent is needed
-	PromptNone Prompt = "none"
+	PromptNone = "none"

 	//PromptLogin (`login`) directs the Authorization Server to prompt the End-User for reauthentication.
-	PromptLogin Prompt = "login"
+	PromptLogin = "login"

 	//PromptConsent (`consent`) directs the Authorization Server to prompt the End-User for consent (of sharing information).
-	PromptConsent Prompt = "consent"
+	PromptConsent = "consent"

 	//PromptSelectAccount (`select_account `) directs the Authorization Server to prompt the End-User to select a user account (to enable multi user / session switching)
-	PromptSelectAccount Prompt = "select_account"
+	PromptSelectAccount = "select_account"
 )

 //AuthRequest according to:
 //https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 type AuthRequest struct {
 	ID           string
-	Scopes       Scopes       `schema:"scope"`
-	ResponseType ResponseType `schema:"response_type"`
-	ClientID     string       `schema:"client_id"`
-	RedirectURI  string       `schema:"redirect_uri"` //TODO: type
+	Scopes       SpaceDelimitedArray `schema:"scope"`
+	ResponseType ResponseType        `schema:"response_type"`
+	ClientID     string              `schema:"client_id"`
+	RedirectURI  string              `schema:"redirect_uri"` //TODO: type

 	State string `schema:"state"`

 	// ResponseMode TODO: ?

-	Nonce       string   `schema:"nonce"`
-	Display     Display  `schema:"display"`
-	Prompt      Prompt   `schema:"prompt"`
-	MaxAge      uint32   `schema:"max_age"`
-	UILocales   Locales  `schema:"ui_locales"`
-	IDTokenHint string   `schema:"id_token_hint"`
-	LoginHint   string   `schema:"login_hint"`
-	ACRValues   []string `schema:"acr_values"`
+	Nonce       string              `schema:"nonce"`
+	Display     Display             `schema:"display"`
+	Prompt      SpaceDelimitedArray `schema:"prompt"`
+	MaxAge      *uint               `schema:"max_age"`
+	UILocales   Locales             `schema:"ui_locales"`
+	IDTokenHint string              `schema:"id_token_hint"`
+	LoginHint   string              `schema:"login_hint"`
+	ACRValues   []string            `schema:"acr_values"`

 	CodeChallenge       string              `schema:"code_challenge"`
 	CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"`
--- a/pkg/oidc/introspection.go
+++ b/pkg/oidc/introspection.go
@ -21,7 +21,7 @@ type IntrospectionResponse interface {
 	UserInfoSetter
 	SetActive(bool)
 	IsActive() bool
-	SetScopes(scopes Scopes)
+	SetScopes(scopes []string)
 	SetClientID(id string)
 }

@ -30,10 +30,10 @@ func NewIntrospectionResponse() IntrospectionResponse {
 }

 type introspectionResponse struct {
-	Active   bool   `json:"active"`
-	Scope    Scopes `json:"scope,omitempty"`
-	ClientID string `json:"client_id,omitempty"`
-	Subject  string `json:"sub,omitempty"`
+	Active   bool                `json:"active"`
+	Scope    SpaceDelimitedArray `json:"scope,omitempty"`
+	ClientID string              `json:"client_id,omitempty"`
+	Subject  string              `json:"sub,omitempty"`
 	userInfoProfile
 	userInfoEmail
 	userInfoPhone
@ -46,7 +46,7 @@ func (u *introspectionResponse) IsActive() bool {
 	return u.Active
 }

-func (u *introspectionResponse) SetScopes(scope Scopes) {
+func (u *introspectionResponse) SetScopes(scope []string) {
 	u.Scope = scope
 }

--- a/pkg/oidc/jwt_profile.go
+++ b/pkg/oidc/jwt_profile.go
@ -1,9 +1,9 @@
 package oidc

 type JWTProfileGrantRequest struct {
-	Assertion string    `schema:"assertion"`
-	Scope     Scopes    `schema:"scope"`
-	GrantType GrantType `schema:"grant_type"`
+	Assertion string              `schema:"assertion"`
+	Scope     SpaceDelimitedArray `schema:"scope"`
+	GrantType GrantType           `schema:"grant_type"`
 }

 //NewJWTProfileGrantRequest creates an oauth2 `JSON Web Token (JWT) Profile` Grant
--- a/pkg/oidc/token_request.go
+++ b/pkg/oidc/token_request.go
@ -58,12 +58,12 @@ func (a *AccessTokenRequest) SetClientSecret(clientSecret string) {
 }

 type RefreshTokenRequest struct {
-	RefreshToken        string `schema:"refresh_token"`
-	Scopes              Scopes `schema:"scope"`
-	ClientID            string `schema:"client_id"`
-	ClientSecret        string `schema:"client_secret"`
-	ClientAssertion     string `schema:"client_assertion"`
-	ClientAssertionType string `schema:"client_assertion_type"`
+	RefreshToken        string              `schema:"refresh_token"`
+	Scopes              SpaceDelimitedArray `schema:"scope"`
+	ClientID            string              `schema:"client_id"`
+	ClientSecret        string              `schema:"client_secret"`
+	ClientAssertion     string              `schema:"client_assertion"`
+	ClientAssertionType string              `schema:"client_assertion_type"`
 }

 func (a *RefreshTokenRequest) GrantType() GrantType {
@ -81,12 +81,12 @@ func (a *RefreshTokenRequest) SetClientSecret(clientSecret string) {
 }

 type JWTTokenRequest struct {
-	Issuer    string   `json:"iss"`
-	Subject   string   `json:"sub"`
-	Scopes    Scopes   `json:"-"`
-	Audience  Audience `json:"aud"`
-	IssuedAt  Time     `json:"iat"`
-	ExpiresAt Time     `json:"exp"`
+	Issuer    string              `json:"iss"`
+	Subject   string              `json:"sub"`
+	Scopes    SpaceDelimitedArray `json:"-"`
+	Audience  Audience            `json:"aud"`
+	IssuedAt  Time                `json:"iat"`
+	ExpiresAt Time                `json:"exp"`
 }

