cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

handle client credentials in VerifyClient

Browse source
This commit is contained in:
Tim Möhlmann 2023-09-25 12:06:25 +03:00
parent d27be590c4
commit b7cbe15ced
2 changed files with 19 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/op/server_legacy.go
View file

@ -105,6 +105,14 @@ func (s *LegacyServer) DeviceAuthorization(ctx context.Context, r *ClientRequest
}
func (s *LegacyServer) VerifyClient(ctx context.Context, r *Request[ClientCredentials]) (Client, error) {
if oidc.GrantType(r.Form.Get("grant_type")) == oidc.GrantTypeClientCredentials {
storage, ok := s.provider.Storage().(ClientCredentialsStorage)
if !ok {
return nil, oidc.ErrUnsupportedGrantType().WithDescription("client_credentials grant not supported")
}
return storage.ClientCredentials(ctx, r.Data.ClientID, r.Data.ClientSecret)
}
if r.Data.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {
jwtExchanger, ok := s.provider.(JWTAuthorizationGrantExchanger)
if !ok || !s.provider.AuthMethodPrivateKeyJWTSupported() {