cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleanup tokenHandler

Browse source
This commit is contained in:
Tim Möhlmann 2023-09-22 14:40:56 +03:00
parent 57e8b19a8b
commit b12bb7a1f1
1 changed files with 25 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

50
pkg/op/server_http.go
View file

@ -67,6 +67,23 @@ func (s *webServer) createRouter() {
s.Handler = router s.Handler = router
} }
type clientHandler func(w http.ResponseWriter, r *http.Request, client Client)
func (s *webServer) withClient(w http.ResponseWriter, r *http.Request, handler clientHandler) {
client, err := s.verifyRequestClient(r)
if err != nil {
WriteError(w, r, err, slog.Default())
return
}
if grantType := oidc.GrantType(r.Form.Get("grant_type")); grantType != "" {
if !ValidateGrantType(client, grantType) {
WriteError(w, r, oidc.ErrUnauthorizedClient().WithDescription("grant_type %q not allowed", grantType), s.logger)
return
}
}
handler(w, r, client)
}
func (s *webServer) verifyRequestClient(r *http.Request) (_ Client, err error) { func (s *webServer) verifyRequestClient(r *http.Request) (_ Client, err error) {
if err = r.ParseForm(); err != nil { if err = r.ParseForm(); err != nil {
return nil, oidc.ErrInvalidRequest().WithDescription("error parsing form").WithParent(err) return nil, oidc.ErrInvalidRequest().WithDescription("error parsing form").WithParent(err)
@ -170,37 +187,20 @@ func (s *webServer) tokensHandler(w http.ResponseWriter, r *http.Request) {
WriteError(w, r, oidc.ErrInvalidRequest().WithDescription("grant_type missing"), slog.Default()) WriteError(w, r, oidc.ErrInvalidRequest().WithDescription("grant_type missing"), slog.Default())
return return
} }
if !grantType.IsSupported() {
WriteError(w, r, unimplementedGrantError(grantType), s.logger)
return
}
if grantType == oidc.GrantTypeBearer {
s.jwtProfileHandler(w, r)
return
}
client, err := s.verifyRequestClient(r)
if err != nil {
WriteError(w, r, err, slog.Default())
return
}
if !ValidateGrantType(client, grantType) {
WriteError(w, r, oidc.ErrUnauthorizedClient().WithDescription("grant_type %q not allowed", grantType), s.logger)
return
}
switch grantType { switch grantType {
case oidc.GrantTypeCode: case oidc.GrantTypeCode:
s.codeExchangeHandler(w, r, client) s.withClient(w, r, s.codeExchangeHandler)
case oidc.GrantTypeRefreshToken: case oidc.GrantTypeRefreshToken:
s.refreshTokenHandler(w, r, client) s.withClient(w, r, s.refreshTokenHandler)
case oidc.GrantTypeTokenExchange:
s.tokenExchangeHandler(w, r, client)
case oidc.GrantTypeClientCredentials: case oidc.GrantTypeClientCredentials:
s.clientCredentialsHandler(w, r, client) s.withClient(w, r, s.clientCredentialsHandler)
case oidc.GrantTypeBearer:
s.jwtProfileHandler(w, r)
case oidc.GrantTypeTokenExchange:
s.withClient(w, r, s.tokenExchangeHandler)
case oidc.GrantTypeDeviceCode: case oidc.GrantTypeDeviceCode:
s.deviceTokenHandler(w, r, client) s.withClient(w, r, s.deviceTokenHandler)
default: default:
WriteError(w, r, unimplementedGrantError(grantType), s.logger) WriteError(w, r, unimplementedGrantError(grantType), s.logger)
} }