Commit graph

12 commits

Author SHA1 Message Date
Eric Chiang
1eda382789 server: add at_hash claim support
The "at_hash" claim, which provides hash verification for the
"access_token," is a required claim for implicit and hybrid flow
requests. Previously we did not include it (against spec). This
PR implements the "at_hash" logic and adds the claim to all
responses.

As a cleanup, it also moves some JOSE signing logic out of the
storage package and into the server package.

For details see:

https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
2017-01-13 10:05:24 -08:00
Eric Chiang
f926d74157 server: fixes for the implicit and hybrid flow
Accept the following response_type for the implicit flow:

    id_token
    token id_token

And the following for hybrid flow

    code id_token
    code token
    code token id_token

This corrects the previous behavior of the implicit flow, which
only accepted "token" (now correctly rejected).
2017-01-10 16:20:17 -08:00
rithu john
9949a1313c server: modify error messages to use logrus. 2016-12-13 11:52:44 -08:00
Eric Chiang
952e0f81f5 connector: add RefreshConnector interface 2016-11-22 12:53:46 -08:00
Eric Chiang
2834da443f server: allow extra spaces in scopes
go-oidc sends an extra space before the list of scopes. This is bad
but we have to support it, so we'll be more lenient and ignore
duplicated whitespace.
2016-10-12 15:37:12 -07:00
Eric Chiang
ac6e419d48 server: add tests for refreshing with explicit scopes 2016-10-10 11:02:27 -07:00
Eric Chiang
6dbb5c4de6 server: fix cross client scope prefix 2016-10-07 11:40:41 -07:00
Eric Chiang
c113df961a *: support the implicit flow 2016-08-24 11:21:39 -07:00
Eric Chiang
c33ad3e0f3 server: fix oauth2 values and remove unused code 2016-08-24 11:14:38 -07:00
Eric Chiang
bfe560ee21 rename 2016-08-10 22:31:42 -07:00
Eric Chiang
3110f45c3d *: lots of renaming 2016-08-02 21:57:36 -07:00
Eric Chiang
cab271f304 initial commit 2016-07-26 15:51:24 -07:00