cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: encoding of basic auth header values

Browse source
This commit is contained in:
Livio Amstutz 2021-03-05 07:44:37 +01:00
parent 527dd7b604
commit d7d7daab2d
3 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/client/rs/resource_server.go
View file

@ -37,11 +37,11 @@ func (r *resourceServer) AuthFn() (interface{}, error) {
return r.authFn() return r.authFn()
} }
func NewResourceServerClientCredentials(issuer, clientID, clientSecret string, option Option) (ResourceServer, error) { func NewResourceServerClientCredentials(issuer, clientID, clientSecret string, option ...Option) (ResourceServer, error) {
authorizer := func() (interface{}, error) { authorizer := func() (interface{}, error) {
return utils.AuthorizeBasic(clientID, clientSecret), nil return utils.AuthorizeBasic(clientID, clientSecret), nil
} }
return newResourceServer(issuer, authorizer, option) return newResourceServer(issuer, authorizer, option...)
} }
func NewResourceServerJWTProfile(issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error) { func NewResourceServerJWTProfile(issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error) {
signer, err := client.NewSignerFromPrivateKeyByte(key, keyID) signer, err := client.NewSignerFromPrivateKeyByte(key, keyID)

9
pkg/op/token_intospection.go
View file

@ -3,6 +3,7 @@ package op
import ( import (
"errors" "errors"
"net/http" "net/http"
"net/url"
"github.com/caos/oidc/pkg/oidc" "github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/utils" "github.com/caos/oidc/pkg/utils"
@ -68,6 +69,14 @@ func ParseTokenIntrospectionRequest(r *http.Request, introspector Introspector)
} }
clientID, clientSecret, ok := r.BasicAuth() clientID, clientSecret, ok := r.BasicAuth()
if ok { if ok {
clientID, err = url.QueryUnescape(clientID)
if err != nil {
return "", "", errors.New("invalid basic auth header")
}
clientSecret, err = url.QueryUnescape(clientSecret)
if err != nil {
return "", "", errors.New("invalid basic auth header")
}
if err := introspector.Storage().AuthorizeClientIDSecret(r.Context(), clientID, clientSecret); err != nil { if err := introspector.Storage().AuthorizeClientIDSecret(r.Context(), clientID, clientSecret); err != nil {
return "", "", err return "", "", err
} }

2
pkg/utils/http.go
View file

@ -30,7 +30,7 @@ type RequestAuthorization func(*http.Request)
func AuthorizeBasic(user, password string) RequestAuthorization { func AuthorizeBasic(user, password string) RequestAuthorization {
return func(req *http.Request) { return func(req *http.Request) {
req.SetBasicAuth(user, password) req.SetBasicAuth(url.QueryEscape(user), url.QueryEscape(password))
} }
} }