fix: add code_challenge_methods_supported to discovery endpoint (#43)

* fix: add code_challenge_methods_supported to discovery endpoint * fix mock
2020-08-20 16:27:51 +02:00 · 2020-08-20 16:27:51 +02:00 · 57cf8ee9c7
commit 57cf8ee9c7
parent 5a8e69978f
5 changed files with 32 additions and 0 deletions
--- a/pkg/oidc/discovery.go
+++ b/pkg/oidc/discovery.go
@ -20,5 +20,6 @@ type DiscoveryConfiguration struct {
 	SubjectTypesSupported             []string `json:"subject_types_supported,omitempty"`
 	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported,omitempty"`
 	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
+	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported,omitempty"`
 	ClaimsSupported                   []string `json:"claims_supported,omitempty"`
 }
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -16,6 +16,7 @@ type Configuration interface {
 	KeysEndpoint() Endpoint

 	AuthMethodPostSupported() bool
+	CodeMethodS256Supported() bool
 }

 func ValidateIssuer(issuer string) error {
--- a/pkg/op/default_op.go
+++ b/pkg/op/default_op.go
@ -26,6 +26,8 @@ const (
 	AuthMethodBasic AuthMethod = "client_secret_basic"
 	AuthMethodPost             = "client_secret_post"
 	AuthMethodNone             = "none"
+
+	CodeMethodS256 = "S256"
 )

 var (
@ -58,6 +60,7 @@ type Config struct {
 	Issuer                   string
 	CryptoKey                [32]byte
 	DefaultLogoutRedirectURI string
+	CodeMethodS256           bool
 	// ScopesSupported:                   oidc.SupportedScopes,
 	// ResponseTypesSupported:            responseTypes,
 	// GrantTypesSupported:               oidc.SupportedGrantTypes,
@ -222,6 +225,10 @@ func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }

+func (p *DefaultOP) CodeMethodS256Supported() bool {
+	return p.config.CodeMethodS256
+}
+
 func (p *DefaultOP) HttpHandler() http.Handler {
 	return p.http
 }
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -28,6 +28,7 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati
 		IDTokenSigningAlgValuesSupported:  SigAlgorithms(s),
 		SubjectTypesSupported:             SubjectTypes(c),
 		TokenEndpointAuthMethodsSupported: AuthMethods(c),
+		CodeChallengeMethodsSupported:     CodeChallengeMethods(c),
 	}
 }

@ -117,3 +118,11 @@ func AuthMethods(c Configuration) []string {
 	}
 	return authMethods
 }
+
+func CodeChallengeMethods(c Configuration) []string {
+	codeMethods := make([]string, 0, 1)
+	if c.CodeMethodS256Supported() {
+		codeMethods = append(codeMethods, CodeMethodS256)
+	}
+	return codeMethods
+}
--- a/pkg/op/mock/configuration.mock.go
+++ b/pkg/op/mock/configuration.mock.go
@ -61,6 +61,20 @@ func (mr *MockConfigurationMockRecorder) AuthorizationEndpoint() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthorizationEndpoint", reflect.TypeOf((*MockConfiguration)(nil).AuthorizationEndpoint))
 }

+// CodeMethodS256Supported mocks base method
+func (m *MockConfiguration) CodeMethodS256Supported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "CodeMethodS256Supported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// CodeMethodS256Supported indicates an expected call of CodeMethodS256Supported
+func (mr *MockConfigurationMockRecorder) CodeMethodS256Supported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CodeMethodS256Supported", reflect.TypeOf((*MockConfiguration)(nil).CodeMethodS256Supported))
+}
+
 // EndSessionEndpoint mocks base method
 func (m *MockConfiguration) EndSessionEndpoint() op.Endpoint {
 	m.ctrl.T.Helper()