fix: add code_challenge_methods_supported to discovery endpoint

2020-08-20 16:18:31 +02:00 · 2020-08-20 16:18:31 +02:00 · 68033051ba
commit 68033051ba
parent 5a8e69978f
4 changed files with 18 additions and 0 deletions
--- a/pkg/oidc/discovery.go
+++ b/pkg/oidc/discovery.go
@ -20,5 +20,6 @@ type DiscoveryConfiguration struct {
 	SubjectTypesSupported             []string `json:"subject_types_supported,omitempty"`
 	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported,omitempty"`
 	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
+	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported,omitempty"`
 	ClaimsSupported                   []string `json:"claims_supported,omitempty"`
 }
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -16,6 +16,7 @@ type Configuration interface {
 	KeysEndpoint() Endpoint

 	AuthMethodPostSupported() bool
+	CodeMethodS256Supported() bool
 }

 func ValidateIssuer(issuer string) error {
--- a/pkg/op/default_op.go
+++ b/pkg/op/default_op.go
@ -26,6 +26,8 @@ const (
 	AuthMethodBasic AuthMethod = "client_secret_basic"
 	AuthMethodPost             = "client_secret_post"
 	AuthMethodNone             = "none"
+
+	CodeMethodS256 = "S256"
 )

 var (
@ -58,6 +60,7 @@ type Config struct {
 	Issuer                   string
 	CryptoKey                [32]byte
 	DefaultLogoutRedirectURI string
+	CodeMethodS256           bool
 	// ScopesSupported:                   oidc.SupportedScopes,
 	// ResponseTypesSupported:            responseTypes,
 	// GrantTypesSupported:               oidc.SupportedGrantTypes,
@ -222,6 +225,10 @@ func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }

+func (p *DefaultOP) CodeMethodS256Supported() bool {
+	return p.config.CodeMethodS256
+}
+
 func (p *DefaultOP) HttpHandler() http.Handler {
 	return p.http
 }
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -28,6 +28,7 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati
 		IDTokenSigningAlgValuesSupported:  SigAlgorithms(s),
 		SubjectTypesSupported:             SubjectTypes(c),
 		TokenEndpointAuthMethodsSupported: AuthMethods(c),
+		CodeChallengeMethodsSupported:     CodeChallengeMethods(c),
 	}
 }

@ -117,3 +118,11 @@ func AuthMethods(c Configuration) []string {
 	}
 	return authMethods
 }
+
+func CodeChallengeMethods(c Configuration) []string {
+	codeMethods := make([]string, 0, 1)
+	if c.CodeMethodS256Supported() {
+		codeMethods = append(codeMethods, CodeMethodS256)
+	}
+	return codeMethods
+}