Merge pull request #2265 from ariary/master

Add parametrization of grant type supported in discovery endpoint
This commit is contained in:
Márk Sági-Kazár 2021-10-06 15:54:17 +02:00 committed by GitHub
commit 67ba7a1c70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions

3
server/handlers.go Normal file → Executable file
View File

@ -94,7 +94,6 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
UserInfo: s.absURL("/userinfo"), UserInfo: s.absURL("/userinfo"),
DeviceEndpoint: s.absURL("/device/code"), DeviceEndpoint: s.absURL("/device/code"),
Subjects: []string{"public"}, Subjects: []string{"public"},
GrantTypes: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode},
IDTokenAlgs: []string{string(jose.RS256)}, IDTokenAlgs: []string{string(jose.RS256)},
CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain}, CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain},
Scopes: []string{"openid", "email", "groups", "profile", "offline_access"}, Scopes: []string{"openid", "email", "groups", "profile", "offline_access"},
@ -110,6 +109,8 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
} }
sort.Strings(d.ResponseTypes) sort.Strings(d.ResponseTypes)
d.GrantTypes = s.supportedGrantTypes
data, err := json.MarshalIndent(d, "", " ") data, err := json.MarshalIndent(d, "", " ")
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to marshal discovery data: %v", err) return nil, fmt.Errorf("failed to marshal discovery data: %v", err)

16
server/server.go Normal file → Executable file
View File

@ -11,6 +11,7 @@ import (
"net/url" "net/url"
"os" "os"
"path" "path"
"sort"
"strconv" "strconv"
"strings" "strings"
"sync" "sync"
@ -169,6 +170,8 @@ type Server struct {
supportedResponseTypes map[string]bool supportedResponseTypes map[string]bool
supportedGrantTypes []string
now func() time.Time now func() time.Time
idTokensValidFor time.Duration idTokensValidFor time.Duration
@ -209,16 +212,22 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
c.SupportedResponseTypes = []string{responseTypeCode} c.SupportedResponseTypes = []string{responseTypeCode}
} }
supported := make(map[string]bool) supportedRes := make(map[string]bool)
for _, respType := range c.SupportedResponseTypes { for _, respType := range c.SupportedResponseTypes {
switch respType { switch respType {
case responseTypeCode, responseTypeIDToken, responseTypeToken: case responseTypeCode, responseTypeIDToken, responseTypeToken:
default: default:
return nil, fmt.Errorf("unsupported response_type %q", respType) return nil, fmt.Errorf("unsupported response_type %q", respType)
} }
supported[respType] = true supportedRes[respType] = true
} }
supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default
if c.PasswordConnector != "" {
supportedGrant = append(supportedGrant, grantTypePassword)
}
sort.Strings(supportedGrant)
webFS := web.FS() webFS := web.FS()
if c.Web.Dir != "" { if c.Web.Dir != "" {
webFS = os.DirFS(c.Web.Dir) webFS = os.DirFS(c.Web.Dir)
@ -249,7 +258,8 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
issuerURL: *issuerURL, issuerURL: *issuerURL,
connectors: make(map[string]Connector), connectors: make(map[string]Connector),
storage: newKeyCacher(c.Storage, now), storage: newKeyCacher(c.Storage, now),
supportedResponseTypes: supported, supportedResponseTypes: supportedRes,
supportedGrantTypes: supportedGrant,
idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour), idTokensValidFor: value(c.IDTokensValidFor, 24*time.Hour),
authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour), authRequestsValidFor: value(c.AuthRequestsValidFor, 24*time.Hour),
deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute), deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute),