Compare commits
48 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 653b807f5d | |||
| 29d69ca2e0 | |||
| 53c4d07b45 | |||
| 154fbe6420 | |||
|
d6e37fa741 | ||
|
|
8e1e5174fd | ||
|
|
5618487a88 | ||
|
|
187878de63 | ||
|
|
e127c66db2 | ||
|
e1415ef2f3 | ||
|
f94bd541d7 | ||
|
|
7d57aaa999 | ||
|
|
668fb0d37a | ||
|
|
4ed4d257ab | ||
|
4f0ed79c0a | ||
|
5913c5a074 | ||
|
|
b917cdc2e3 | ||
|
|
cb3ec3ac5f | ||
|
|
7cc5fb6568 | ||
|
|
92972fd30f | ||
|
|
c51628ea27 | ||
|
|
7096406e71 | ||
|
|
c91db9e47b | ||
|
f648c61cab | ||
|
30acdaf63a | ||
|
|
aeda5d7178 | ||
|
|
f3ee647005 | ||
|
|
c401ad6cb8 | ||
|
|
2c64de821d | ||
|
efd6fdad7a | ||
|
7a767d8568 | ||
|
|
eb2f912c5e | ||
|
|
6a80712fbe | ||
|
4ef9529012 | ||
|
eb98343a65 | ||
|
add254f60c | ||
|
|
b1e5aca629 | ||
|
|
c03a8c59ca | ||
|
|
37dd41e49b | ||
|
|
03e5ff8345 | ||
|
|
c3c1bd3a40 | ||
|
|
0d46df908e | ||
|
|
4250aad1f7 | ||
|
|
8c9a536058 | ||
|
|
24c96c361d | ||
|
de2fd41f40 | ||
|
|
867a4806fd | ||
|
|
1f6a0d5d89 |
117 changed files with 1019 additions and 406 deletions
|
|
@ -2,6 +2,7 @@ name: Bug Report
|
|||
description: "Create a bug report to help us improve ZITADEL. Click [here](https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#product-management) to see how we process your issue."
|
||||
title: "[Bug]: "
|
||||
labels: ["bug"]
|
||||
type: Bug
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
name: 📄 Documentation
|
||||
description: Create an issue for missing or wrong documentation.
|
||||
labels: ["docs"]
|
||||
type: task
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
|
|
@ -1,11 +1,12 @@
|
|||
name: 🛠️ Improvement
|
||||
description: "Create an new issue for an improvment in ZITADEL"
|
||||
labels: ["improvement"]
|
||||
labels: ["enhancement"]
|
||||
type: enhancement
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
Thanks for taking the time to fill out this improvement request
|
||||
Thanks for taking the time to fill out this proposal / feature reqeust
|
||||
- type: checkboxes
|
||||
id: preflight
|
||||
attributes:
|
||||
|
|
@ -14,11 +14,11 @@ on:
|
|||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-24.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
go: ['1.21', '1.22', '1.23']
|
||||
go: ['1.23', '1.24']
|
||||
name: Go ${{ matrix.go }} test
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
|
@ -27,12 +27,12 @@ jobs:
|
|||
with:
|
||||
go-version: ${{ matrix.go }}
|
||||
- run: go test -race -v -coverprofile=profile.cov -coverpkg=./pkg/... ./pkg/...
|
||||
- uses: codecov/codecov-action@v5.1.2
|
||||
- uses: codecov/codecov-action@v5.4.3
|
||||
with:
|
||||
file: ./profile.cov
|
||||
name: codecov-go
|
||||
release:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-24.04
|
||||
needs: [test]
|
||||
if: ${{ github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/next' }}
|
||||
env:
|
||||
44
.github/ISSUE_TEMPLATE/proposal.yaml
vendored
44
.github/ISSUE_TEMPLATE/proposal.yaml
vendored
|
|
@ -1,44 +0,0 @@
|
|||
name: 💡 Proposal / Feature request
|
||||
description: "Create an issue for a feature request/proposal."
|
||||
labels: ["enhancement"]
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
Thanks for taking the time to fill out this proposal / feature reqeust
|
||||
- type: checkboxes
|
||||
id: preflight
|
||||
attributes:
|
||||
label: Preflight Checklist
|
||||
options:
|
||||
- label:
|
||||
I could not find a solution in the existing issues, docs, nor discussions
|
||||
required: true
|
||||
- label:
|
||||
I have joined the [ZITADEL chat](https://zitadel.com/chat)
|
||||
- type: textarea
|
||||
id: problem
|
||||
attributes:
|
||||
label: Describe your problem
|
||||
description: Please describe your problem this proposal / feature is supposed to solve.
|
||||
placeholder: Describe the problem you have.
|
||||
validations:
|
||||
required: true
|
||||
- type: textarea
|
||||
id: solution
|
||||
attributes:
|
||||
label: Describe your ideal solution
|
||||
description: Which solution do you propose?
|
||||
placeholder: As a [type of user], I want [some goal] so that [some reason].
|
||||
validations:
|
||||
required: true
|
||||
- type: input
|
||||
id: version
|
||||
attributes:
|
||||
label: Version
|
||||
description: Which version of the OIDC Library are you using.
|
||||
- type: textarea
|
||||
id: additional
|
||||
attributes:
|
||||
label: Additional Context
|
||||
description: Please add any other infos that could be useful.
|
||||
|
|
@ -156,10 +156,9 @@ Versions that also build are marked with :warning:.
|
|||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| <1.21 | :x: |
|
||||
| 1.21 | :warning: |
|
||||
| 1.22 | :white_check_mark: |
|
||||
| <1.23 | :x: |
|
||||
| 1.23 | :white_check_mark: |
|
||||
| 1.24 | :white_check_mark: |
|
||||
|
||||
## Why another library
|
||||
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ import (
|
|||
"github.com/go-chi/chi/v5"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rs"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rs"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -14,10 +14,10 @@ import (
|
|||
"github.com/google/uuid"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/logging"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -45,8 +45,8 @@ import (
|
|||
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ import (
|
|||
"golang.org/x/oauth2"
|
||||
githubOAuth "golang.org/x/oauth2/github"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp/cli"
|
||||
"github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp/cli"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/profile"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/profile"
|
||||
)
|
||||
|
||||
var client = http.DefaultClient
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import (
|
|||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ import (
|
|||
"github.com/go-chi/chi/v5"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -8,10 +8,10 @@ import (
|
|||
"net/http"
|
||||
"net/url"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/gorilla/securecookie"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
type deviceAuthenticate interface {
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
type login struct {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import (
|
|||
"github.com/zitadel/logging"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
|
||||
"github.com/zitadel/oidc/v3/example/server/config"
|
||||
"github.com/zitadel/oidc/v3/example/server/exampleop"
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/config"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/exampleop"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
)
|
||||
|
||||
func getUserStore(cfg *config.Config) (storage.UserStore, error) {
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ package storage
|
|||
import (
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -164,6 +164,15 @@ func authRequestToInternal(authReq *oidc.AuthRequest, userID string) *AuthReques
|
|||
}
|
||||
}
|
||||
|
||||
type AuthRequestWithSessionState struct {
|
||||
*AuthRequest
|
||||
SessionState string
|
||||
}
|
||||
|
||||
func (a *AuthRequestWithSessionState) GetSessionState() string {
|
||||
return a.SessionState
|
||||
}
|
||||
|
||||
type OIDCCodeChallenge struct {
|
||||
Challenge string
|
||||
Method string
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ import (
|
|||
jose "github.com/go-jose/go-jose/v4"
|
||||
"github.com/google/uuid"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// serviceKey1 is a public key which will be used for the JWT Profile Authorization Grant
|
||||
|
|
@ -151,6 +151,9 @@ func (s *Storage) CheckUsernamePassword(username, password, id string) error {
|
|||
// in this example we'll simply check the username / password and set a boolean to true
|
||||
// therefore we will also just check this boolean if the request / login has been finished
|
||||
request.done = true
|
||||
|
||||
request.authTime = time.Now()
|
||||
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("username or password wrong")
|
||||
|
|
@ -295,15 +298,19 @@ func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.T
|
|||
|
||||
// if we get here, the currentRefreshToken was not empty, so the call is a refresh token request
|
||||
// we therefore will have to check the currentRefreshToken and renew the refresh token
|
||||
refreshToken, refreshTokenID, err := s.renewRefreshToken(currentRefreshToken)
|
||||
|
||||
newRefreshToken = uuid.NewString()
|
||||
|
||||
accessToken, err := s.accessToken(applicationID, newRefreshToken, request.GetSubject(), request.GetAudience(), request.GetScopes())
|
||||
if err != nil {
|
||||
return "", "", time.Time{}, err
|
||||
}
|
||||
accessToken, err := s.accessToken(applicationID, refreshTokenID, request.GetSubject(), request.GetAudience(), request.GetScopes())
|
||||
if err != nil {
|
||||
|
||||
if err := s.renewRefreshToken(currentRefreshToken, newRefreshToken, accessToken.ID); err != nil {
|
||||
return "", "", time.Time{}, err
|
||||
}
|
||||
return accessToken.ID, refreshToken, accessToken.Expiration, nil
|
||||
|
||||
return accessToken.ID, newRefreshToken, accessToken.Expiration, nil
|
||||
}
|
||||
|
||||
func (s *Storage) exchangeRefreshToken(ctx context.Context, request op.TokenExchangeRequest) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) {
|
||||
|
|
@ -385,14 +392,9 @@ func (s *Storage) RevokeToken(ctx context.Context, tokenIDOrToken string, userID
|
|||
if refreshToken.ApplicationID != clientID {
|
||||
return oidc.ErrInvalidClient().WithDescription("token was not issued for this client")
|
||||
}
|
||||
// if it is a refresh token, you will have to remove the access token as well
|
||||
delete(s.refreshTokens, refreshToken.ID)
|
||||
for _, accessToken := range s.tokens {
|
||||
if accessToken.RefreshTokenID == refreshToken.ID {
|
||||
delete(s.tokens, accessToken.ID)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
// if it is a refresh token, you will have to remove the access token as well
|
||||
delete(s.tokens, refreshToken.AccessToken)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -488,6 +490,9 @@ func (s *Storage) SetUserinfoFromToken(ctx context.Context, userinfo *oidc.UserI
|
|||
// return err
|
||||
// }
|
||||
//}
|
||||
if token.Expiration.Before(time.Now()) {
|
||||
return fmt.Errorf("token is expired")
|
||||
}
|
||||
return s.setUserinfo(ctx, userinfo, token.Subject, token.ApplicationID, token.Scopes)
|
||||
}
|
||||
|
||||
|
|
@ -594,33 +599,41 @@ func (s *Storage) createRefreshToken(accessToken *Token, amr []string, authTime
|
|||
Audience: accessToken.Audience,
|
||||
Expiration: time.Now().Add(5 * time.Hour),
|
||||
Scopes: accessToken.Scopes,
|
||||
AccessToken: accessToken.ID,
|
||||
}
|
||||
s.refreshTokens[token.ID] = token
|
||||
return token.Token, nil
|
||||
}
|
||||
|
||||
// renewRefreshToken checks the provided refresh_token and creates a new one based on the current
|
||||
func (s *Storage) renewRefreshToken(currentRefreshToken string) (string, string, error) {
|
||||
//
|
||||
// [Refresh Token Rotation] is implemented.
|
||||
//
|
||||
// [Refresh Token Rotation]: https://www.rfc-editor.org/rfc/rfc6819#section-5.2.2.3
|
||||
func (s *Storage) renewRefreshToken(currentRefreshToken, newRefreshToken, newAccessToken string) error {
|
||||
s.lock.Lock()
|
||||
defer s.lock.Unlock()
|
||||
refreshToken, ok := s.refreshTokens[currentRefreshToken]
|
||||
if !ok {
|
||||
return "", "", fmt.Errorf("invalid refresh token")
|
||||
return fmt.Errorf("invalid refresh token")
|
||||
}
|
||||
// deletes the refresh token and all access tokens which were issued based on this refresh token
|
||||
// deletes the refresh token
|
||||
delete(s.refreshTokens, currentRefreshToken)
|
||||
for _, token := range s.tokens {
|
||||
if token.RefreshTokenID == currentRefreshToken {
|
||||
delete(s.tokens, token.ID)
|
||||
break
|
||||
}
|
||||
|
||||
// delete the access token which was issued based on this refresh token
|
||||
delete(s.tokens, refreshToken.AccessToken)
|
||||
|
||||
if refreshToken.Expiration.Before(time.Now()) {
|
||||
return fmt.Errorf("expired refresh token")
|
||||
}
|
||||
|
||||
// creates a new refresh token based on the current one
|
||||
token := uuid.NewString()
|
||||
refreshToken.Token = token
|
||||
refreshToken.ID = token
|
||||
s.refreshTokens[token] = refreshToken
|
||||
return token, refreshToken.ID, nil
|
||||
refreshToken.Token = newRefreshToken
|
||||
refreshToken.ID = newRefreshToken
|
||||
refreshToken.Expiration = time.Now().Add(5 * time.Hour)
|
||||
refreshToken.AccessToken = newAccessToken
|
||||
s.refreshTokens[newRefreshToken] = refreshToken
|
||||
return nil
|
||||
}
|
||||
|
||||
// accessToken will store an access_token in-memory based on the provided information
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
type multiStorage struct {
|
||||
|
|
|
|||
|
|
@ -22,4 +22,5 @@ type RefreshToken struct {
|
|||
ApplicationID string
|
||||
Expiration time.Time
|
||||
Scopes []string
|
||||
AccessToken string // Token.ID
|
||||
}
|
||||
|
|
|
|||
26
go.mod
26
go.mod
|
|
@ -1,11 +1,13 @@
|
|||
module github.com/zitadel/oidc/v3
|
||||
module git.christmann.info/LARA/zitadel-oidc/v3
|
||||
|
||||
go 1.21
|
||||
go 1.23.7
|
||||
|
||||
toolchain go1.24.1
|
||||
|
||||
require (
|
||||
github.com/bmatcuk/doublestar/v4 v4.7.1
|
||||
github.com/go-chi/chi/v5 v5.2.0
|
||||
github.com/go-jose/go-jose/v4 v4.0.4
|
||||
github.com/bmatcuk/doublestar/v4 v4.8.1
|
||||
github.com/go-chi/chi/v5 v5.2.1
|
||||
github.com/go-jose/go-jose/v4 v4.0.5
|
||||
github.com/golang/mock v1.6.0
|
||||
github.com/google/go-github/v31 v31.0.0
|
||||
github.com/google/uuid v1.6.0
|
||||
|
|
@ -16,11 +18,11 @@ require (
|
|||
github.com/rs/cors v1.11.1
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/stretchr/testify v1.10.0
|
||||
github.com/zitadel/logging v0.6.1
|
||||
github.com/zitadel/schema v1.3.0
|
||||
github.com/zitadel/logging v0.6.2
|
||||
github.com/zitadel/schema v1.3.1
|
||||
go.opentelemetry.io/otel v1.29.0
|
||||
golang.org/x/oauth2 v0.24.0
|
||||
golang.org/x/text v0.21.0
|
||||
golang.org/x/oauth2 v0.30.0
|
||||
golang.org/x/text v0.26.0
|
||||
)
|
||||
|
||||
require (
|
||||
|
|
@ -31,8 +33,8 @@ require (
|
|||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
go.opentelemetry.io/otel/metric v1.29.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.29.0 // indirect
|
||||
golang.org/x/crypto v0.31.0 // indirect
|
||||
golang.org/x/net v0.33.0 // indirect
|
||||
golang.org/x/sys v0.28.0 // indirect
|
||||
golang.org/x/crypto v0.36.0 // indirect
|
||||
golang.org/x/net v0.38.0 // indirect
|
||||
golang.org/x/sys v0.31.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
|
|
|||
44
go.sum
44
go.sum
|
|
@ -1,12 +1,12 @@
|
|||
github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q=
|
||||
github.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
|
||||
github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38=
|
||||
github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/go-chi/chi/v5 v5.2.0 h1:Aj1EtB0qR2Rdo2dG4O94RIU35w2lvQSj6BRA4+qwFL0=
|
||||
github.com/go-chi/chi/v5 v5.2.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
|
||||
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
|
||||
github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
|
||||
github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
|
||||
github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
|
||||
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
|
||||
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
|
||||
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
|
|
@ -50,10 +50,10 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
|||
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
github.com/zitadel/logging v0.6.1 h1:Vyzk1rl9Kq9RCevcpX6ujUaTYFX43aa4LkvV1TvUk+Y=
|
||||
github.com/zitadel/logging v0.6.1/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
|
||||
github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
|
||||
github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
|
||||
github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU=
|
||||
github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
|
||||
github.com/zitadel/schema v1.3.1 h1:QT3kwiRIRXXLVAs6gCK/u044WmUVh6IlbLXUsn6yRQU=
|
||||
github.com/zitadel/schema v1.3.1/go.mod h1:071u7D2LQacy1HAN+YnMd/mx1qVE2isb0Mjeqg46xnU=
|
||||
go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
|
||||
go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
|
||||
go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
|
||||
|
|
@ -62,19 +62,19 @@ go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt3
|
|||
go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
|
||||
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
|
||||
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
|
||||
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
|
||||
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
|
||||
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
|
||||
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
|
||||
golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
|
||||
golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
|
||||
golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
|
|
@ -83,13 +83,13 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
|
||||
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
|
||||
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
|
||||
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
|
||||
golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
|
||||
golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
|
|
@ -101,8 +101,8 @@ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9Ywl
|
|||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
var custom = map[string]any{
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@ import (
|
|||
"errors"
|
||||
"time"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// KeySet implements oidc.Keys
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ import (
|
|||
"go.opentelemetry.io/otel"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ import (
|
|||
"net/http"
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func TestDiscover(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -23,14 +23,14 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/example/server/exampleop"
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rs"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/tokenexchange"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/exampleop"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rs"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/tokenexchange"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
var Logger = slog.New(
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// JWTProfileExchange handles the oauth2 jwt profile exchange
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package client
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -24,7 +24,7 @@ type KeyFile struct {
|
|||
}
|
||||
|
||||
func ConfigFromKeyFile(path string) (*KeyFile, error) {
|
||||
data, err := ioutil.ReadFile(path)
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import (
|
|||
jose "github.com/go-jose/go-jose/v4"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type TokenSource interface {
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"net/http"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package rp
|
||||
|
||||
import (
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc/grants/tokenexchange"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc/grants/tokenexchange"
|
||||
)
|
||||
|
||||
// DelegationTokenRequest is an implementation of TokenExchangeRequest
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func newDeviceClientCredentialsRequest(scopes []string, rp RelyingParty) (*oidc.ClientCredentialsRequest, error) {
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func NewRemoteKeySet(client *http.Client, jwksURL string, opts ...func(*remoteKeySet)) oidc.KeySet {
|
||||
|
|
|
|||
|
|
@ -14,10 +14,10 @@ import (
|
|||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/clientcredentials"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/logging"
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -5,10 +5,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc/grants/tokenexchange"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc/grants/tokenexchange"
|
||||
)
|
||||
|
||||
// TokenExchangeRP extends the `RelyingParty` interface for the *draft* oauth2 `Token Exchange`
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type UserInfo struct {
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// VerifyTokens implement the Token Response Validation as defined in OIDC specification
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func TestVerifyTokens(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rp"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// MyCustomClaims extends the TokenClaims base,
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client/rs"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client/rs"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type IntrospectionResponse struct {
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ import (
|
|||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type ResourceServer interface {
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func TestNewResourceServer(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@ import (
|
|||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/go-jose/go-jose/v4"
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type TokenExchanger interface {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import (
|
|||
"github.com/go-jose/go-jose/v4"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
zcrypto "github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
zcrypto "git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
)
|
||||
|
||||
func TestBytesToPrivateKey(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
var DefaultHTTPClient = &http.Client{
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package oidc
|
|||
import (
|
||||
"crypto/sha256"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -133,6 +133,7 @@ type Error struct {
|
|||
ErrorType errorType `json:"error" schema:"error"`
|
||||
Description string `json:"error_description,omitempty" schema:"error_description,omitempty"`
|
||||
State string `json:"state,omitempty" schema:"state,omitempty"`
|
||||
SessionState string `json:"session_state,omitempty" schema:"session_state,omitempty"`
|
||||
redirectDisabled bool `schema:"-"`
|
||||
returnParent bool `schema:"-"`
|
||||
}
|
||||
|
|
@ -142,11 +143,13 @@ func (e *Error) MarshalJSON() ([]byte, error) {
|
|||
Error errorType `json:"error"`
|
||||
ErrorDescription string `json:"error_description,omitempty"`
|
||||
State string `json:"state,omitempty"`
|
||||
SessionState string `json:"session_state,omitempty"`
|
||||
Parent string `json:"parent,omitempty"`
|
||||
}{
|
||||
Error: e.ErrorType,
|
||||
ErrorDescription: e.Description,
|
||||
State: e.State,
|
||||
SessionState: e.SessionState,
|
||||
}
|
||||
if e.returnParent {
|
||||
m.Parent = e.Parent.Error()
|
||||
|
|
@ -176,7 +179,8 @@ func (e *Error) Is(target error) bool {
|
|||
}
|
||||
return e.ErrorType == t.ErrorType &&
|
||||
(e.Description == t.Description || t.Description == "") &&
|
||||
(e.State == t.State || t.State == "")
|
||||
(e.State == t.State || t.State == "") &&
|
||||
(e.SessionState == t.SessionState || t.SessionState == "")
|
||||
}
|
||||
|
||||
func (e *Error) WithParent(err error) *Error {
|
||||
|
|
@ -242,6 +246,9 @@ func (e *Error) LogValue() slog.Value {
|
|||
if e.State != "" {
|
||||
attrs = append(attrs, slog.String("state", e.State))
|
||||
}
|
||||
if e.SessionState != "" {
|
||||
attrs = append(attrs, slog.String("session_state", e.SessionState))
|
||||
}
|
||||
if e.redirectDisabled {
|
||||
attrs = append(attrs, slog.Bool("redirect_disabled", e.redirectDisabled))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
package oidc
|
||||
|
||||
// EndSessionRequest for the RP-Initiated Logout according to:
|
||||
//https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
|
||||
// https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
|
||||
type EndSessionRequest struct {
|
||||
IdTokenHint string `schema:"id_token_hint"`
|
||||
LogoutHint string `schema:"logout_hint"`
|
||||
ClientID string `schema:"client_id"`
|
||||
PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
|
||||
State string `schema:"state"`
|
||||
UILocales Locales `schema:"ui_locales"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import (
|
|||
|
||||
"github.com/muhlemmer/gu"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package oidc
|
|||
import (
|
||||
"database/sql/driver"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
|
@ -34,6 +35,17 @@ func (a *Audience) UnmarshalJSON(text []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (a *Audience) MarshalJSON() ([]byte, error) {
|
||||
len := len(*a)
|
||||
if len > 1 {
|
||||
return json.Marshal(*a)
|
||||
} else if len == 1 {
|
||||
return json.Marshal((*a)[0])
|
||||
}
|
||||
|
||||
return nil, errors.New("aud is empty")
|
||||
}
|
||||
|
||||
type Display string
|
||||
|
||||
func (d *Display) UnmarshalText(text []byte) error {
|
||||
|
|
@ -77,16 +89,25 @@ func (l *Locale) MarshalJSON() ([]byte, error) {
|
|||
}
|
||||
|
||||
// UnmarshalJSON implements json.Unmarshaler.
|
||||
// All unmarshal errors for are ignored.
|
||||
// When an error is encountered, the containing tag will be set
|
||||
// When [language.ValueError] is encountered, the containing tag will be set
|
||||
// to an empty value (language "und") and no error will be returned.
|
||||
// This state can be checked with the `l.Tag().IsRoot()` method.
|
||||
func (l *Locale) UnmarshalJSON(data []byte) error {
|
||||
err := json.Unmarshal(data, &l.tag)
|
||||
if err != nil {
|
||||
l.tag = language.Tag{}
|
||||
}
|
||||
if len(data) == 0 || string(data) == "\"\"" {
|
||||
return nil
|
||||
}
|
||||
err := json.Unmarshal(data, &l.tag)
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// catch "well-formed but unknown" errors
|
||||
var target language.ValueError
|
||||
if errors.As(err, &target) {
|
||||
l.tag = language.Tag{}
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
type Locales []language.Tag
|
||||
|
|
@ -105,6 +126,14 @@ func ParseLocales(locales []string) Locales {
|
|||
return out
|
||||
}
|
||||
|
||||
func (l Locales) String() string {
|
||||
tags := make([]string, len(l))
|
||||
for i, tag := range l {
|
||||
tags[i] = tag.String()
|
||||
}
|
||||
return strings.Join(tags, " ")
|
||||
}
|
||||
|
||||
// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
|
||||
// It decodes an unquoted space seperated string into Locales.
|
||||
// Undefined language tags in the input are ignored and ommited from
|
||||
|
|
@ -221,6 +250,9 @@ func NewEncoder() *schema.Encoder {
|
|||
e.RegisterEncoder(SpaceDelimitedArray{}, func(value reflect.Value) string {
|
||||
return value.Interface().(SpaceDelimitedArray).String()
|
||||
})
|
||||
e.RegisterEncoder(Locales{}, func(value reflect.Value) string {
|
||||
return value.Interface().(Locales).String()
|
||||
})
|
||||
return e
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -217,6 +217,30 @@ func TestLocale_UnmarshalJSON(t *testing.T) {
|
|||
want dst
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "value not present",
|
||||
input: `{}`,
|
||||
wantErr: false,
|
||||
want: dst{
|
||||
Locale: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "null",
|
||||
input: `{"locale": null}`,
|
||||
wantErr: false,
|
||||
want: dst{
|
||||
Locale: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "empty, ignored",
|
||||
input: `{"locale": ""}`,
|
||||
wantErr: false,
|
||||
want: dst{
|
||||
Locale: &Locale{},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "afrikaans, ok",
|
||||
input: `{"locale": "af"}`,
|
||||
|
|
@ -234,13 +258,11 @@ func TestLocale_UnmarshalJSON(t *testing.T) {
|
|||
{
|
||||
name: "bad form, error",
|
||||
input: `{"locale": "g!!!!!"}`,
|
||||
want: dst{
|
||||
Locale: &Locale{},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var got dst
|
||||
err := json.Unmarshal([]byte(tt.input), &got)
|
||||
if tt.wantErr {
|
||||
|
|
@ -249,6 +271,7 @@ func TestLocale_UnmarshalJSON(t *testing.T) {
|
|||
}
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tt.want, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,10 +5,10 @@ import (
|
|||
"encoding/json"
|
||||
"testing"
|
||||
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
func TestParseToken(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/bmatcuk/doublestar/v4"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type AuthRequest interface {
|
||||
|
|
@ -38,6 +38,13 @@ type AuthRequest interface {
|
|||
Done() bool
|
||||
}
|
||||
|
||||
// AuthRequestSessionState should be implemented if [OpenID Connect Session Management](https://openid.net/specs/openid-connect-session-1_0.html) is supported
|
||||
type AuthRequestSessionState interface {
|
||||
// GetSessionState returns session_state.
|
||||
// session_state is related to OpenID Connect Session Management.
|
||||
GetSessionState() string
|
||||
}
|
||||
|
||||
type Authorizer interface {
|
||||
Storage() Storage
|
||||
Decoder() httphelper.Decoder
|
||||
|
|
@ -55,6 +62,12 @@ type AuthorizeValidator interface {
|
|||
ValidateAuthRequest(context.Context, *oidc.AuthRequest, Storage, *IDTokenHintVerifier) (string, error)
|
||||
}
|
||||
|
||||
type CodeResponseType struct {
|
||||
Code string `schema:"code"`
|
||||
State string `schema:"state,omitempty"`
|
||||
SessionState string `schema:"session_state,omitempty"`
|
||||
}
|
||||
|
||||
func authorizeHandler(authorizer Authorizer) func(http.ResponseWriter, *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
Authorize(w, r, authorizer)
|
||||
|
|
@ -103,8 +116,8 @@ func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
|
|||
}
|
||||
return ValidateAuthRequestClient(ctx, authReq, client, verifier)
|
||||
}
|
||||
if validater, ok := authorizer.(AuthorizeValidator); ok {
|
||||
validation = validater.ValidateAuthRequest
|
||||
if validator, ok := authorizer.(AuthorizeValidator); ok {
|
||||
validation = validator.ValidateAuthRequest
|
||||
}
|
||||
userID, err := validation(ctx, authReq, authorizer.Storage(), authorizer.IDTokenHintVerifier(ctx))
|
||||
if err != nil {
|
||||
|
|
@ -312,12 +325,12 @@ func ValidateAuthReqRedirectURI(client Client, uri string, responseType oidc.Res
|
|||
return oidc.ErrInvalidRequestRedirectURI().WithDescription("The redirect_uri is missing in the request. " +
|
||||
"Please ensure it is added to the request. If you have any questions, you may contact the administrator of the application.")
|
||||
}
|
||||
if strings.HasPrefix(uri, "https://") {
|
||||
return checkURIAgainstRedirects(client, uri)
|
||||
}
|
||||
if client.ApplicationType() == ApplicationTypeNative {
|
||||
return validateAuthReqRedirectURINative(client, uri)
|
||||
}
|
||||
if strings.HasPrefix(uri, "https://") {
|
||||
return checkURIAgainstRedirects(client, uri)
|
||||
}
|
||||
if err := checkURIAgainstRedirects(client, uri); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -338,12 +351,15 @@ func ValidateAuthReqRedirectURI(client Client, uri string, responseType oidc.Res
|
|||
// ValidateAuthReqRedirectURINative validates the passed redirect_uri and response_type to the registered uris and client type
|
||||
func validateAuthReqRedirectURINative(client Client, uri string) error {
|
||||
parsedURL, isLoopback := HTTPLoopbackOrLocalhost(uri)
|
||||
isCustomSchema := !strings.HasPrefix(uri, "http://")
|
||||
isCustomSchema := !(strings.HasPrefix(uri, "http://") || strings.HasPrefix(uri, "https://"))
|
||||
if err := checkURIAgainstRedirects(client, uri); err == nil {
|
||||
if client.DevMode() {
|
||||
return nil
|
||||
}
|
||||
// The RedirectURIs are only valid for native clients when localhost or non-"http://"
|
||||
if !isLoopback && strings.HasPrefix(uri, "https://") {
|
||||
return nil
|
||||
}
|
||||
// The RedirectURIs are only valid for native clients when localhost or non-"http://" and "https://"
|
||||
if isLoopback || isCustomSchema {
|
||||
return nil
|
||||
}
|
||||
|
|
@ -373,11 +389,11 @@ func HTTPLoopbackOrLocalhost(rawURL string) (*url.URL, bool) {
|
|||
if err != nil {
|
||||
return nil, false
|
||||
}
|
||||
if parsedURL.Scheme != "http" {
|
||||
return nil, false
|
||||
}
|
||||
if parsedURL.Scheme == "http" || parsedURL.Scheme == "https" {
|
||||
hostName := parsedURL.Hostname()
|
||||
return parsedURL, hostName == "localhost" || net.ParseIP(hostName).IsLoopback()
|
||||
}
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// ValidateAuthReqResponseType validates the passed response_type to the registered response types
|
||||
|
|
@ -467,41 +483,70 @@ func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWri
|
|||
AuthResponseToken(w, r, authReq, authorizer, client)
|
||||
}
|
||||
|
||||
// AuthResponseCode creates the successful code authentication response
|
||||
// AuthResponseCode handles the creation of a successful authentication response using an authorization code
|
||||
func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer) {
|
||||
ctx, span := tracer.Start(r.Context(), "AuthResponseCode")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
r = r.WithContext(ctx)
|
||||
|
||||
var err error
|
||||
if authReq.GetResponseMode() == oidc.ResponseModeFormPost {
|
||||
err = handleFormPostResponse(w, r, authReq, authorizer)
|
||||
} else {
|
||||
err = handleRedirectResponse(w, r, authReq, authorizer)
|
||||
}
|
||||
|
||||
code, err := CreateAuthRequestCode(r.Context(), authReq, authorizer.Storage(), authorizer.Crypto())
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, authReq, err, authorizer)
|
||||
return
|
||||
}
|
||||
codeResponse := struct {
|
||||
Code string `schema:"code"`
|
||||
State string `schema:"state,omitempty"`
|
||||
}{
|
||||
}
|
||||
|
||||
// handleFormPostResponse processes the authentication response using form post method
|
||||
func handleFormPostResponse(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer) error {
|
||||
codeResponse, err := BuildAuthResponseCodeResponsePayload(r.Context(), authReq, authorizer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return AuthResponseFormPost(w, authReq.GetRedirectURI(), codeResponse, authorizer.Encoder())
|
||||
}
|
||||
|
||||
// handleRedirectResponse processes the authentication response using the redirect method
|
||||
func handleRedirectResponse(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer) error {
|
||||
callbackURL, err := BuildAuthResponseCallbackURL(r.Context(), authReq, authorizer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
http.Redirect(w, r, callbackURL, http.StatusFound)
|
||||
return nil
|
||||
}
|
||||
|
||||
// BuildAuthResponseCodeResponsePayload generates the authorization code response payload for the authentication request
|
||||
func BuildAuthResponseCodeResponsePayload(ctx context.Context, authReq AuthRequest, authorizer Authorizer) (*CodeResponseType, error) {
|
||||
code, err := CreateAuthRequestCode(ctx, authReq, authorizer.Storage(), authorizer.Crypto())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
sessionState := ""
|
||||
if authRequestSessionState, ok := authReq.(AuthRequestSessionState); ok {
|
||||
sessionState = authRequestSessionState.GetSessionState()
|
||||
}
|
||||
|
||||
return &CodeResponseType{
|
||||
Code: code,
|
||||
State: authReq.GetState(),
|
||||
}
|
||||
SessionState: sessionState,
|
||||
}, nil
|
||||
}
|
||||
|
||||
if authReq.GetResponseMode() == oidc.ResponseModeFormPost {
|
||||
err := AuthResponseFormPost(w, authReq.GetRedirectURI(), &codeResponse, authorizer.Encoder())
|
||||
// BuildAuthResponseCallbackURL generates the callback URL for a successful authorization code response
|
||||
func BuildAuthResponseCallbackURL(ctx context.Context, authReq AuthRequest, authorizer Authorizer) (string, error) {
|
||||
codeResponse, err := BuildAuthResponseCodeResponsePayload(ctx, authReq, authorizer)
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, authReq, err, authorizer)
|
||||
return
|
||||
return "", err
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
callback, err := AuthResponseURL(authReq.GetRedirectURI(), authReq.GetResponseType(), authReq.GetResponseMode(), &codeResponse, authorizer.Encoder())
|
||||
if err != nil {
|
||||
AuthRequestError(w, r, authReq, err, authorizer)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, callback, http.StatusFound)
|
||||
return AuthResponseURL(authReq.GetRedirectURI(), authReq.GetResponseType(), authReq.GetResponseMode(), codeResponse, authorizer.Encoder())
|
||||
}
|
||||
|
||||
// AuthResponseToken creates the successful token(s) authentication response
|
||||
|
|
|
|||
|
|
@ -11,15 +11,15 @@ import (
|
|||
"reflect"
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
tu "git.christmann.info/LARA/zitadel-oidc/v3/internal/testutil"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op/mock"
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
tu "github.com/zitadel/oidc/v3/internal/testutil"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"github.com/zitadel/oidc/v3/pkg/op/mock"
|
||||
"github.com/zitadel/schema"
|
||||
)
|
||||
|
||||
|
|
@ -433,6 +433,24 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
|
|||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"code flow registered https loopback v4 native ok",
|
||||
args{
|
||||
"https://127.0.0.1:4200/callback",
|
||||
mock.NewClientWithConfig(t, []string{"https://127.0.0.1/callback"}, op.ApplicationTypeNative, nil, false),
|
||||
oidc.ResponseTypeCode,
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"code flow registered https loopback v6 native ok",
|
||||
args{
|
||||
"https://[::1]:4200/callback",
|
||||
mock.NewClientWithConfig(t, []string{"https://[::1]/callback"}, op.ApplicationTypeNative, nil, false),
|
||||
oidc.ResponseTypeCode,
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"code flow unregistered http native fails",
|
||||
args{
|
||||
|
|
@ -1072,6 +1090,34 @@ func TestAuthResponseCode(t *testing.T) {
|
|||
wantBody: "",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with state and session_state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequestWithSessionState{
|
||||
AuthRequest: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
TransferState: "state1",
|
||||
},
|
||||
SessionState: "session_state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantCode: http.StatusFound,
|
||||
wantLocationHeader: "/auth/callback/?code=id1&session_state=session_state1&state=state1",
|
||||
wantBody: "",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success without state", // reproduce issue #415
|
||||
args: args{
|
||||
|
|
@ -1179,6 +1225,133 @@ func Test_parseAuthorizeCallbackRequest(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBuildAuthResponseCodeResponsePayload(t *testing.T) {
|
||||
type args struct {
|
||||
authReq op.AuthRequest
|
||||
authorizer func(*testing.T) op.Authorizer
|
||||
}
|
||||
type res struct {
|
||||
wantCode string
|
||||
wantState string
|
||||
wantSessionState string
|
||||
wantErr bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
res res
|
||||
}{
|
||||
{
|
||||
name: "create code error",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{
|
||||
returnErr: io.ErrClosedPipe,
|
||||
})
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantErr: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
TransferState: "state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantCode: "id1",
|
||||
wantState: "state1",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success without state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
TransferState: "",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantCode: "id1",
|
||||
wantState: "",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with session_state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequestWithSessionState{
|
||||
AuthRequest: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
TransferState: "state1",
|
||||
},
|
||||
SessionState: "session_state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantCode: "id1",
|
||||
wantState: "state1",
|
||||
wantSessionState: "session_state1",
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := op.BuildAuthResponseCodeResponsePayload(context.Background(), tt.args.authReq, tt.args.authorizer(t))
|
||||
if tt.res.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tt.res.wantCode, got.Code)
|
||||
assert.Equal(t, tt.res.wantState, got.State)
|
||||
assert.Equal(t, tt.res.wantSessionState, got.SessionState)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateAuthReqIDTokenHint(t *testing.T) {
|
||||
token, _ := tu.ValidIDToken()
|
||||
tests := []struct {
|
||||
|
|
@ -1209,3 +1382,231 @@ func TestValidateAuthReqIDTokenHint(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildAuthResponseCallbackURL(t *testing.T) {
|
||||
type args struct {
|
||||
authReq op.AuthRequest
|
||||
authorizer func(*testing.T) op.Authorizer
|
||||
}
|
||||
type res struct {
|
||||
wantURL string
|
||||
wantErr bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
res res
|
||||
}{
|
||||
{
|
||||
name: "error when generating code response",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{
|
||||
returnErr: io.ErrClosedPipe,
|
||||
})
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantErr: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "error when generating callback URL",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "://invalid-url",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantErr: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "https://example.com/callback",
|
||||
TransferState: "state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantURL: "https://example.com/callback?code=id1&state=state1",
|
||||
wantErr: false,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success without state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "https://example.com/callback",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantURL: "https://example.com/callback?code=id1",
|
||||
wantErr: false,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with session_state",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequestWithSessionState{
|
||||
AuthRequest: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "https://example.com/callback",
|
||||
TransferState: "state1",
|
||||
},
|
||||
SessionState: "session_state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantURL: "https://example.com/callback?code=id1&session_state=session_state1&state=state1",
|
||||
wantErr: false,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with existing query parameters",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "https://example.com/callback?param=value",
|
||||
TransferState: "state1",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantURL: "https://example.com/callback?param=value&code=id1&state=state1",
|
||||
wantErr: false,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "success with fragment response mode",
|
||||
args: args{
|
||||
authReq: &storage.AuthRequest{
|
||||
ID: "id1",
|
||||
CallbackURI: "https://example.com/callback",
|
||||
TransferState: "state1",
|
||||
ResponseMode: "fragment",
|
||||
},
|
||||
authorizer: func(t *testing.T) op.Authorizer {
|
||||
ctrl := gomock.NewController(t)
|
||||
storage := mock.NewMockStorage(ctrl)
|
||||
storage.EXPECT().SaveAuthCode(gomock.Any(), "id1", "id1")
|
||||
|
||||
authorizer := mock.NewMockAuthorizer(ctrl)
|
||||
authorizer.EXPECT().Storage().Return(storage)
|
||||
authorizer.EXPECT().Crypto().Return(&mockCrypto{})
|
||||
authorizer.EXPECT().Encoder().Return(schema.NewEncoder())
|
||||
return authorizer
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
wantURL: "https://example.com/callback#code=id1&state=state1",
|
||||
wantErr: false,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := op.BuildAuthResponseCallbackURL(context.Background(), tt.args.authReq, tt.args.authorizer(t))
|
||||
if tt.res.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
require.NoError(t, err)
|
||||
|
||||
if tt.res.wantURL != "" {
|
||||
// Parse the URLs to compare components instead of direct string comparison
|
||||
expectedURL, err := url.Parse(tt.res.wantURL)
|
||||
require.NoError(t, err)
|
||||
actualURL, err := url.Parse(got)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Compare the base parts (scheme, host, path)
|
||||
assert.Equal(t, expectedURL.Scheme, actualURL.Scheme)
|
||||
assert.Equal(t, expectedURL.Host, actualURL.Host)
|
||||
assert.Equal(t, expectedURL.Path, actualURL.Path)
|
||||
|
||||
// Compare the fragment if any
|
||||
assert.Equal(t, expectedURL.Fragment, actualURL.Fragment)
|
||||
|
||||
// For query parameters, compare them independently of order
|
||||
expectedQuery := expectedURL.Query()
|
||||
actualQuery := actualURL.Query()
|
||||
|
||||
assert.Equal(t, len(expectedQuery), len(actualQuery), "Query parameter count does not match")
|
||||
|
||||
for key, expectedValues := range expectedQuery {
|
||||
actualValues, exists := actualQuery[key]
|
||||
assert.True(t, exists, "Expected query parameter %s not found", key)
|
||||
assert.ElementsMatch(t, expectedValues, actualValues, "Values for parameter %s don't match", key)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import (
|
|||
"net/url"
|
||||
"time"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
//go:generate go get github.com/dmarkham/enumer
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op/mock"
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"github.com/zitadel/oidc/v3/pkg/op/mock"
|
||||
"github.com/zitadel/schema"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ type Configuration interface {
|
|||
EndSessionEndpoint() *Endpoint
|
||||
KeysEndpoint() *Endpoint
|
||||
DeviceAuthorizationEndpoint() *Endpoint
|
||||
CheckSessionIframe() *Endpoint
|
||||
|
||||
AuthMethodPostSupported() bool
|
||||
CodeMethodS256Supported() bool
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package op
|
||||
|
||||
import (
|
||||
"github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
)
|
||||
|
||||
type Crypto interface {
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type DeviceAuthorizationConfig struct {
|
||||
|
|
@ -91,10 +91,7 @@ func createDeviceAuthorization(ctx context.Context, req *oidc.DeviceAuthorizatio
|
|||
}
|
||||
config := o.DeviceAuthorization()
|
||||
|
||||
deviceCode, err := NewDeviceCode(RecommendedDeviceCodeBytes)
|
||||
if err != nil {
|
||||
return nil, NewStatusError(err, http.StatusInternalServerError)
|
||||
}
|
||||
deviceCode, _ := NewDeviceCode(RecommendedDeviceCodeBytes)
|
||||
userCode, err := NewUserCode([]rune(config.UserCode.CharSet), config.UserCode.CharAmount, config.UserCode.DashInterval)
|
||||
if err != nil {
|
||||
return nil, NewStatusError(err, http.StatusInternalServerError)
|
||||
|
|
@ -163,11 +160,14 @@ func ParseDeviceCodeRequest(r *http.Request, o OpenIDProvider) (*oidc.DeviceAuth
|
|||
// results in a 22 character base64 encoded string.
|
||||
const RecommendedDeviceCodeBytes = 16
|
||||
|
||||
// NewDeviceCode generates a new cryptographically secure device code as a base64 encoded string.
|
||||
// The length of the string is nBytes * 4 / 3.
|
||||
// An error is never returned.
|
||||
//
|
||||
// TODO(v4): change return type to string alone.
|
||||
func NewDeviceCode(nBytes int) (string, error) {
|
||||
bytes := make([]byte, nBytes)
|
||||
if _, err := rand.Read(bytes); err != nil {
|
||||
return "", fmt.Errorf("%w getting entropy for device code", err)
|
||||
}
|
||||
rand.Read(bytes)
|
||||
return base64.RawURLEncoding.EncodeToString(bytes), nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,12 +13,12 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func Test_deviceAuthorizationHandler(t *testing.T) {
|
||||
|
|
@ -145,21 +145,11 @@ func runWithRandReader(r io.Reader, f func()) {
|
|||
}
|
||||
|
||||
func TestNewDeviceCode(t *testing.T) {
|
||||
t.Run("reader error", func(t *testing.T) {
|
||||
runWithRandReader(errReader{}, func() {
|
||||
_, err := op.NewDeviceCode(16)
|
||||
require.Error(t, err)
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("different lengths, rand reader", func(t *testing.T) {
|
||||
for i := 1; i <= 32; i++ {
|
||||
got, err := op.NewDeviceCode(i)
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, got, base64.RawURLEncoding.EncodedLen(i))
|
||||
}
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
func TestNewUserCode(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type DiscoverStorage interface {
|
||||
|
|
@ -45,6 +45,7 @@ func CreateDiscoveryConfig(ctx context.Context, config Configuration, storage Di
|
|||
EndSessionEndpoint: config.EndSessionEndpoint().Absolute(issuer),
|
||||
JwksURI: config.KeysEndpoint().Absolute(issuer),
|
||||
DeviceAuthorizationEndpoint: config.DeviceAuthorizationEndpoint().Absolute(issuer),
|
||||
CheckSessionIframe: config.CheckSessionIframe().Absolute(issuer),
|
||||
ScopesSupported: Scopes(config),
|
||||
ResponseTypesSupported: ResponseTypes(config),
|
||||
GrantTypesSupported: GrantTypes(config),
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"github.com/zitadel/oidc/v3/pkg/op/mock"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op/mock"
|
||||
)
|
||||
|
||||
func TestDiscover(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ package op_test
|
|||
import (
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func TestEndpoint_Path(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import (
|
|||
"log/slog"
|
||||
"net/http"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type ErrAuthRequest interface {
|
||||
|
|
@ -46,6 +46,12 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq
|
|||
return
|
||||
}
|
||||
e.State = authReq.GetState()
|
||||
var sessionState string
|
||||
authRequestSessionState, ok := authReq.(AuthRequestSessionState)
|
||||
if ok {
|
||||
sessionState = authRequestSessionState.GetSessionState()
|
||||
}
|
||||
e.SessionState = sessionState
|
||||
var responseMode oidc.ResponseMode
|
||||
if rm, ok := authReq.(interface{ GetResponseMode() oidc.ResponseMode }); ok {
|
||||
responseMode = rm.GetResponseMode()
|
||||
|
|
@ -92,6 +98,12 @@ func TryErrorRedirect(ctx context.Context, authReq ErrAuthRequest, parent error,
|
|||
}
|
||||
|
||||
e.State = authReq.GetState()
|
||||
var sessionState string
|
||||
authRequestSessionState, ok := authReq.(AuthRequestSessionState)
|
||||
if ok {
|
||||
sessionState = authRequestSessionState.GetSessionState()
|
||||
}
|
||||
e.SessionState = sessionState
|
||||
var responseMode oidc.ResponseMode
|
||||
if rm, ok := authReq.(interface{ GetResponseMode() oidc.ResponseMode }); ok {
|
||||
responseMode = rm.GetResponseMode()
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/schema"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
)
|
||||
|
||||
type KeyProvider interface {
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ import (
|
|||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"github.com/zitadel/oidc/v3/pkg/op/mock"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op/mock"
|
||||
)
|
||||
|
||||
func TestKeys(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Authorizer)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: Authorizer)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -9,9 +9,9 @@ import (
|
|||
slog "log/slog"
|
||||
reflect "reflect"
|
||||
|
||||
http "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
http "github.com/zitadel/oidc/v3/pkg/http"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// MockAuthorizer is a mock of Authorizer interface.
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import (
|
|||
"github.com/golang/mock/gomock"
|
||||
"github.com/zitadel/schema"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func NewAuthorizer(t *testing.T) op.Authorizer {
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
|
||||
"github.com/golang/mock/gomock"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func NewClient(t *testing.T) op.Client {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Client)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: Client)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -8,9 +8,9 @@ import (
|
|||
reflect "reflect"
|
||||
time "time"
|
||||
|
||||
oidc "git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
oidc "github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// MockClient is a mock of Client interface.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Configuration)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: Configuration)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -8,8 +8,8 @@ import (
|
|||
http "net/http"
|
||||
reflect "reflect"
|
||||
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
language "golang.org/x/text/language"
|
||||
)
|
||||
|
||||
|
|
@ -106,6 +106,20 @@ func (mr *MockConfigurationMockRecorder) BackChannelLogoutSupported() *gomock.Ca
|
|||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BackChannelLogoutSupported", reflect.TypeOf((*MockConfiguration)(nil).BackChannelLogoutSupported))
|
||||
}
|
||||
|
||||
// CheckSessionIframe mocks base method.
|
||||
func (m *MockConfiguration) CheckSessionIframe() *op.Endpoint {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "CheckSessionIframe")
|
||||
ret0, _ := ret[0].(*op.Endpoint)
|
||||
return ret0
|
||||
}
|
||||
|
||||
// CheckSessionIframe indicates an expected call of CheckSessionIframe.
|
||||
func (mr *MockConfigurationMockRecorder) CheckSessionIframe() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CheckSessionIframe", reflect.TypeOf((*MockConfiguration)(nil).CheckSessionIframe))
|
||||
}
|
||||
|
||||
// CodeMethodS256Supported mocks base method.
