Remove uneccesary client verification
This commit is contained in:
parent
13be146d2a
commit
0f9a74f1d0
@ -1153,7 +1153,6 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) {
|
||||
|
||||
// Parse the fields
|
||||
if err := r.ParseForm(); err != nil {
|
||||
s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest)
|
||||
@ -1161,38 +1160,10 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
}
|
||||
q := r.Form
|
||||
|
||||
// Get the clientID and secret from basic auth or form variables
|
||||
clientID, clientSecret, ok := r.BasicAuth()
|
||||
if ok {
|
||||
var err error
|
||||
if clientID, err = url.QueryUnescape(clientID); err != nil {
|
||||
s.tokenErrHelper(w, errInvalidRequest, "client_id improperly encoded", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if clientSecret, err = url.QueryUnescape(clientSecret); err != nil {
|
||||
s.tokenErrHelper(w, errInvalidRequest, "client_secret improperly encoded", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
clientID = q.Get("client_id")
|
||||
clientSecret = q.Get("client_secret")
|
||||
}
|
||||
|
||||
nonce := q.Get("nonce")
|
||||
// Some clients, like the old go-oidc, provide extra whitespace. Tolerate this.
|
||||
scopes := strings.Fields(q.Get("scope"))
|
||||
|
||||
// Get the client from the database
|
||||
client, err := s.storage.GetClient(clientID)
|
||||
if err != nil {
|
||||
if err == storage.ErrNotFound {
|
||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Invalid client_id (%q).", clientID), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Failed to get client %v.", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse the scopes if they are passed
|
||||
var (
|
||||
unrecognized []string
|
||||
@ -1211,7 +1182,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
continue
|
||||
}
|
||||
|
||||
isTrusted, err := s.validateCrossClientTrust(clientID, peerID)
|
||||
isTrusted, err := s.validateCrossClientTrust(client.ID, peerID)
|
||||
if err != nil {
|
||||
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest)
|
||||
return
|
||||
@ -1299,7 +1270,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
refresh := storage.RefreshToken{
|
||||
ID: storage.NewID(),
|
||||
Token: storage.NewID(),
|
||||
ClientID: clientID,
|
||||
ClientID: client.ID,
|
||||
ConnectorID: connID,
|
||||
Scopes: scopes,
|
||||
Claims: claims,
|
||||
@ -1390,7 +1361,6 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
deleteToken = true
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user