fix: parse max_age and prompt correctly (and change scope type) (#105)

* fix: parse max_age and prompt correctly (and change scope type) * remove unnecessary omitempty
2021-06-16 08:34:01 +02:00 · 2021-06-16 08:34:01 +02:00 · 400f5c4de4
commit 400f5c4de4
parent 0591a0d1ef
16 changed files with 98 additions and 85 deletions
--- a/pkg/op/auth_request.go
+++ b/pkg/op/auth_request.go
@ -106,7 +106,11 @@ func ParseAuthorizeRequest(r *http.Request, decoder utils.Decoder) (*oidc.AuthRe
 }

 //ValidateAuthRequest validates the authorize parameters and returns the userID of the id_token_hint if passed
-func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage Storage, verifier IDTokenHintVerifier) (string, error) {
+func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage Storage, verifier IDTokenHintVerifier) (sub string, err error) {
+	authReq.MaxAge, err = ValidateAuthReqPrompt(authReq.Prompt, authReq.MaxAge)
+	if err != nil {
+		return "", err
+	}
 	client, err := storage.GetClientByClientID(ctx, authReq.ClientID)
 	if err != nil {
 		return "", ErrServerError(err.Error())
@ -124,6 +128,19 @@ func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage
 	return ValidateAuthReqIDTokenHint(ctx, authReq.IDTokenHint, verifier)
 }

+//ValidateAuthReqPrompt validates the passed prompt values and sets max_age to 0 if prompt login is present
+func ValidateAuthReqPrompt(prompts []string, maxAge *uint) (_ *uint, err error) {
+	for _, prompt := range prompts {
+		if prompt == oidc.PromptNone && len(prompts) > 1 {
+			return nil, ErrInvalidRequest("The prompt parameter `none` must only be used as a single value")
+		}
+		if prompt == oidc.PromptLogin {
+			maxAge = oidc.NewMaxAge(0)
+		}
+	}
+	return maxAge, nil
+}
+
 //ValidateAuthReqScopes validates the passed scopes
 func ValidateAuthReqScopes(client Client, scopes []string) ([]string, error) {
 	if len(scopes) == 0 {