Remove uneccesary client verification
This commit is contained in:
parent
13be146d2a
commit
0f9a74f1d0
1 changed files with 2 additions and 32 deletions
|
@ -1153,7 +1153,6 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) {
|
func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) {
|
||||||
|
|
||||||
// Parse the fields
|
// Parse the fields
|
||||||
if err := r.ParseForm(); err != nil {
|
if err := r.ParseForm(); err != nil {
|
||||||
s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest)
|
s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest)
|
||||||
|
@ -1161,38 +1160,10 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||||
}
|
}
|
||||||
q := r.Form
|
q := r.Form
|
||||||
|
|
||||||
// Get the clientID and secret from basic auth or form variables
|
|
||||||
clientID, clientSecret, ok := r.BasicAuth()
|
|
||||||
if ok {
|
|
||||||
var err error
|
|
||||||
if clientID, err = url.QueryUnescape(clientID); err != nil {
|
|
||||||
s.tokenErrHelper(w, errInvalidRequest, "client_id improperly encoded", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if clientSecret, err = url.QueryUnescape(clientSecret); err != nil {
|
|
||||||
s.tokenErrHelper(w, errInvalidRequest, "client_secret improperly encoded", http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
clientID = q.Get("client_id")
|
|
||||||
clientSecret = q.Get("client_secret")
|
|
||||||
}
|
|
||||||
|
|
||||||
nonce := q.Get("nonce")
|
nonce := q.Get("nonce")
|
||||||
// Some clients, like the old go-oidc, provide extra whitespace. Tolerate this.
|
// Some clients, like the old go-oidc, provide extra whitespace. Tolerate this.
|
||||||
scopes := strings.Fields(q.Get("scope"))
|
scopes := strings.Fields(q.Get("scope"))
|
||||||
|
|
||||||
// Get the client from the database
|
|
||||||
client, err := s.storage.GetClient(clientID)
|
|
||||||
if err != nil {
|
|
||||||
if err == storage.ErrNotFound {
|
|
||||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Invalid client_id (%q).", clientID), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Failed to get client %v.", err), http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Parse the scopes if they are passed
|
// Parse the scopes if they are passed
|
||||||
var (
|
var (
|
||||||
unrecognized []string
|
unrecognized []string
|
||||||
|
@ -1211,7 +1182,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
isTrusted, err := s.validateCrossClientTrust(clientID, peerID)
|
isTrusted, err := s.validateCrossClientTrust(client.ID, peerID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest)
|
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
|
@ -1299,7 +1270,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||||
refresh := storage.RefreshToken{
|
refresh := storage.RefreshToken{
|
||||||
ID: storage.NewID(),
|
ID: storage.NewID(),
|
||||||
Token: storage.NewID(),
|
Token: storage.NewID(),
|
||||||
ClientID: clientID,
|
ClientID: client.ID,
|
||||||
ConnectorID: connID,
|
ConnectorID: connID,
|
||||||
Scopes: scopes,
|
Scopes: scopes,
|
||||||
Claims: claims,
|
Claims: claims,
|
||||||
|
@ -1390,7 +1361,6 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||||
deleteToken = true
|
deleteToken = true
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue