diff --git a/server/handlers.go b/server/handlers.go index 0fe8084d..694ababb 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -1153,7 +1153,6 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) { } func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { - // Parse the fields if err := r.ParseForm(); err != nil { s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest) @@ -1161,38 +1160,10 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli } q := r.Form - // Get the clientID and secret from basic auth or form variables - clientID, clientSecret, ok := r.BasicAuth() - if ok { - var err error - if clientID, err = url.QueryUnescape(clientID); err != nil { - s.tokenErrHelper(w, errInvalidRequest, "client_id improperly encoded", http.StatusBadRequest) - return - } - if clientSecret, err = url.QueryUnescape(clientSecret); err != nil { - s.tokenErrHelper(w, errInvalidRequest, "client_secret improperly encoded", http.StatusBadRequest) - return - } - } else { - clientID = q.Get("client_id") - clientSecret = q.Get("client_secret") - } - nonce := q.Get("nonce") // Some clients, like the old go-oidc, provide extra whitespace. Tolerate this. scopes := strings.Fields(q.Get("scope")) - // Get the client from the database - client, err := s.storage.GetClient(clientID) - if err != nil { - if err == storage.ErrNotFound { - s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Invalid client_id (%q).", clientID), http.StatusBadRequest) - return - } - s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Failed to get client %v.", err), http.StatusBadRequest) - return - } - // Parse the scopes if they are passed var ( unrecognized []string @@ -1211,7 +1182,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli continue } - isTrusted, err := s.validateCrossClientTrust(clientID, peerID) + isTrusted, err := s.validateCrossClientTrust(client.ID, peerID) if err != nil { s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest) return @@ -1299,7 +1270,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli refresh := storage.RefreshToken{ ID: storage.NewID(), Token: storage.NewID(), - ClientID: clientID, + ClientID: client.ID, ConnectorID: connID, Scopes: scopes, Claims: claims, @@ -1390,7 +1361,6 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli deleteToken = true return } - } }