feat: support EndSession with RelyingParty client (#230)
* feat: support EndSession with RelyingPart client * do not error if OP does not provide a redirect * undo that last change, but noice error returns from EndSession * ioutil.ReadAll, for now
This commit is contained in:
David Sharnoff
GitHub
parent
4e302ca4da
commit
bd47b5ddc4
2 changed files with 49 additions and 0 deletions
|
|
@ -1,7 +1,11 @@
|
||||||
package client
|
package client
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -71,6 +75,40 @@ func callTokenEndpoint(request interface{}, authFn interface{}, caller TokenEndp
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type EndSessionCaller interface {
|
||||||
|
GetEndSessionEndpoint() string
|
||||||
|
HttpClient() *http.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func CallEndSessionEndpoint(request interface{}, authFn interface{}, caller EndSessionCaller) (*url.URL, error) {
|
||||||
|
req, err := httphelper.FormRequest(caller.GetEndSessionEndpoint(), request, Encoder, authFn)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
client := caller.HttpClient()
|
||||||
|
client.CheckRedirect = func(_ *http.Request, _ []*http.Request) error {
|
||||||
|
return http.ErrUseLastResponse
|
||||||
|
}
|
||||||
|
resp, err := client.Do(req)
|
||||||
|
defer resp.Body.Close()
|
||||||
|
if resp.StatusCode < 200 || resp.StatusCode >= 400 {
|
||||||
|
// TODO: switch to io.ReadAll when go1.15 support is retired
|
||||||
|
body, err := ioutil.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return nil, fmt.Errorf("EndSession failure, %d status code: %s", resp.StatusCode, string(body))
|
||||||
|
}
|
||||||
|
location, err := resp.Location()
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, http.ErrNoLocation) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return location, nil
|
||||||
|
}
|
||||||
|
|
||||||
func NewSignerFromPrivateKeyByte(key []byte, keyID string) (jose.Signer, error) {
|
func NewSignerFromPrivateKeyByte(key []byte, keyID string) (jose.Signer, error) {
|
||||||
privateKey, err := crypto.BytesToPrivateKey(key)
|
privateKey, err := crypto.BytesToPrivateKey(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -573,3 +574,13 @@ func RefreshAccessToken(rp RelyingParty, refreshToken, clientAssertion, clientAs
|
||||||
}
|
}
|
||||||
return client.CallTokenEndpoint(request, tokenEndpointCaller{RelyingParty: rp})
|
return client.CallTokenEndpoint(request, tokenEndpointCaller{RelyingParty: rp})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func EndSession(rp RelyingParty, idToken, optionalRedirectURI, optionalState string) (*url.URL, error) {
|
||||||
|
request := oidc.EndSessionRequest{
|
||||||
|
IdTokenHint: idToken,
|
||||||
|
ClientID: rp.OAuthConfig().ClientID,
|
||||||
|
PostLogoutRedirectURI: optionalRedirectURI,
|
||||||
|
State: optionalState,
|
||||||
|
}
|
||||||
|
return client.CallEndSessionEndpoint(request, nil, rp)
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue