Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify client credential grant #6

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
better credentials handling + adjust tests
Signed-off-by: Houssem Ben Mabrouk <houssem.benmabrouk.ext@orange.com>
orange-hbenmabrouk committed Apr 22, 2024
commit 4137a9cb3ab5d96245ca414b57d1caf453665458
2 changes: 0 additions & 2 deletions connector/connector.go
Original file line number Diff line number Diff line change
@@ -19,8 +19,6 @@ type Scopes struct {

// The client has requested group information about the end user.
Groups bool

Other []string
}

// Identity represents the ID Token claims supported by the server.
29 changes: 14 additions & 15 deletions connector/oidc/oidc.go
Original file line number Diff line number Diff line change
@@ -369,33 +369,32 @@ const (
exchangeCaller
)

func (c *oidcConnector) getTokenViaClientCredentials(s connector.Scopes) (token *oauth2.Token, err error) {
var clientID, clientSecret string

// extract clientID & clientSecret from scopes
for _, data := range s.Other {
if strings.Contains(data, "id-") {
scopeTokens := strings.Split(data, "id-")
clientID = scopeTokens[len(scopeTokens)-1]
}
if strings.Contains(data, "secret-") {
scopeTokens := strings.Split(data, "secret-")
clientSecret = scopeTokens[len(scopeTokens)-1]
}
func (c *oidcConnector) getTokenViaClientCredentials(r *http.Request) (token *oauth2.Token, err error) {
// Setup default clientID & clientSecret
clientID := c.oauth2Config.ClientID
clientSecret := c.oauth2Config.ClientSecret

// Override clientID & clientSecret if they exist!
q := r.Form
if q.Has("custom_client_id") && q.Has("custom_client_secret") {
clientID = q.Get("custom_client_id")
clientSecret = q.Get("custom_client_secret")
}

// check if parsed credentials are not empty
// Check if parsed credentials are not empty
if len(clientID) == 0 || len(clientSecret) == 0 {
return nil, fmt.Errorf("oidc: unable to parse clientID or clientSecret")
}

// Construct data to be sent to the external IdP
data := url.Values{
"grant_type": {"client_credentials"},
"client_id": {clientID},
"client_secret": {clientSecret},
"scope": {strings.Join(c.oauth2Config.Scopes, " ")},
}

// Request token from external IdP
resp, err := c.httpClient.PostForm(c.oauth2Config.Endpoint.TokenURL, data)
if err != nil {
return nil, fmt.Errorf("oidc: failed to get token: %v", err)
@@ -453,7 +452,7 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
}
} else {
// get token via client_credentials
token, err = c.getTokenViaClientCredentials(s)
token, err = c.getTokenViaClientCredentials(r)
if err != nil {
return identity, err
}
Loading
Loading