cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'zitadel:main' into rp/UnauthorizedHandler

Browse source
This commit is contained in:
Jan-Otto Kröpke 2024-01-09 01:31:13 +01:00 committed by GitHub
commit 763e05feed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 51 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.github/dependabot.yml vendored
View file

@ -9,6 +9,16 @@ updates:
commit-message: commit-message:
prefix: chore prefix: chore
include: scope include: scope
- package-ecosystem: gomod
target-branch: "2.12.x"
directory: "/"
schedule:
interval: daily
time: '04:00'
open-pull-requests-limit: 10
commit-message:
prefix: chore
include: scope
- package-ecosystem: "github-actions" - package-ecosystem: "github-actions"
directory: "/" directory: "/"
schedule: schedule:

36
example/client/device/device.go
View file

@ -1,3 +1,37 @@
// Command device is an example Oauth2 Device Authorization Grant app.
// It creates a new Device Authorization request on the Issuer and then polls for tokens.
// The user is then prompted to visit a URL and enter the user code.
// Or, the complete URL can be used instead to omit manual entry.
// In practice then can be a "magic link" in the form or a QR.
//
// The following environment variables are used for configuration:
//
// ISSUER: URL to the OP, required.
// CLIENT_ID: ID of the application, required.
// CLIENT_SECRET: Secret to authenticate the app using basic auth. Only required if the OP expects this type of authentication.
// KEY_PATH: Path to a private key file, used to for JWT authentication of the App. Only required if the OP expects this type of authentication.
// SCOPES: Scopes of the Authentication Request. Optional.
//
// Basic usage:
//
// cd example/client/device
// export ISSUER="http://localhost:9000" CLIENT_ID="246048465824634593@demo"
//
// Get an Access Token:
//
// SCOPES="email profile" go run .
//
// Get an Access Token and ID Token:
//
// SCOPES="email profile openid" go run .
//
// Get an Access Token and Refresh Token
//
// SCOPES="email profile offline_access" go run .
//
// Get Access, Refresh and ID Tokens:
//
// SCOPES="email profile offline_access openid" go run .
package main package main
import ( import (
@ -57,5 +91,5 @@ func main() {
if err != nil { if err != nil {
logrus.Fatal(err) logrus.Fatal(err)
} }
logrus.Infof("successfully obtained token: %v", token) logrus.Infof("successfully obtained token: %#v", token)
} }

5
pkg/client/rp/errors.go Normal file
View file

@ -0,0 +1,5 @@
package rp
import "errors"
var ErrRelyingPartyNotSupportRevokeCaller = errors.New("RelyingParty does not support RevokeCaller")

3
pkg/client/rp/relying_party.go
View file

@ -4,7 +4,6 @@ import (
"context" "context"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt"
"net/http" "net/http"
"net/url" "net/url"
"time" "time"
@ -748,7 +747,7 @@ func RevokeToken(ctx context.Context, rp RelyingParty, token string, tokenTypeHi
if rc, ok := rp.(client.RevokeCaller); ok && rc.GetRevokeEndpoint() != "" { if rc, ok := rp.(client.RevokeCaller); ok && rc.GetRevokeEndpoint() != "" {
return client.CallRevokeEndpoint(ctx, request, nil, rc) return client.CallRevokeEndpoint(ctx, request, nil, rc)
} }
return fmt.Errorf("RelyingParty does not support RevokeCaller") return ErrRelyingPartyNotSupportRevokeCaller
} }
func unauthorizedError(w http.ResponseWriter, r *http.Request, desc string, state string, rp RelyingParty) { func unauthorizedError(w http.ResponseWriter, r *http.Request, desc string, state string, rp RelyingParty) {