Merge pull request #2265 from ariary/master
Add parametrization of grant type supported in discovery endpoint
This commit is contained in:
Márk Sági-Kazár
GitHub
commit
67ba7a1c70
2 changed files with 15 additions and 4 deletions
3
server/handlers.go
Normal file → Executable file
3
server/handlers.go
Normal file → Executable file
|
|
@ -94,7 +94,6 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
|
||||||
UserInfo: s.absURL("/userinfo"),
|
UserInfo: s.absURL("/userinfo"),
|
||||||
DeviceEndpoint: s.absURL("/device/code"),
|
DeviceEndpoint: s.absURL("/device/code"),
|
||||||
Subjects: []string{"public"},
|
Subjects: []string{"public"},
|
||||||
GrantTypes: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode},
|
|
||||||
IDTokenAlgs: []string{string(jose.RS256)},
|
IDTokenAlgs: []string{string(jose.RS256)},
|
||||||
CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain},
|
CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain},
|
||||||
Scopes: []string{"openid", "email", "groups", "profile", "offline_access"},
|
Scopes: []string{"openid", "email", "groups", "profile", "offline_access"},
|
||||||
|
|
@ -110,6 +109,8 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
|
||||||
}
|
}
|
||||||
sort.Strings(d.ResponseTypes)
|
sort.Strings(d.ResponseTypes)
|
||||||
|
|
||||||
|
d.GrantTypes = s.supportedGrantTypes
|
||||||
|
|
||||||
data, err := json.MarshalIndent(d, "", " ")
|
data, err := json.MarshalIndent(d, "", " ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
|
return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
|
||||||
|
|
|
||||||
16
server/server.go
Normal file → Executable file
16
server/server.go
Normal file → Executable file
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
"sort"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
@ -169,6 +170,8 @@ type Server struct {
|
||||||
|
|
||||||
supportedResponseTypes map[string]bool
|
supportedResponseTypes map[string]bool
|
||||||
|
|
||||||
|
supportedGrantTypes []string
|
||||||
|
|
||||||
now func() time.Time
|
now func() time.Time
|
||||||
|
|
||||||
idTokensValidFor time.Duration
|
idTokensValidFor time.Duration
|
||||||
|
|
@ -209,16 +212,22 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
||||||
c.SupportedResponseTypes = []string{responseTypeCode}
|
c.SupportedResponseTypes = []string{responseTypeCode}
|
||||||
}
|
}
|
||||||
|
|
||||||
supported := make(map[string]bool)
|
supportedRes := make(map[string]bool)
|
||||||
for _, respType := range c.SupportedResponseTypes {
|
for _, respType := range c.SupportedResponseTypes {
|
||||||
switch respType {
|
switch respType {
|
||||||
case responseTypeCode, responseTypeIDToken, responseTypeToken:
|
case responseTypeCode, responseTypeIDToken, responseTypeToken:
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("unsupported response_type %q", respType)
|
return nil, fmt.Errorf("unsupported response_type %q", respType)
|
||||||
}
|
}
|
||||||
supported[respType] = true
|
supportedRes[respType] = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default
|
||||||
|
if c.PasswordConnector != "" {
|
||||||
|
supportedGrant = append(supportedGrant, grantTypePassword)
|
||||||
|
}
|
||||||
|
sort.Strings(supportedGrant)
|
||||||
|
|
||||||
webFS := web.FS()
|
webFS := web.FS()
|
||||||
if c.Web.Dir != "" {
|
if c.Web.Dir != "" {
|
||||||
webFS = os.DirFS(c.Web.Dir)
|
webFS = os.DirFS(c.Web.Dir)
|
||||||
|
|
@ -249,7 +258,8 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
|
||||||
issuerURL: *issuerURL,
|
issuerURL: *issuerURL,
|
||||||
connectors: make(map[string]Connector),
|
connectors: make(map[string]Connector),
|
||||||
storage: newKeyCacher(c.Storage, now),
|
storage: newKeyCacher(c.Storage, now),
|
||||||
supportedResponseTypes: supported,
|
supportedResponseTypes: supportedRes,
|
||||||
|
supportedGrantTypes: supportedGrant,
|
||||||
idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour),
|
idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour),
|
||||||
authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour),
|
authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour),
|
||||||
deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute),
|
deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute),
|
||||||
|
|
|
||||||
Reference in a new issue