cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow jwt profile for token exchange client

Browse source
This commit is contained in:
Tim Möhlmann 2024-03-13 13:55:36 +02:00
parent f675939dfb
commit 6ac0bd329a
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/client/tokenexchange/tokenexchange.go
View file

@ -4,7 +4,9 @@ import (
"context" "context"
"errors" "errors"
"net/http" "net/http"
"time"
"github.com/go-jose/go-jose/v3"
"github.com/zitadel/oidc/v3/pkg/client" "github.com/zitadel/oidc/v3/pkg/client"
httphelper "github.com/zitadel/oidc/v3/pkg/http" httphelper "github.com/zitadel/oidc/v3/pkg/http"
"github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/oidc"
@ -33,6 +35,17 @@ func NewTokenExchangerClientCredentials(ctx context.Context, issuer, clientID, c
return newOAuthTokenExchange(ctx, issuer, authorizer, options...) return newOAuthTokenExchange(ctx, issuer, authorizer, options...)
} }
func NewTokenExchangerJWTProfile(ctx context.Context, issuer, clientID string, signer jose.Signer, options ...func(source *OAuthTokenExchange)) (TokenExchanger, error) {
authorizer := func() (any, error) {
assertion, err := client.SignedJWTProfileAssertion(clientID, []string{issuer}, time.Hour, signer)
if err != nil {
return nil, err
}
return client.ClientAssertionFormAuthorization(assertion), nil
}
return newOAuthTokenExchange(ctx, issuer, authorizer, options...)
}
func newOAuthTokenExchange(ctx context.Context, issuer string, authorizer func() (any, error), options ...func(source *OAuthTokenExchange)) (*OAuthTokenExchange, error) { func newOAuthTokenExchange(ctx context.Context, issuer string, authorizer func() (any, error), options ...func(source *OAuthTokenExchange)) (*OAuthTokenExchange, error) {
te := &OAuthTokenExchange{ te := &OAuthTokenExchange{
httpClient: httphelper.DefaultHTTPClient, httpClient: httphelper.DefaultHTTPClient,