* pkg/http: Add `secureCookieFunc` field to CookieHandler.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Add `IsRequestAware` method CookieHandler.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Use `secureCookieFunc` when checking a cookie (if set).
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Error on `SetCookie` if cookie handler is request aware.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Add method to set request aware cookies.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Add function to create a new request aware cookie handler.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/client/rp: Update `trySetStateCookie` function signature.
Use `SetRequestAwareCookie` if the cookie handle is request aware.
This function signature can be updated because it is not exported.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/client/rp: Add `GenerateAndStoreCodeChallengeWithRequest` function.
It's not possible to add a `http.Request` argument to
`GenerateAndStoreCodeChallenge` as this would be a breaking change.
Instead, add a new function that accepts a request argument and call
`SetRequestAwareCookie` here.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/client/rp: Update PKCE logic to pass request if required by cookie handler.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/http: Don't set MaxAge if cookie handler is request aware.
The securecookie field can be nil. Expect the caller to set max age on
the securecookie returned by the secureCookieFunc.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
* pkg/client: Add integration tests for request aware cookie handling.
Adds a new type `cookieSpec` which is accepted as an argument to
`RunAuthorizationCodeFlow`. `TestRelyingPartySession` now runs with
`wrapServer` true/false and with two cookie handlers, one static and one
request aware.
The request aware handler extracts encryption keys from a secret using a
salt from a "login_id" cookie.
Signed-off-by: Mark Laing <mark.laing@canonical.com>
---------
Signed-off-by: Mark Laing <mark.laing@canonical.com>
