feat(op): User-configurable claims_supported (#495)
* User-configurable claims_supported * Use op.SupportedClaims instead of interface
This commit is contained in:
snow
GitHub
parent
bca8833c15
commit
7bdaf9c71d
3 changed files with 34 additions and 25 deletions
|
|
@ -213,32 +213,12 @@ func AuthMethodsRevocationEndpoint(c Configuration) []oidc.AuthMethod {
|
||||||
}
|
}
|
||||||
|
|
||||||
func SupportedClaims(c Configuration) []string {
|
func SupportedClaims(c Configuration) []string {
|
||||||
return []string{ // TODO: config
|
provider, ok := c.(*Provider)
|
||||||
"sub",
|
if ok && provider.config.SupportedClaims != nil {
|
||||||
"aud",
|
return provider.config.SupportedClaims
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"iss",
|
|
||||||
"auth_time",
|
|
||||||
"nonce",
|
|
||||||
"acr",
|
|
||||||
"amr",
|
|
||||||
"c_hash",
|
|
||||||
"at_hash",
|
|
||||||
"act",
|
|
||||||
"scopes",
|
|
||||||
"client_id",
|
|
||||||
"azp",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"family_name",
|
|
||||||
"given_name",
|
|
||||||
"locale",
|
|
||||||
"email",
|
|
||||||
"email_verified",
|
|
||||||
"phone_number",
|
|
||||||
"phone_number_verified",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return DefaultSupportedClaims
|
||||||
}
|
}
|
||||||
|
|
||||||
func CodeChallengeMethods(c Configuration) []oidc.CodeChallengeMethod {
|
func CodeChallengeMethods(c Configuration) []oidc.CodeChallengeMethod {
|
||||||
|
|
|
||||||
28
pkg/op/op.go
28
pkg/op/op.go
|
|
@ -45,6 +45,33 @@ var (
|
||||||
DeviceAuthorization: NewEndpoint(defaultDeviceAuthzEndpoint),
|
DeviceAuthorization: NewEndpoint(defaultDeviceAuthzEndpoint),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DefaultSupportedClaims = []string{
|
||||||
|
"sub",
|
||||||
|
"aud",
|
||||||
|
"exp",
|
||||||
|
"iat",
|
||||||
|
"iss",
|
||||||
|
"auth_time",
|
||||||
|
"nonce",
|
||||||
|
"acr",
|
||||||
|
"amr",
|
||||||
|
"c_hash",
|
||||||
|
"at_hash",
|
||||||
|
"act",
|
||||||
|
"scopes",
|
||||||
|
"client_id",
|
||||||
|
"azp",
|
||||||
|
"preferred_username",
|
||||||
|
"name",
|
||||||
|
"family_name",
|
||||||
|
"given_name",
|
||||||
|
"locale",
|
||||||
|
"email",
|
||||||
|
"email_verified",
|
||||||
|
"phone_number",
|
||||||
|
"phone_number_verified",
|
||||||
|
}
|
||||||
|
|
||||||
defaultCORSOptions = cors.Options{
|
defaultCORSOptions = cors.Options{
|
||||||
AllowCredentials: true,
|
AllowCredentials: true,
|
||||||
AllowedHeaders: []string{
|
AllowedHeaders: []string{
|
||||||
|
|
@ -146,6 +173,7 @@ type Config struct {
|
||||||
GrantTypeRefreshToken bool
|
GrantTypeRefreshToken bool
|
||||||
RequestObjectSupported bool
|
RequestObjectSupported bool
|
||||||
SupportedUILocales []language.Tag
|
SupportedUILocales []language.Tag
|
||||||
|
SupportedClaims []string
|
||||||
DeviceAuthorization DeviceAuthorizationConfig
|
DeviceAuthorization DeviceAuthorizationConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ var (
|
||||||
AuthMethodPrivateKeyJWT: true,
|
AuthMethodPrivateKeyJWT: true,
|
||||||
GrantTypeRefreshToken: true,
|
GrantTypeRefreshToken: true,
|
||||||
RequestObjectSupported: true,
|
RequestObjectSupported: true,
|
||||||
|
SupportedClaims: op.DefaultSupportedClaims,
|
||||||
SupportedUILocales: []language.Tag{language.English},
|
SupportedUILocales: []language.Tag{language.English},
|
||||||
DeviceAuthorization: op.DeviceAuthorizationConfig{
|
DeviceAuthorization: op.DeviceAuthorizationConfig{
|
||||||
Lifetime: 5 * time.Minute,
|
Lifetime: 5 * time.Minute,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue