forked from mystiq/dex
Merge pull request #792 from ericchiang/auth-endpoint-post
server: support POSTing to authorization endpoint
This commit is contained in:
commit
0dcf1bcf79
2 changed files with 33 additions and 2 deletions
|
@ -333,7 +333,10 @@ func (s *Server) newIDToken(clientID string, claims storage.Claims, scopes []str
|
||||||
|
|
||||||
// parse the initial request from the OAuth2 client.
|
// parse the initial request from the OAuth2 client.
|
||||||
func (s *Server) parseAuthorizationRequest(r *http.Request) (req storage.AuthRequest, oauth2Err *authErr) {
|
func (s *Server) parseAuthorizationRequest(r *http.Request) (req storage.AuthRequest, oauth2Err *authErr) {
|
||||||
q := r.URL.Query()
|
if err := r.ParseForm(); err != nil {
|
||||||
|
return req, &authErr{"", "", errInvalidRequest, "Failed to parse request body."}
|
||||||
|
}
|
||||||
|
q := r.Form
|
||||||
redirectURI, err := url.QueryUnescape(q.Get("redirect_uri"))
|
redirectURI, err := url.QueryUnescape(q.Get("redirect_uri"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return req, &authErr{"", "", errInvalidRequest, "No redirect_uri provided."}
|
return req, &authErr{"", "", errInvalidRequest, "No redirect_uri provided."}
|
||||||
|
|
|
@ -2,8 +2,10 @@ package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
jose "gopkg.in/square/go-jose.v2"
|
jose "gopkg.in/square/go-jose.v2"
|
||||||
|
@ -17,6 +19,8 @@ func TestParseAuthorizationRequest(t *testing.T) {
|
||||||
clients []storage.Client
|
clients []storage.Client
|
||||||
supportedResponseTypes []string
|
supportedResponseTypes []string
|
||||||
|
|
||||||
|
usePOST bool
|
||||||
|
|
||||||
queryParams map[string]string
|
queryParams map[string]string
|
||||||
|
|
||||||
wantErr bool
|
wantErr bool
|
||||||
|
@ -37,6 +41,23 @@ func TestParseAuthorizationRequest(t *testing.T) {
|
||||||
"scope": "openid email profile",
|
"scope": "openid email profile",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "POST request",
|
||||||
|
clients: []storage.Client{
|
||||||
|
{
|
||||||
|
ID: "foo",
|
||||||
|
RedirectURIs: []string{"https://example.com/foo"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
supportedResponseTypes: []string{"code"},
|
||||||
|
queryParams: map[string]string{
|
||||||
|
"client_id": "foo",
|
||||||
|
"redirect_uri": "https://example.com/foo",
|
||||||
|
"response_type": "code",
|
||||||
|
"scope": "openid email profile",
|
||||||
|
},
|
||||||
|
usePOST: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "invalid client id",
|
name: "invalid client id",
|
||||||
clients: []storage.Client{
|
clients: []storage.Client{
|
||||||
|
@ -139,7 +160,14 @@ func TestParseAuthorizationRequest(t *testing.T) {
|
||||||
params.Set(k, v)
|
params.Set(k, v)
|
||||||
}
|
}
|
||||||
|
|
||||||
req := httptest.NewRequest("GET", httpServer.URL+"/auth?"+params.Encode(), nil)
|
var req *http.Request
|
||||||
|
if tc.usePOST {
|
||||||
|
body := strings.NewReader(params.Encode())
|
||||||
|
req = httptest.NewRequest("POST", httpServer.URL+"/auth", body)
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
} else {
|
||||||
|
req = httptest.NewRequest("GET", httpServer.URL+"/auth?"+params.Encode(), nil)
|
||||||
|
}
|
||||||
_, err := server.parseAuthorizationRequest(req)
|
_, err := server.parseAuthorizationRequest(req)
|
||||||
if err != nil && !tc.wantErr {
|
if err != nil && !tc.wantErr {
|
||||||
t.Errorf("%s: %v", tc.name, err)
|
t.Errorf("%s: %v", tc.name, err)
|
||||||
|
|
Loading…
Reference in a new issue