cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check if client credential client is authenticated

Browse source
This commit is contained in:
Tim Möhlmann 2023-09-21 12:19:03 +03:00
parent aae3492f7b
commit c98291a6a7
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/op/server_http.go
View file

@ -269,14 +269,17 @@ func (s *webServer) tokenExchangeHandler(w http.ResponseWriter, r *http.Request,
} }
func (s *webServer) clientCredentialsHandler(w http.ResponseWriter, r *http.Request, client Client) { func (s *webServer) clientCredentialsHandler(w http.ResponseWriter, r *http.Request, client Client) {
if client.AuthMethod() == oidc.AuthMethodNone {
err := oidc.ErrInvalidClient().WithDescription("client must be authenticated")
WriteError(w, r, err, s.logger)
return
}
request, err := decodeRequest[oidc.ClientCredentialsRequest](s.decoder, r, false) request, err := decodeRequest[oidc.ClientCredentialsRequest](s.decoder, r, false)
if err != nil { if err != nil {
WriteError(w, r, err, s.logger) WriteError(w, r, err, s.logger)
return return
} }
// TODO: is a public client allowed here?
resp, err := s.server.ClientCredentialsExchange(r.Context(), newClientRequest(r, request, client)) resp, err := s.server.ClientCredentialsExchange(r.Context(), newClientRequest(r, request, client))
if err != nil { if err != nil {
WriteError(w, r, err, s.logger) WriteError(w, r, err, s.logger)