 //GetIssuer implements the Claims interface
@ -143,12 +143,12 @@ func (j *JWTTokenRequest) GetScopes() []string {
 }

 type TokenExchangeRequest struct {
-	subjectToken       string   `schema:"subject_token"`
-	subjectTokenType   string   `schema:"subject_token_type"`
-	actorToken         string   `schema:"actor_token"`
-	actorTokenType     string   `schema:"actor_token_type"`
-	resource           []string `schema:"resource"`
-	audience           Audience `schema:"audience"`
-	Scope              Scopes   `schema:"scope"`
-	requestedTokenType string   `schema:"requested_token_type"`
+	subjectToken       string              `schema:"subject_token"`
+	subjectTokenType   string              `schema:"subject_token_type"`
+	actorToken         string              `schema:"actor_token"`
+	actorTokenType     string              `schema:"actor_token_type"`
+	resource           []string            `schema:"resource"`
+	audience           Audience            `schema:"audience"`
+	Scope              SpaceDelimitedArray `schema:"scope"`
+	requestedTokenType string              `schema:"requested_token_type"`
 }
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -54,30 +54,36 @@ func (l *Locales) UnmarshalText(text []byte) error {
 	return nil
 }

-type Prompt string
+type MaxAge *uint
+
+func NewMaxAge(i uint) MaxAge {
+	return &i
+}
+
+type SpaceDelimitedArray []string
+
+type Prompt SpaceDelimitedArray

 type ResponseType string

-type Scopes []string
-
-func (s Scopes) Encode() string {
+func (s SpaceDelimitedArray) Encode() string {
 	return strings.Join(s, " ")
 }

-func (s *Scopes) UnmarshalText(text []byte) error {
+func (s *SpaceDelimitedArray) UnmarshalText(text []byte) error {
 	*s = strings.Split(string(text), " ")
 	return nil
 }

-func (s *Scopes) MarshalText() ([]byte, error) {
+func (s SpaceDelimitedArray) MarshalText() ([]byte, error) {
 	return []byte(s.Encode()), nil
 }

-func (s *Scopes) MarshalJSON() ([]byte, error) {
-	return json.Marshal((*s).Encode())
+func (s SpaceDelimitedArray) MarshalJSON() ([]byte, error) {
+	return json.Marshal((s).Encode())
 }

-func (s *Scopes) UnmarshalJSON(data []byte) error {
+func (s *SpaceDelimitedArray) UnmarshalJSON(data []byte) error {
 	var str string
 	if err := json.Unmarshal(data, &str); err != nil {
 		return err
--- a/pkg/oidc/types_test.go
+++ b/pkg/oidc/types_test.go
@ -220,7 +220,7 @@ func TestScopes_UnmarshalText(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			var scopes Scopes
+			var scopes SpaceDelimitedArray
 			if err := scopes.UnmarshalText(tt.args.text); (err != nil) != tt.wantErr {
 				t.Errorf("UnmarshalText() error = %v, wantErr %v", err, tt.wantErr)
 			}
@ -230,7 +230,7 @@ func TestScopes_UnmarshalText(t *testing.T) {
 }
 func TestScopes_MarshalText(t *testing.T) {
 	type args struct {
-		scopes Scopes
+		scopes SpaceDelimitedArray
 	}
 	type res struct {
 		scopes []byte
@ -244,7 +244,7 @@ func TestScopes_MarshalText(t *testing.T) {
 		{
 			"unknown value",
 			args{
-				Scopes{"unknown"},
+				SpaceDelimitedArray{"unknown"},
 			},
 			res{
 				[]byte("unknown"),
@ -254,7 +254,7 @@ func TestScopes_MarshalText(t *testing.T) {
 		{
 			"struct",
 			args{
-				Scopes{`{"unknown":"value"}`},
+				SpaceDelimitedArray{`{"unknown":"value"}`},
 			},
 			res{
 				[]byte(`{"unknown":"value"}`),
@ -264,7 +264,7 @@ func TestScopes_MarshalText(t *testing.T) {
 		{
 			"openid",
 			args{
-				Scopes{"openid"},
+				SpaceDelimitedArray{"openid"},
 			},
 			res{
 				[]byte("openid"),
@ -274,7 +274,7 @@ func TestScopes_MarshalText(t *testing.T) {
 		{
 			"multiple scopes",
 			args{
-				Scopes{"openid", "email", "custom:scope"},
+				SpaceDelimitedArray{"openid", "email", "custom:scope"},
 			},
 			res{
 				[]byte("openid email custom:scope"),