Add parametrization of grant type supported in discovery endpoint
Signed-off-by: ariary <ariary9.2@hotmail.fr>
This commit is contained in:
kali
ariary
parent
1b8f544873
commit
1497e70225
|
|
@ -94,7 +94,6 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
|
|||
UserInfo: s.absURL("/userinfo"),
|
||||
DeviceEndpoint: s.absURL("/device/code"),
|
||||
Subjects: []string{"public"},
|
||||
GrantTypes: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode},
|
||||
IDTokenAlgs: []string{string(jose.RS256)},
|
||||
CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain},
|
||||
Scopes: []string{"openid", "email", "groups", "profile", "offline_access"},
|
||||
|
|
@ -110,6 +109,9 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
|
|||
}
|
||||
sort.Strings(d.ResponseTypes)
|
||||
|
||||
d.GrantTypes = s.supportedGrantTypes
|
||||
sort.Strings(d.GrantTypes)
|
||||
|
||||
data, err := json.MarshalIndent(d, "", " ")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
|
||||
|
|
|
|||
|
|
@ -169,6 +169,8 @@ type Server struct {
|
|||
|
||||
supportedResponseTypes map[string]bool
|
||||
|
||||
supportedGrantTypes []string
|
||||
|
||||
now func() time.Time
|
||||
|
||||
idTokensValidFor time.Duration
|
||||
|
|
@ -209,14 +211,19 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
|||
c.SupportedResponseTypes = []string{responseTypeCode}
|
||||
}
|
||||
|
||||
supported := make(map[string]bool)
|
||||
supportedRes := make(map[string]bool)
|
||||
for _, respType := range c.SupportedResponseTypes {
|
||||
switch respType {
|
||||
case responseTypeCode, responseTypeIDToken, responseTypeToken:
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported response_type %q", respType)
|
||||
}
|
||||
supported[respType] = true
|
||||
supportedRes[respType] = true
|
||||
}
|
||||
|
||||
supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} //default
|
||||
if c.PasswordConnector != "" {
|
||||
supportedGrant = append(supportedGrant, grantTypePassword)
|
||||
}
|
||||
|
||||
webFS := web.FS()
|
||||
|
|
@ -249,7 +256,8 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
|||
issuerURL: *issuerURL,
|
||||
connectors: make(map[string]Connector),
|
||||
storage: newKeyCacher(c.Storage, now),
|
||||
supportedResponseTypes: supported,
|
||||
supportedResponseTypes: supportedRes,
|
||||
supportedGrantTypes: supportedGrant,
|
||||
idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour),
|
||||
authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour),
|
||||
deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute),
|
||||
|
|
|
|||
Reference in New Issue