diff --git a/driver/config/provider.go b/driver/config/provider.go index c6029982922..9492fcee611 100644 --- a/driver/config/provider.go +++ b/driver/config/provider.go @@ -376,10 +376,12 @@ func (p *DefaultProvider) fallbackURL(ctx context.Context, path string, host str return &u } +// GetDeviceAndUserCodeLifespan returns the device_code and user_code lifespan. Defaults to 15 minutes. func (p *DefaultProvider) GetDeviceAndUserCodeLifespan(ctx context.Context) time.Duration { return p.p.DurationF(KeyDeviceAndUserCodeLifespan, time.Minute*15) } +// GetDeviceAuthTokenPollingInterval returns device grant token endpoint polling interval. Defaults to 5 seconds. func (p *DefaultProvider) GetDeviceAuthTokenPollingInterval(ctx context.Context) time.Duration { return p.p.DurationF(KeyDeviceAuthTokenPollingInterval, time.Second*5) } @@ -404,6 +406,7 @@ func (p *DefaultProvider) ErrorURL(ctx context.Context) *url.URL { return urlRoot(p.getProvider(ctx).RequestURIF(KeyErrorURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/error"))) } +// DeviceVerificationURL returns user_code verification page URL. Defaults to "oauth2/fallbacks/device". func (p *DefaultProvider) DeviceVerificationURL(ctx context.Context) *url.URL { return urlRoot(p.getProvider(ctx).URIF(KeyDeviceVerificationURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/device"))) } @@ -465,6 +468,7 @@ func (p *DefaultProvider) OAuth2AuthURL(ctx context.Context) *url.URL { return p.getProvider(ctx).RequestURIF(KeyOAuth2AuthURL, urlx.AppendPaths(p.PublicURL(ctx), "/oauth2/auth")) } +// OAuth2DeviceAuthorisationURL returns device authorization endpoint. Defaults to "/oauth2/device/auth". func (p *DefaultProvider) OAuth2DeviceAuthorisationURL(ctx context.Context) *url.URL { return p.getProvider(ctx).RequestURIF(KeyOAuth2DeviceAuthorisationURL, urlx.AppendPaths(p.PublicURL(ctx), "/oauth2/device/auth")) } diff --git a/driver/registry_base.go b/driver/registry_base.go index cf05892185b..4f899724a2e 100644 --- a/driver/registry_base.go +++ b/driver/registry_base.go @@ -411,6 +411,7 @@ func (m *RegistryBase) OAuth2HMACStrategy() *foauth2.HMACSHAStrategy { return m.hmacs } +// RFC8628HMACStrategy returns the rfc8628 strategy func (m *RegistryBase) RFC8628HMACStrategy() rfc8628.RFC8628CodeStrategy { if m.deviceHmac != nil { return m.deviceHmac diff --git a/fositex/config.go b/fositex/config.go index 7c2018971f6..f699eb5ab5e 100644 --- a/fositex/config.go +++ b/fositex/config.go @@ -119,6 +119,7 @@ func (c *Config) GetRevocationHandlers(context.Context) fosite.RevocationHandler return c.revocationHandlers } +// GetDeviceEndpointHandlers returns the deviceEndpointHandlers func (c *Config) GetDeviceEndpointHandlers(ctx context.Context) fosite.DeviceEndpointHandlers { return c.deviceEndpointHandlers } @@ -216,6 +217,7 @@ func (c *Config) GetTokenURLs(ctx context.Context) []string { }) } +// GetDeviceVerificationURL returns the device verification url func (c *Config) GetDeviceVerificationURL(ctx context.Context) string { return urlx.AppendPaths(c.deps.Config().PublicURL(ctx), oauth2.DeviceAuthPath).String() } diff --git a/oauth2/handler.go b/oauth2/handler.go index 7749770fe2a..2a51d14d400 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -60,7 +60,7 @@ const ( RevocationPath = "/oauth2/revoke" DeleteTokensPath = "/oauth2/tokens" // #nosec G101 - // Device Grant Handler + // Device authorization endpoint DeviceAuthPath = "/oauth2/device/auth" ) diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go index 251236373a7..2a0fe4ca4a4 100644 --- a/persistence/sql/persister_oauth2.go +++ b/persistence/sql/persister_oauth2.go @@ -571,18 +571,21 @@ func (p *Persister) DeleteAccessTokens(ctx context.Context, clientID string) (er ) } +// CreateDeviceCodeSession creates a new device code session and stores it in the database func (p *Persister) CreateDeviceCodeSession(ctx context.Context, signature string, requester fosite.Requester) (err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateDeviceCodeSession") defer otelx.End(span, &err) return p.createSession(ctx, signature, requester, sqlTableDeviceCode) } +// UpdateDeviceCodeSession updates a device code session func (p *Persister) UpdateDeviceCodeSession(ctx context.Context, signature string, requester fosite.Requester) (err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateDeviceCodeSession") defer otelx.End(span, &err) return p.updateSessionBySignature(ctx, signature, requester, sqlTableDeviceCode) } +// GetDeviceCodeSession returns a device code session from the database func (p *Persister) GetDeviceCodeSession(ctx context.Context, signature string, session fosite.Session) (_ fosite.Requester, err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetDeviceCodeSession") defer otelx.End(span, &err) @@ -605,18 +608,21 @@ func (p *Persister) InvalidateDeviceCodeSession(ctx context.Context, signature s ) } +// CreateUserCodeSession creates a new user code session and stores it in the database func (p *Persister) CreateUserCodeSession(ctx context.Context, signature string, requester fosite.Requester) (err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateUserCodeSession") defer otelx.End(span, &err) return p.createSession(ctx, signature, requester, sqlTableUserCode) } +// GetUserCodeSession returns a user code session from the database func (p *Persister) GetUserCodeSession(ctx context.Context, signature string, session fosite.Session) (_ fosite.Requester, err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetUserCodeSession") defer otelx.End(span, &err) return p.findSessionBySignature(ctx, signature, session, sqlTableUserCode) } +// InvalidateUserCodeSession invalidates a user code session func (p *Persister) InvalidateUserCodeSession(ctx context.Context, signature string) (err error) { ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.InvalidateUserCodeSession") defer otelx.End(span, &err)