|
||||
func (m *MockConfiguration) CodeMethodS256Supported() bool {
|
||||
m.ctrl.T.Helper()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: DiscoverStorage)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: DiscoverStorage)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
package mock
|
||||
|
||||
//go:generate go install github.com/golang/mock/mockgen@v1.6.0
|
||||
//go:generate mockgen -package mock -destination ./storage.mock.go github.com/zitadel/oidc/v3/pkg/op Storage
|
||||
//go:generate mockgen -package mock -destination ./authorizer.mock.go github.com/zitadel/oidc/v3/pkg/op Authorizer
|
||||
//go:generate mockgen -package mock -destination ./client.mock.go github.com/zitadel/oidc/v3/pkg/op Client
|
||||
//go:generate mockgen -package mock -destination ./glob.mock.go github.com/zitadel/oidc/v3/pkg/op HasRedirectGlobs
|
||||
//go:generate mockgen -package mock -destination ./configuration.mock.go github.com/zitadel/oidc/v3/pkg/op Configuration
|
||||
//go:generate mockgen -package mock -destination ./discovery.mock.go github.com/zitadel/oidc/v3/pkg/op DiscoverStorage
|
||||
//go:generate mockgen -package mock -destination ./signer.mock.go github.com/zitadel/oidc/v3/pkg/op SigningKey,Key
|
||||
//go:generate mockgen -package mock -destination ./key.mock.go github.com/zitadel/oidc/v3/pkg/op KeyProvider
|
||||
//go:generate mockgen -package mock -destination ./storage.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op Storage
|
||||
//go:generate mockgen -package mock -destination ./authorizer.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op Authorizer
|
||||
//go:generate mockgen -package mock -destination ./client.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op Client
|
||||
//go:generate mockgen -package mock -destination ./glob.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op HasRedirectGlobs
|
||||
//go:generate mockgen -package mock -destination ./configuration.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op Configuration
|
||||
//go:generate mockgen -package mock -destination ./discovery.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op DiscoverStorage
|
||||
//go:generate mockgen -package mock -destination ./signer.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op SigningKey,Key
|
||||
//go:generate mockgen -package mock -destination ./key.mock.go git.christmann.info/LARA/zitadel-oidc/v3/pkg/op KeyProvider
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ package mock
|
|||
import (
|
||||
"testing"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func NewHasRedirectGlobs(t *testing.T) op.HasRedirectGlobs {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: HasRedirectGlobs)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: HasRedirectGlobs)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -8,9 +8,9 @@ import (
|
|||
reflect "reflect"
|
||||
time "time"
|
||||
|
||||
oidc "git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
oidc "github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// MockHasRedirectGlobs is a mock of HasRedirectGlobs interface.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: KeyProvider)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: KeyProvider)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -8,8 +8,8 @@ import (
|
|||
context "context"
|
||||
reflect "reflect"
|
||||
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// MockKeyProvider is a mock of KeyProvider interface.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: SigningKey,Key)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: SigningKey,Key)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Storage)
|
||||
// Source: git.christmann.info/LARA/zitadel-oidc/v3/pkg/op (interfaces: Storage)
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
|
@ -9,10 +9,10 @@ import (
|
|||
reflect "reflect"
|
||||
time "time"
|
||||
|
||||
oidc "git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
op "git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
oidc "github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
op "github.com/zitadel/oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
// MockStorage is a mock of Storage interface.
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import (
|
|||
|
||||
"github.com/golang/mock/gomock"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func NewStorage(t *testing.T) op.Storage {
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ import (
|
|||
"go.opentelemetry.io/otel"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -339,6 +339,10 @@ func (o *Provider) DeviceAuthorizationEndpoint() *Endpoint {
|
|||
return o.endpoints.DeviceAuthorization
|
||||
}
|
||||
|
||||
func (o *Provider) CheckSessionIframe() *Endpoint {
|
||||
return o.endpoints.CheckSessionIframe
|
||||
}
|
||||
|
||||
func (o *Provider) KeysEndpoint() *Endpoint {
|
||||
return o.endpoints.JwksURI
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,12 +11,12 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/example/server/storage"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/zitadel/oidc/v3/example/server/storage"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"golang.org/x/text/language"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
"errors"
|
||||
"net/http"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
)
|
||||
|
||||
type ProbesFn func(context.Context) error
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ import (
|
|||
"net/http"
|
||||
"net/url"
|
||||
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/muhlemmer/gu"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// Server describes the interface that needs to be implemented to serve
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@ import (
|
|||
"net/http"
|
||||
"net/url"
|
||||
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/rs/cors"
|
||||
"github.com/zitadel/logging"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/schema"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/oidc/v3/pkg/op"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/client"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/op"
|
||||
)
|
||||
|
||||
func jwtProfile() (string, error) {
|
||||
|
|
|
|||
|
|
@ -14,11 +14,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"github.com/zitadel/schema"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// ExtendedLegacyServer allows embedding [LegacyServer] in a struct,
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ import (
|
|||
"net/url"
|
||||
"path"
|
||||
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
httphelper "git.christmann.info/LARA/zitadel-oidc/v3/pkg/http"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type SessionEnder interface {
|
||||
|
|
@ -73,6 +73,8 @@ func ValidateEndSessionRequest(ctx context.Context, req *oidc.EndSessionRequest,
|
|||
|
||||
session := &EndSessionRequest{
|
||||
RedirectURI: ender.DefaultLogoutRedirectURI(),
|
||||
LogoutHint: req.LogoutHint,
|
||||
UILocales: req.UILocales,
|
||||
}
|
||||
if req.IdTokenHint != "" {
|
||||
claims, err := VerifyIDTokenHint[*oidc.IDTokenClaims](ctx, req.IdTokenHint, ender.IDTokenHintVerifier(ctx))
|
||||
|
|
|
|||
|
|
@ -6,8 +6,9 @@ import (
|
|||
"time"
|
||||
|
||||
jose "github.com/go-jose/go-jose/v4"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type AuthStorage interface {
|
||||
|
|
@ -144,6 +145,12 @@ type CanSetUserinfoFromRequest interface {
|
|||
SetUserinfoFromRequest(ctx context.Context, userinfo *oidc.UserInfo, request IDTokenRequest, scopes []string) error
|
||||
}
|
||||
|
||||
// CanGetPrivateClaimsFromRequest is an optional additional interface that may be implemented by
|
||||
// implementors of Storage. It allows setting the jwt token claims based on the request.
|
||||
type CanGetPrivateClaimsFromRequest interface {
|
||||
GetPrivateClaimsFromRequest(ctx context.Context, request TokenRequest, restrictedScopes []string) (map[string]any, error)
|
||||
}
|
||||
|
||||
// Storage is a required parameter for NewOpenIDProvider(). In addition to the
|
||||
// embedded interfaces below, if the passed Storage implements ClientCredentialsStorage
|
||||
// then the grant type "client_credentials" will be supported. In that case, the access
|
||||
|
|
@ -164,6 +171,8 @@ type EndSessionRequest struct {
|
|||
ClientID string
|
||||
IDTokenHintClaims *oidc.IDTokenClaims
|
||||
RedirectURI string
|
||||
LogoutHint string
|
||||
UILocales []language.Tag
|
||||
}
|
||||
|
||||
var ErrDuplicateUserCode = errors.New("user code already exists")
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
"slices"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/crypto"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/crypto"
|
||||
"git.christmann.info/LARA/zitadel-oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
type TokenCreator interface {
|
||||
|
|
@ -146,9 +146,13 @@ func CreateJWT(ctx context.Context, issuer string, tokenRequest TokenRequest, ex
|
|||
ctx,
|
||||
tokenExchangeRequest,
|
||||
)
|
||||
} else {
|
||||
if fromRequest, ok := storage.(CanGetPrivateClaimsFromRequest); ok {
|
||||
privateClaims, err = fromRequest.GetPrivateClaimsFromRequest(ctx, tokenRequest, removeUserinfoScopes(restrictedScopes))
|
||||
} else {
|
||||
privateClaims, err = storage.GetPrivateClaimsFromScopes(ctx, tokenRequest.GetSubject(), client.GetID(), removeUserinfoScopes(restrictedScopes))
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue