interface
This commit is contained in:
Livio Amstutz
parent
80eeee2de2
commit
988a556fa9
10 changed files with 131 additions and 76 deletions
|
|
@ -58,6 +58,24 @@ type AuthRequest struct {
|
|||
ACRValues []string `schema:"acr_values"`
|
||||
}
|
||||
|
||||
// func (a *AuthRequest) GetID() string {
|
||||
// return a.ID
|
||||
// }
|
||||
|
||||
// func (a *AuthRequest) GetClientID() string {
|
||||
// return a.ClientID
|
||||
// }
|
||||
|
||||
func (a *AuthRequest) GetRedirectURI() string {
|
||||
return a.RedirectURI
|
||||
}
|
||||
func (a *AuthRequest) GetResponseType() ResponseType {
|
||||
return a.ResponseType
|
||||
}
|
||||
func (a *AuthRequest) GetState() string {
|
||||
return a.State
|
||||
}
|
||||
|
||||
type TokenRequest interface {
|
||||
// GrantType GrantType `schema:"grant_type"`
|
||||
GrantType() GrantType
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
package oidc
|
||||
|
||||
type Client interface {
|
||||
RedirectURIs() []string
|
||||
ApplicationType() ApplicationType
|
||||
LoginURL(string) string
|
||||
}
|
||||
|
||||
// type ClientType int
|
||||
|
||||
// func (c ClientType) IsConvidential() bool {
|
||||
// return c == ClientTypeConfidential
|
||||
// }
|
||||
|
||||
func IsConfidentialType(c Client) bool {
|
||||
return c.ApplicationType() == ApplicationTypeWeb
|
||||
}
|
||||
|
||||
type ApplicationType int
|
||||
|
||||
// const (a ApplicationType)
|
||||
|
||||
const (
|
||||
// ClientTypeConfidential ClientType = iota
|
||||
// ClientTypePublic
|
||||
|
||||
ApplicationTypeWeb ApplicationType = iota
|
||||
ApplicationTypeUserAgent
|
||||
ApplicationTypeNative
|
||||
)
|
||||
|
|
@ -1,7 +1,12 @@
|
|||
package oidc
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"hash"
|
||||
"time"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
|
|
@ -82,3 +87,27 @@ type Tokens struct {
|
|||
*oauth2.Token
|
||||
IDTokenClaims *IDTokenClaims
|
||||
}
|
||||
|
||||
func AccessTokenHash(accessToken string, sigAlgorithm jose.SignatureAlgorithm) (string, error) {
|
||||
tokenHash, err := getHashAlgorithm(sigAlgorithm)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
tokenHash.Write([]byte(accessToken)) // hash documents that Write will never return an error
|
||||
sum := tokenHash.Sum(nil)[:tokenHash.Size()/2]
|
||||
return base64.RawURLEncoding.EncodeToString(sum), nil
|
||||
}
|
||||
|
||||
func getHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
|
||||
switch sigAlgorithm {
|
||||
case jose.RS256, jose.ES256, jose.PS256:
|
||||
return sha256.New(), nil
|
||||
case jose.RS384, jose.ES384, jose.PS384:
|
||||
return sha512.New384(), nil
|
||||
case jose.RS512, jose.ES512, jose.PS512:
|
||||
return sha512.New(), nil
|
||||
default:
|
||||
return nil, fmt.Errorf("oidc: unsupported signing algorithm %q", sigAlgorithm)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue