impl
This commit is contained in:
Livio Amstutz
parent
85b71e0867
commit
d1d04295a6
12 changed files with 383 additions and 40 deletions
|
|
@ -10,7 +10,7 @@ import (
|
|||
str_utils "github.com/caos/utils/strings"
|
||||
)
|
||||
|
||||
func ParseAuthRequest(w http.ResponseWriter, r *http.Request) (*oidc.AuthRequest, error) {
|
||||
func Authorize(w http.ResponseWriter, r *http.Request, storage Storage) (*oidc.AuthRequest, error) {
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
return nil, errors.New("Unimplemented") //TODO: impl
|
||||
|
|
@ -22,25 +22,53 @@ func ParseAuthRequest(w http.ResponseWriter, r *http.Request) (*oidc.AuthRequest
|
|||
d.IgnoreUnknownKeys(true)
|
||||
|
||||
err = d.Decode(authReq, r.Form)
|
||||
return authReq, err
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = ValidateAuthRequest(authReq, storage); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = storage.CreateAuthRequest(authReq)
|
||||
if err != nil {
|
||||
//TODO: return err
|
||||
}
|
||||
client, err := storage.GetClientByClientID(authReq.ClientID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
RedirectToLogin(authReq, client, w, r)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func ValidateAuthRequest(authRequest *oidc.AuthRequest, storage Storage) error {
|
||||
|
||||
if err := ValidateRedirectURI(authRequest.RedirectURI, authRequest.ClientID, storage); err != nil {
|
||||
func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error {
|
||||
if err := ValidateAuthReqScopes(authReq.Scopes); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := ValidateAuthReqRedirectURI(authReq.RedirectURI, authReq.ClientID, storage); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
return errors.New("Unimplemented") //TODO: impl https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
|
||||
|
||||
// if NeedsExistingSession(authRequest) {
|
||||
// session, err := storage.CheckSession(authRequest)
|
||||
// if err != nil {
|
||||
// //TODO: return err
|
||||
// //TODO: return err<
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
func ValidateRedirectURI(uri, client_id string, storage Storage) error {
|
||||
func ValidateAuthReqScopes(scopes []string) error {
|
||||
if len(scopes) == 0 {
|
||||
return errors.New("scope missing")
|
||||
}
|
||||
if !str_utils.Contains(scopes, oidc.ScopeOpenID) {
|
||||
return errors.New("scope openid missing")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ValidateAuthReqRedirectURI(uri, client_id string, storage Storage) error {
|
||||
if uri == "" {
|
||||
return errors.New("redirect_uri must not be empty") //TODO:
|
||||
}
|
||||
|
|
@ -53,3 +81,8 @@ func ValidateRedirectURI(uri, client_id string, storage Storage) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func RedirectToLogin(authReq *oidc.AuthRequest, client oidc.Client, w http.ResponseWriter, r *http.Request) {
|
||||
login := client.LoginURL(authReq.ID)
|
||||
http.Redirect(w, r, login, http.StatusFound)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue