Device flow token code exchange (#2)

* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>

cmd/dex/config.go

@@ -283,6 +283,9 @@ type Expiry struct {
 
 	// AuthRequests defines the duration of time for which the AuthRequests will be valid.
 	AuthRequests string `json:"authRequests"`
+
+	// DeviceRequests defines the duration of time for which the DeviceRequests will be valid.
+	DeviceRequests string `json:"deviceRequests"`
 }
 
 // Logger holds configuration required to customize logging for dex.

cmd/dex/config_test.go

@@ -119,6 +119,7 @@ expiry:
   signingKeys: "7h"
   idTokens: "25h"
   authRequests: "25h"
+  deviceRequests: "10m"
 
 logger:
   level: "debug"
@@ -197,9 +198,10 @@ logger:
 			},
 		},
 		Expiry: Expiry{
-			SigningKeys:  "7h",
-			IDTokens:     "25h",
-			AuthRequests: "25h",
+			SigningKeys:    "7h",
+			IDTokens:       "25h",
+			AuthRequests:   "25h",
+			DeviceRequests: "10m",
 		},
 		Logger: Logger{
 			Level:  "debug",

cmd/dex/serve.go

@@ -269,7 +269,14 @@ func serve(cmd *cobra.Command, args []string) error {
 		logger.Infof("config auth requests valid for: %v", authRequests)
 		serverConfig.AuthRequestsValidFor = authRequests
 	}
-
+	if c.Expiry.DeviceRequests != "" {
+		deviceRequests, err := time.ParseDuration(c.Expiry.DeviceRequests)
+		if err != nil {
+			return fmt.Errorf("invalid config value %q for device request expiry: %v", c.Expiry.AuthRequests, err)
+		}
+		logger.Infof("config device requests valid for: %v", deviceRequests)
+		serverConfig.DeviceRequestsValidFor = deviceRequests
+	}
 	serv, err := server.NewServer(context.Background(), serverConfig)
 	if err != nil {
 		return fmt.Errorf("failed to initialize server: %v", err)