handle client credentials in VerifyClient
This commit is contained in:
Tim Möhlmann
parent
d27be590c4
commit
b7cbe15ced
2 changed files with 19 additions and 15 deletions
|
|
@ -145,22 +145,18 @@ func TestServerRoutes(t *testing.T) {
|
||||||
`","issued_token_type":"urn:ietf:params:oauth:token-type:refresh_token","token_type":"Bearer","expires_in":299,"scope":"openid offline_access","refresh_token":"`,
|
`","issued_token_type":"urn:ietf:params:oauth:token-type:refresh_token","token_type":"Bearer","expires_in":299,"scope":"openid offline_access","refresh_token":"`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
/*
|
name: "Client credentials exchange",
|
||||||
{
|
method: http.MethodGet,
|
||||||
name: "Client credentials exchange",
|
path: testProvider.TokenEndpoint().Relative(),
|
||||||
method: http.MethodGet,
|
basicAuth: &basicAuth{"sid1", "verysecret"},
|
||||||
path: testProvider.TokenEndpoint().Relative(),
|
values: map[string]string{
|
||||||
basicAuth: &basicAuth{"web", "secret"},
|
"grant_type": string(oidc.GrantTypeClientCredentials),
|
||||||
values: map[string]string{
|
"scope": oidc.SpaceDelimitedArray{oidc.ScopeOpenID, oidc.ScopeOfflineAccess}.String(),
|
||||||
"grant_type": string(oidc.GrantTypeClientCredentials),
|
|
||||||
"scope": oidc.SpaceDelimitedArray{oidc.ScopeOpenID, oidc.ScopeOfflineAccess}.String(),
|
|
||||||
},
|
|
||||||
wantCode: http.StatusOK,
|
|
||||||
contains: []string{`{"access_token":"`, `","token_type":"Bearer","expires_in":299}`},
|
|
||||||
},
|
},
|
||||||
*/
|
wantCode: http.StatusOK,
|
||||||
|
contains: []string{`{"access_token":"`, `","token_type":"Bearer","expires_in":299}`},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
// This call will fail. A successfull test is already
|
// This call will fail. A successfull test is already
|
||||||
// part of device_test.go
|
// part of device_test.go
|
||||||
|
|
|
||||||
|
|
@ -105,6 +105,14 @@ func (s *LegacyServer) DeviceAuthorization(ctx context.Context, r *ClientRequest
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *LegacyServer) VerifyClient(ctx context.Context, r *Request[ClientCredentials]) (Client, error) {
|
func (s *LegacyServer) VerifyClient(ctx context.Context, r *Request[ClientCredentials]) (Client, error) {
|
||||||
|
if oidc.GrantType(r.Form.Get("grant_type")) == oidc.GrantTypeClientCredentials {
|
||||||
|
storage, ok := s.provider.Storage().(ClientCredentialsStorage)
|
||||||
|
if !ok {
|
||||||
|
return nil, oidc.ErrUnsupportedGrantType().WithDescription("client_credentials grant not supported")
|
||||||
|
}
|
||||||
|
return storage.ClientCredentials(ctx, r.Data.ClientID, r.Data.ClientSecret)
|
||||||
|
}
|
||||||
|
|
||||||
if r.Data.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {
|
if r.Data.ClientAssertionType == oidc.ClientAssertionTypeJWTAssertion {
|
||||||
jwtExchanger, ok := s.provider.(JWTAuthorizationGrantExchanger)
|
jwtExchanger, ok := s.provider.(JWTAuthorizationGrantExchanger)
|
||||||
if !ok || !s.provider.AuthMethodPrivateKeyJWTSupported() {
|
if !ok || !s.provider.AuthMethodPrivateKeyJWTSupported() {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue