feat: service account token exchange

This commit is contained in:
adlerhurst 2020-09-02 17:52:22 +02:00
parent c828290ef1
commit 7a109a763d
7 changed files with 71 additions and 10 deletions

View file

@ -148,14 +148,25 @@ func DefaultACRVerifier(possibleValues []string) ACRVerifier {
//and https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowTokenValidation
func (v *DefaultVerifier) Verify(ctx context.Context, accessToken, idTokenString string) (*oidc.IDTokenClaims, error) {
v.config.now = time.Now().UTC()
idToken, err := v.VerifyIDToken(ctx, idTokenString)
// idToken, err := v.VerifyIDToken(ctx, idTokenString)
// if err != nil {
// return nil, err
// }
// if err := v.verifyAccessToken(accessToken, idToken.AccessTokenHash, idToken.Signature); err != nil { //TODO: sig from token
// return nil, err
// }
// return idToken, nil
// TODO: verifiy
decrypted, err := v.decryptToken(idTokenString)
if err != nil {
return nil, err
}
if err := v.verifyAccessToken(accessToken, idToken.AccessTokenHash, idToken.Signature); err != nil { //TODO: sig from token
claims, _, err := v.parseToken(decrypted)
if err != nil {
return nil, err
}
return idToken, nil
return claims, nil
}
func (v *DefaultVerifier) now() time.Time {