handle request object

2021-10-25 11:53:59 +02:00 · 2021-10-25 11:53:59 +02:00 · f067d723f2
commit f067d723f2
parent 72a9829117
7 changed files with 196 additions and 36 deletions
--- a/pkg/oidc/authorization.go
+++ b/pkg/oidc/authorization.go
@ -59,27 +59,28 @@ const (
 //AuthRequest according to:
 //https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 type AuthRequest struct {
-	ID           string
-	Scopes       SpaceDelimitedArray `schema:"scope"`
-	ResponseType ResponseType        `schema:"response_type"`
-	ClientID     string              `schema:"client_id"`
-	RedirectURI  string              `schema:"redirect_uri"` //TODO: type
+	Scopes       SpaceDelimitedArray `json:"scope" schema:"scope"`
+	ResponseType ResponseType        `json:"response_type" schema:"response_type"`
+	ClientID     string              `json:"client_id" schema:"client_id"`
+	RedirectURI  string              `json:"redirect_uri" schema:"redirect_uri"`

-	State string `schema:"state"`
+	State string `json:"state" schema:"state"`
+	Nonce string `json:"nonce" schema:"nonce"`

-	// ResponseMode TODO: ?
+	ResponseMode ResponseMode        `json:"response_mode" schema:"response_mode"`
+	Display      Display             `json:"display" schema:"display"`
+	Prompt       SpaceDelimitedArray `json:"prompt" schema:"prompt"`
+	MaxAge       *uint               `json:"max_age" schema:"max_age"`
+	UILocales    Locales             `json:"ui_locales" schema:"ui_locales"`
+	IDTokenHint  string              `json:"id_token_hint" schema:"id_token_hint"`
+	LoginHint    string              `json:"login_hint" schema:"login_hint"`
+	ACRValues    []string            `json:"acr_values" schema:"acr_values"`

-	Nonce       string              `schema:"nonce"`
-	Display     Display             `schema:"display"`
-	Prompt      SpaceDelimitedArray `schema:"prompt"`
-	MaxAge      *uint               `schema:"max_age"`
-	UILocales   Locales             `schema:"ui_locales"`
-	IDTokenHint string              `schema:"id_token_hint"`
-	LoginHint   string              `schema:"login_hint"`
-	ACRValues   []string            `schema:"acr_values"`
+	CodeChallenge       string              `json:"code_challenge" schema:"code_challenge"`
+	CodeChallengeMethod CodeChallengeMethod `json:"code_challenge_method" schema:"code_challenge_method"`

-	CodeChallenge       string              `schema:"code_challenge"`
-	CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"`
+	//RequestParam enables OIDC requests to be passed in a single, self-contained parameter (as JWT, called Request Object)
+	RequestParam string `schema:"request"`
 }

 //GetRedirectURI returns the redirect_uri value for the ErrAuthRequest interface
--- a/pkg/oidc/error.go
+++ b/pkg/oidc/error.go
@ -64,6 +64,7 @@ const (
 	ServerError          errorType = "server_error"
 	InteractionRequired  errorType = "interaction_required"
 	LoginRequired        errorType = "login_required"
+	RequestNotSupported  errorType = "request_not_supported"
 )

 var (
@ -118,6 +119,11 @@ var (
 			ErrorType: LoginRequired,
 		}
 	}
+	ErrRequestNotSupported = func() *Error {
+		return &Error{
+			ErrorType: RequestNotSupported,
+		}
+	}
 )

 // DefaultToServerError checks if the error is an Error
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -6,6 +6,7 @@ import (
 	"time"

 	"golang.org/x/text/language"
+	"gopkg.in/square/go-jose.v2"
 )

 type Audience []string
@ -106,3 +107,16 @@ func (t *Time) UnmarshalJSON(data []byte) error {
 func (t *Time) MarshalJSON() ([]byte, error) {
 	return json.Marshal(time.Time(*t).UTC().Unix())
 }
+
+type RequestObject struct {
+	Issuer   string   `json:"iss"`
+	Audience Audience `json:"aud"`
+	AuthRequest
+}
+
+func (r *RequestObject) GetIssuer() string {
+	return r.Issuer
+}
+
+func (r *RequestObject) SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm) {
+}