feat(rp): extend tracing
This commit is contained in:
parent
e3e48882df
commit
d18aba8cb3
18 changed files with 198 additions and 7 deletions
|
@ -70,12 +70,16 @@ func authorizeCallbackHandler(authorizer Authorizer) func(http.ResponseWriter, *
|
|||
// Authorize handles the authorization request, including
|
||||
// parsing, validating, storing and finally redirecting to the login handler
|
||||
func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
|
||||
ctx, span := tracer.Start(r.Context(), "Authorize")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
authReq, err := ParseAuthorizeRequest(r, authorizer.Decoder())
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, nil, err, authorizer)
|
||||
return
|
||||
}
|
||||
ctx := r.Context()
|
||||
ctx = r.Context()
|
||||
if authReq.RequestParam != "" && authorizer.RequestObjectSupported() {
|
||||
err = ParseRequestObject(ctx, authReq, authorizer.Storage(), IssuerFromContext(ctx))
|
||||
if err != nil {
|
||||
|
@ -210,6 +214,9 @@ func CopyRequestObjectToAuthRequest(authReq *oidc.AuthRequest, requestObject *oi
|
|||
|
||||
// ValidateAuthRequest validates the authorize parameters and returns the userID of the id_token_hint if passed
|
||||
func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage Storage, verifier *IDTokenHintVerifier) (sub string, err error) {
|
||||
ctx, span := tracer.Start(ctx, "ValidateAuthRequest")
|
||||
defer span.End()
|
||||
|
||||
authReq.MaxAge, err = ValidateAuthReqPrompt(authReq.Prompt, authReq.MaxAge)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
@ -310,7 +317,7 @@ func ValidateAuthReqRedirectURI(client Client, uri string, responseType oidc.Res
|
|||
return checkURIAgainstRedirects(client, uri)
|
||||
}
|
||||
if client.ApplicationType() == ApplicationTypeNative {
|
||||
return validateAuthReqRedirectURINative(client, uri, responseType)
|
||||
return validateAuthReqRedirectURINative(client, uri)
|
||||
}
|
||||
if err := checkURIAgainstRedirects(client, uri); err != nil {
|
||||
return err
|
||||
|
@ -330,7 +337,7 @@ func ValidateAuthReqRedirectURI(client Client, uri string, responseType oidc.Res
|
|||
}
|
||||
|
||||
// ValidateAuthReqRedirectURINative validates the passed redirect_uri and response_type to the registered uris and client type
|
||||
func validateAuthReqRedirectURINative(client Client, uri string, responseType oidc.ResponseType) error {
|
||||
func validateAuthReqRedirectURINative(client Client, uri string) error {
|
||||
parsedURL, isLoopback := HTTPLoopbackOrLocalhost(uri)
|
||||
isCustomSchema := !strings.HasPrefix(uri, "http://")
|
||||
if err := checkURIAgainstRedirects(client, uri); err == nil {
|
||||
|
@ -362,8 +369,8 @@ func equalURI(url1, url2 *url.URL) bool {
|
|||
return url1.Path == url2.Path && url1.RawQuery == url2.RawQuery
|
||||
}
|
||||
|
||||
func HTTPLoopbackOrLocalhost(rawurl string) (*url.URL, bool) {
|
||||
parsedURL, err := url.Parse(rawurl)
|
||||
func HTTPLoopbackOrLocalhost(rawURL string) (*url.URL, bool) {
|
||||
parsedURL, err := url.Parse(rawURL)
|
||||
if err != nil {
|
||||
return nil, false
|
||||
}
|
||||
|
@ -409,6 +416,10 @@ func RedirectToLogin(authReqID string, client Client, w http.ResponseWriter, r *
|
|||
|
||||
// AuthorizeCallback handles the callback after authentication in the Login UI
|
||||
func AuthorizeCallback(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
|
||||
ctx, span := tracer.Start(r.Context(), "AuthorizeCallback")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
id, err := ParseAuthorizeCallbackRequest(r)
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, nil, err, authorizer)
|
||||
|
@ -441,6 +452,10 @@ func ParseAuthorizeCallbackRequest(r *http.Request) (id string, err error) {
|
|||
|
||||
// AuthResponse creates the successful authentication response (either code or tokens)
|
||||
func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request) {
|
||||
ctx, span := tracer.Start(r.Context(), "ValidateAuthRequest")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
client, err := authorizer.Storage().GetClientByClientID(r.Context(), authReq.GetClientID())
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, authReq, err, authorizer)
|
||||
|
@ -455,6 +470,10 @@ func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWri
|
|||
|
||||
// AuthResponseCode creates the successful code authentication response
|
||||
func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer) {
|
||||
ctx, span := tracer.Start(r.Context(), "AuthResponseCode")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
code, err := CreateAuthRequestCode(r.Context(), authReq, authorizer.Storage(), authorizer.Crypto())
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, authReq, err, authorizer)
|
||||
|
@ -519,6 +538,9 @@ func AuthResponseToken(w http.ResponseWriter, r *http.Request, authReq AuthReque
|
|||
|
||||
// CreateAuthRequestCode creates and stores a code for the auth code response
|
||||
func CreateAuthRequestCode(ctx context.Context, authReq AuthRequest, storage Storage, crypto Crypto) (string, error) {
|
||||
ctx, span := tracer.Start(ctx, "CreateAuthRequestCode")
|
||||
defer span.End()
|
||||
|
||||
code, err := BuildAuthRequestCode(authReq, crypto)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue