cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor to avoid breaking RelyingParty interface

Browse source
This commit is contained in:
thomas-welch 2021-09-20 08:22:15 +01:00
parent 1a95652830
commit 52d4a2e099
1 changed files with 16 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

23
pkg/client/rp/relaying_party.go
View file

@ -38,9 +38,6 @@ type RelyingParty interface {
//IsPKCE returns if authorization is done using `Authorization Code Flow with Proof Key for Code Exchange (PKCE)` //IsPKCE returns if authorization is done using `Authorization Code Flow with Proof Key for Code Exchange (PKCE)`
IsPKCE() bool IsPKCE() bool
//PKCECodeGenerator controls how PKCE challenge codes are generated
PKCECodeGenerator() PKCECodeGenerator
//CookieHandler returns a http cookie handler used for various state transfer cookies //CookieHandler returns a http cookie handler used for various state transfer cookies
CookieHandler() *utils.CookieHandler CookieHandler() *utils.CookieHandler
@ -70,11 +67,19 @@ var (
DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) { DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) {
http.Error(w, errorType+": "+errorDesc, http.StatusInternalServerError) http.Error(w, errorType+": "+errorDesc, http.StatusInternalServerError)
} }
DefaultPKCECodeGenerator PKCECodeGenerator = func() (string, error) {
return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String())), nil
}
) )
func DefaultPKCECodeGenerator() (string, error) {
return base64.RawURLEncoding.EncodeToString([]byte(uuid.New().String() + uuid.New().String())), nil
}
// extends the RelyingParty interface to allow custom PKCE Code generation
type RelyingPartyWithCustomPKCE interface {
RelyingParty
//PKCECodeGenerator controls how PKCE challenge codes are generated
PKCECodeGenerator() PKCECodeGenerator
}
type relyingParty struct { type relyingParty struct {
issuer string issuer string
endpoints Endpoints endpoints Endpoints
@ -311,7 +316,11 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty) http.HandlerFunc {
//GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie //GenerateAndStoreCodeChallenge generates a PKCE code challenge and stores its verifier into a secure cookie
func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) { func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (string, error) {
codeVerifier, err := rp.PKCECodeGenerator()() codeGenerator := DefaultPKCECodeGenerator
if rpc, ok := rp.(RelyingPartyWithCustomPKCE); ok {
codeGenerator = rpc.PKCECodeGenerator()
}
codeVerifier, err := codeGenerator()
if err != nil { if err != nil {
return "", err return "", err
} }