device example

2023-02-28 17:24:23 +02:00 · 2023-02-28 17:24:23 +02:00 · b5d2050c2a
commit b5d2050c2a
parent 08fab97786
13 changed files with 505 additions and 54 deletions
--- a/pkg/client/rp/device.go
+++ b/pkg/client/rp/device.go
@ -2,7 +2,6 @@ package rp

 import (
 	"context"
-	"errors"
 	"fmt"
 	"time"

@ -47,10 +46,6 @@ func DeviceAuthorization(scopes []string, rp RelyingParty) (*oidc.DeviceAuthoriz
 // by means of polling as defined in RFC, section 3.3 and 3.4:
 // https://www.rfc-editor.org/rfc/rfc8628#section-3.4
 func DeviceAccessToken(ctx context.Context, deviceCode string, interval time.Duration, rp RelyingParty) (resp *oidc.AccessTokenResponse, err error) {
-	caller, ok := rp.(client.TokenEndpointCaller)
-	if !ok {
-		return nil, errors.New("rp does not implement TokenEndPointCaller")
-	}
 	req := &client.DeviceAccessTokenRequest{
 		DeviceAccessTokenRequest: oidc.DeviceAccessTokenRequest{
 			GrantType:  oidc.GrantTypeDeviceCode,
@ -63,5 +58,5 @@ func DeviceAccessToken(ctx context.Context, deviceCode string, interval time.Dur
 		return nil, err
 	}

-	return client.PollDeviceAccessTokenEndpoint(ctx, interval, req, caller)
+	return client.PollDeviceAccessTokenEndpoint(ctx, interval, req, tokenEndpointCaller{rp})
 }
--- a/pkg/op/device.go
+++ b/pkg/op/device.go
@ -86,6 +86,8 @@ func DeviceAuthorization(w http.ResponseWriter, r *http.Request, o OpenIDProvide
 		DeviceCode:      deviceCode,
 		UserCode:        userCode,
 		VerificationURI: config.UserFormURL,
+		ExpiresIn:       int(config.Lifetime / time.Second),
+		Interval:        int(config.PollInterval / time.Second),
 	}

 	response.VerificationURIComplete = fmt.Sprintf("%s?user_code=%s", config.UserFormURL, userCode)
@ -239,7 +241,7 @@ func CheckDeviceAuthorizationState(ctx context.Context, clientID, deviceCode str
 	if state.Denied {
 		return state, oidc.ErrAccessDenied()
 	}
-	if state.Completed {
+	if state.Done {
 		return state, nil
 	}
 	if time.Now().After(state.Expires) {
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -155,11 +155,12 @@ type EndSessionRequest struct {
 var ErrDuplicateUserCode = errors.New("user code already exists")

 type DeviceAuthorizationState struct {
-	Scopes    []string
-	Expires   time.Time
-	Completed bool
-	Subject   string
-	Denied    bool
+	ClientID string
+	Scopes   []string
+	Expires  time.Time
+	Done     bool
+	Subject  string
+	Denied   bool
 }

 type DeviceAuthorizationStorage interface {
@ -177,6 +178,10 @@ type DeviceAuthorizationStorage interface {
 	// The method is polled untill the the authorization is eighter Completed, Expired or Denied.
 	GetDeviceAuthorizatonState(ctx context.Context, clientID, deviceCode string) (*DeviceAuthorizationState, error)

+	// GetDeviceAuthorizationByUserCode resturn the current state of the device authorization flow,
+	// identified by the user code.
+	GetDeviceAuthorizationByUserCode(ctx context.Context, userCode string) (*DeviceAuthorizationState, error)
+
 	// CompleteDeviceAuthorization marks a device authorization entry as Completed,
 	// identified by userCode. The Subject is added to the state, so that
 	// GetDeviceAuthorizatonState can use it to create a new Access Token.