cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(op): Add response_mode: form_post

Browse source
This commit is contained in:
Ayato 2024-02-25 02:22:26 +09:00
parent f4bbffb51b
commit ed9ed83bc8
No known key found for this signature in database
GPG key ID: 56E05AE09DBA012D
4 changed files with 99 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

56
pkg/op/auth_request.go
View file

@ -2,8 +2,10 @@ package op
import (
"context"
_ "embed"
"errors"
"fmt"
"html/template"
"net"
"net/http"
"net/url"
@ -464,6 +466,17 @@ func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthReques
Code: code,
State: authReq.GetState(),
}
if authReq.GetResponseMode() == oidc.ResponseModeFormPost {
err = AuthResponseFormPost(w, authReq.GetRedirectURI(), &codeResponse, authorizer.Encoder())
if err != nil {
AuthRequestError(w, r, authReq, err, authorizer)
return
}
return
}
callback, err := AuthResponseURL(authReq.GetRedirectURI(), authReq.GetResponseType(), authReq.GetResponseMode(), &codeResponse, authorizer.Encoder())
if err != nil {
AuthRequestError(w, r, authReq, err, authorizer)
@ -484,6 +497,17 @@ func AuthResponseToken(w http.ResponseWriter, r *http.Request, authReq AuthReque
AuthRequestError(w, r, authReq, err, authorizer)
return
}
if authReq.GetResponseMode() == oidc.ResponseModeFormPost {
err = AuthResponseFormPost(w, authReq.GetRedirectURI(), resp, authorizer.Encoder())
if err != nil {
AuthRequestError(w, r, authReq, err, authorizer)
return
}
return
}
callback, err := AuthResponseURL(authReq.GetRedirectURI(), authReq.GetResponseType(), authReq.GetResponseMode(), resp, authorizer.Encoder())
if err != nil {
AuthRequestError(w, r, authReq, err, authorizer)
@ -535,6 +559,38 @@ func AuthResponseURL(redirectURI string, responseType oidc.ResponseType, respons
return mergeQueryParams(uri, params), nil
}
//go:embed form_post.html.tmpl
var formPostTemplate string
// AuthResponseFormPost responds a html page that automatically submits the form which contains the auth response parameters
func AuthResponseFormPost(w http.ResponseWriter, redirectURI string, response any, encoder httphelper.Encoder) error {
t, err := template.New("form_post").Parse(formPostTemplate)
if err != nil {
return oidc.ErrServerError().WithParent(err)
}
values := make(map[string][]string)
err = encoder.Encode(response, values)
if err != nil {
return oidc.ErrServerError().WithParent(err)
}
params := &struct {
RedirectURI string
Params any
}{
RedirectURI: redirectURI,
Params: values,
}
err = t.Execute(w, params)
if err != nil {
return oidc.ErrServerError().WithParent(err)
}
return nil
}
func setFragment(uri *url.URL, params url.Values) string {
uri.Fragment = params.Encode()
return uri.String()