server: support POSTing to authorization endpoint

Fixes #791
This commit is contained in:
Eric Chiang 2017-01-27 11:42:46 -08:00
parent a3ef8d26bc
commit 8541184afb
2 changed files with 33 additions and 2 deletions

View file

@ -333,7 +333,10 @@ func (s *Server) newIDToken(clientID string, claims storage.Claims, scopes []str
// parse the initial request from the OAuth2 client. // parse the initial request from the OAuth2 client.
func (s *Server) parseAuthorizationRequest(r *http.Request) (req storage.AuthRequest, oauth2Err *authErr) { func (s *Server) parseAuthorizationRequest(r *http.Request) (req storage.AuthRequest, oauth2Err *authErr) {
q := r.URL.Query() if err := r.ParseForm(); err != nil {
return req, &authErr{"", "", errInvalidRequest, "Failed to parse request body."}
}
q := r.Form
redirectURI, err := url.QueryUnescape(q.Get("redirect_uri")) redirectURI, err := url.QueryUnescape(q.Get("redirect_uri"))
if err != nil { if err != nil {
return req, &authErr{"", "", errInvalidRequest, "No redirect_uri provided."} return req, &authErr{"", "", errInvalidRequest, "No redirect_uri provided."}

View file

@ -2,8 +2,10 @@ package server
import ( import (
"context" "context"
"net/http"
"net/http/httptest" "net/http/httptest"
"net/url" "net/url"
"strings"
"testing" "testing"
jose "gopkg.in/square/go-jose.v2" jose "gopkg.in/square/go-jose.v2"
@ -17,6 +19,8 @@ func TestParseAuthorizationRequest(t *testing.T) {
clients []storage.Client clients []storage.Client
supportedResponseTypes []string supportedResponseTypes []string
usePOST bool
queryParams map[string]string queryParams map[string]string
wantErr bool wantErr bool
@ -37,6 +41,23 @@ func TestParseAuthorizationRequest(t *testing.T) {
"scope": "openid email profile", "scope": "openid email profile",
}, },
}, },
{
name: "POST request",
clients: []storage.Client{
{
ID: "foo",
RedirectURIs: []string{"https://example.com/foo"},
},
},
supportedResponseTypes: []string{"code"},
queryParams: map[string]string{
"client_id": "foo",
"redirect_uri": "https://example.com/foo",
"response_type": "code",
"scope": "openid email profile",
},
usePOST: true,
},
{ {
name: "invalid client id", name: "invalid client id",
clients: []storage.Client{ clients: []storage.Client{
@ -139,7 +160,14 @@ func TestParseAuthorizationRequest(t *testing.T) {
params.Set(k, v) params.Set(k, v)
} }
req := httptest.NewRequest("GET", httpServer.URL+"/auth?"+params.Encode(), nil) var req *http.Request
if tc.usePOST {
body := strings.NewReader(params.Encode())
req = httptest.NewRequest("POST", httpServer.URL+"/auth", body)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
} else {
req = httptest.NewRequest("GET", httpServer.URL+"/auth?"+params.Encode(), nil)
}
_, err := server.parseAuthorizationRequest(req) _, err := server.parseAuthorizationRequest(req)
if err != nil && !tc.wantErr { if err != nil && !tc.wantErr {
t.Errorf("%s: %v", tc.name, err) t.Errorf("%s: %v", tc.name, err)