Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: OAuth 2.0 Device Authorization Grant #2416 #3252

Open
wants to merge 317 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 250 commits
Commits
Show all changes
317 commits
Select commit Hold shift + click to select a range
392d4c5
fix: improve lazy initialization of JWKs
aeneasr May 31, 2022
5de9fcb
feat: allow config context
aeneasr May 31, 2022
dd02c7b
fix: cockroach migration fixes
aeneasr Jun 7, 2022
18b74bd
fix: lazy load PKI
aeneasr Jun 7, 2022
41283d5
test: update fixtures
aeneasr Jun 7, 2022
8c13153
fix: improve jwk generator defaults
aeneasr Jun 7, 2022
2dfe393
chore: format
aeneasr Jun 7, 2022
7c134b7
refactor(sdk): rename PatchDocument to JsonPatchDocument
aeneasr Jun 8, 2022
719db10
fix(sdk): resolve type issues and regenerate SDK
aeneasr Jun 8, 2022
5161259
chore(sdk): remove obsolete template
aeneasr Jun 8, 2022
1a3f2c2
feat(sdk): add missing bearer security definition
aeneasr Jun 8, 2022
f6cb9f4
chore: styles
aeneasr Jun 8, 2022
85e3eae
chore: fix compile and lint issues
aeneasr Jun 9, 2022
26d752a
fix(sdk): remove pattern from scope parameter
aeneasr Jun 10, 2022
9a8a7ab
fix: resolve test issues and regressions introduced by the new JWK ge…
aeneasr Jun 10, 2022
364ba11
fix: regression in database layer
aeneasr Jun 10, 2022
fcd53d2
fix(hsm): public key extraction
aeneasr Jun 10, 2022
b8fb997
fix(hsm): public key extraction everywhere
aeneasr Jun 10, 2022
8484d1e
chore: upgrade golangci-lint
aeneasr Jun 10, 2022
0311aea
fix: compile issue
aeneasr Jun 10, 2022
762e3eb
test(e2e): respect metadata
aeneasr Jun 10, 2022
0496a32
fix(jwk): expose correct metadata algorithms
aeneasr Jun 10, 2022
19bfc53
test(hsm): resolve test issues
aeneasr Jun 13, 2022
7461b13
chore: format
aeneasr Jun 13, 2022
1a6c5e7
test(e2e): upgrade jwks-rsa
aeneasr Jun 13, 2022
81f8a81
test(e2e): upgrade cypress
aeneasr Jun 13, 2022
774a158
fix: default back to RS256 keys
aeneasr Jun 13, 2022
406a091
chore: format
aeneasr Jun 13, 2022
f72e695
test: update snapshots
aeneasr Jun 14, 2022
f90079a
fix: missing data in JWT grant (#3143)
aeneasr Jun 14, 2022
c635b12
fix(sdk): handle all error codes (#3153)
aeneasr Jun 14, 2022
e119e1a
fix: support issuer with and without trailing slash
aeneasr Jun 14, 2022
a9f151c
test(e2e): fix issuer URL
aeneasr Jun 14, 2022
faa17da
test: update snapshots
aeneasr Jun 14, 2022
55aa649
chore: remove stray console.log's
aeneasr Jun 14, 2022
a6f6923
test(e2e): add trailing slash to issuer
aeneasr Jun 14, 2022
499705a
feat: add ability to allow token refresh from hook without overriding…
zachabney Jun 17, 2022
1293447
refactor(client): make OAuth2 Client IDs system-chosen and immutable
aeneasr Jun 14, 2022
1b48b3d
fix: ignore cypress screenshots in git
aeneasr Jun 17, 2022
c43cc6b
chore: format
aeneasr Jun 17, 2022
5fd77e1
fix: incorrect queries
aeneasr Jun 17, 2022
e59cf18
test(e2e): resolve test regressions
aeneasr Jun 17, 2022
9cf3ebc
fix: quickstart with SQLite
aeneasr Jun 17, 2022
c0c67bf
test(e2e): fix jwt regression
aeneasr Jun 17, 2022
a25b3d1
fix: client specific CORS
aeneasr Jun 17, 2022
71ff745
feat: respect local DNS restrictions
aeneasr Jun 17, 2022
8857ec6
fix: resolve token prefix regression
aeneasr Jun 17, 2022
07611d7
test: fix flaky equal check
aeneasr Jun 23, 2022
da9a06d
chore: update formatter and formatting
aeneasr Jun 23, 2022
3ccbb82
ci: do not use --verbose flag
aeneasr Jun 23, 2022
0ebe76c
feat: add token prefixes
aeneasr Jun 17, 2022
288b7a9
test: fix flaky equal check
aeneasr Jun 23, 2022
45b78dd
chore: update fosite dependency
aeneasr Jun 23, 2022
2b486a6
chore: upgrade crdb to v22.x
aeneasr Jun 23, 2022
afeb4ea
feat: support alternate hashing algorithms for client secrets
aeneasr Jun 23, 2022
7b824c5
refactor: rename `hydra clients create` command
aeneasr Jun 23, 2022
c27dcdb
feat(cli): significantly improved `create client`
aeneasr Jun 24, 2022
7b33224
refactor: rename `hydra clients get` command
aeneasr Jun 24, 2022
d562759
refactor: rename `hydra clients delete` command
aeneasr Jun 24, 2022
c2d63ef
refactor: rename `hydra clients list` command
aeneasr Jun 24, 2022
efb0d81
refactor(client): replace limit and offset parameters with page_token…
aeneasr Jun 24, 2022
757ec07
refactor: rename `hydra clients update` command
aeneasr Jun 24, 2022
23711f6
refactor: rename `hydra clients import` command
aeneasr Jun 24, 2022
30a5ddc
fix: compile errors
aeneasr Jun 24, 2022
bc9d7f0
refactor: remove `/oauth2/flush` endpoint
aeneasr Jun 24, 2022
8840450
refactor: `hydra keys` command
aeneasr Jun 26, 2022
1c1ee10
refactor: `hydra token client` command
aeneasr Jun 27, 2022
09ad37e
refactor: CLI environment variables `HYDRA_URL` has been renamed to `…
aeneasr Jun 27, 2022
9d6ab4e
test: update snapshots
aeneasr Jun 27, 2022
172ad1d
refactor: `hydra token delete` command
aeneasr Jun 27, 2022
e8dacf7
refactor: `hydra token introspect` command
aeneasr Jun 27, 2022
eedeb21
refactor: `hydra token revoke` command
aeneasr Jun 27, 2022
a7b6e76
fix: remove incorrect aliases
aeneasr Jun 27, 2022
2083f37
chore: update golang and alpine
aeneasr Jun 27, 2022
2592e6f
feat: improve CLI messages
aeneasr Jun 27, 2022
9e9e6cc
chore: remove mod rewrites
aeneasr Jun 27, 2022
f2ba68b
chore: fix lint issues
aeneasr Jun 27, 2022
bd247cd
test(e2e): fix build instructions
aeneasr Jun 27, 2022
bea251a
refactor: environment variable `DATABASE_URL` has been deprecated
aeneasr Jun 27, 2022
980d92b
fix: update benchmark script
aeneasr Jun 27, 2022
351e13c
test(conformance): add directory
aeneasr Jun 27, 2022
9340003
refactor: deprecate `--dangerous-allow-insecure-redirect-url` flag
aeneasr Jun 27, 2022
58fefe7
refactor: deprecate `--dangerous-force-http` flag
aeneasr Jun 27, 2022
45c0688
feat: improve cookie settings
aeneasr Jun 27, 2022
456f24a
feat: make CORS config hot reloadable
aeneasr Jun 28, 2022
895195b
feat: improved cookie controls
aeneasr Jun 28, 2022
e694217
feat: rebuild containers on start
aeneasr Jul 10, 2022
3215355
refactor(client): rename SDK methods and introduce `/admin` prefix
grantzvolsky Aug 1, 2022
c8aa92c
refactor(jwk): rename SDK methods and introduce `/admin` prefix
aeneasr Jun 29, 2022
5432e57
unstaged - refactor sdk use across the board
aeneasr Jun 29, 2022
a6640a3
refactor(consent): rename SDK method from `revokeConsentSessions` to …
aeneasr Jul 4, 2022
78ec7f2
refactor(consent): rename SDK method from `adminListSubjectConsentSes…
aeneasr Jul 4, 2022
5e62ab6
refactor(consent): rename SDK method from `revokeAuthenticationSessio…
aeneasr Jul 4, 2022
e67b070
refactor(consent): rename SDK method from `getLoginRequest` to `admin…
aeneasr Jul 4, 2022
08ded09
refactor(consent): rename SDK method from `acceptLoginRequest` to `ad…
aeneasr Jul 4, 2022
6451fe6
refactor(consent): rename SDK method from `rejectLoginRequest` to `re…
aeneasr Jul 4, 2022
5f50bc4
refactor(consent): rename SDK method from `getOAuth2ConsentRequest` t…
aeneasr Jul 4, 2022
014757e
refactor(consent): rename SDK method from `acceptConsentRequest` to `…
aeneasr Jul 4, 2022
523c0c8
refactor(consent): rename SDK method from `rejectConsentRequest` to `…
aeneasr Jul 4, 2022
b9691a6
refactor(consent): rename SDK method from `rejectLogoutRequest` to `a…
aeneasr Jul 4, 2022
c11e013
feat: improve refresh token error messages
aeneasr Jul 5, 2022
c7d5317
refactor: finalize consent SDK methods
grantzvolsky Aug 1, 2022
ef4439d
refactor(trust): rename SDK method from `trustJwtGrantIssuer` to `adm…
aeneasr Jul 6, 2022
614608d
refactor(trust): rename SDK method from `getTrustedJwtGrantIssuer` to…
aeneasr Jul 6, 2022
1e81ef0
refactor(trust): rename SDK method from `deleteTrustedJwtGrantIssuer`…
aeneasr Jul 6, 2022
88fd959
refactor(trust): rename SDK method from `listTrustedJwtGrantIssuers` …
aeneasr Jul 6, 2022
4078062
refactor(oauth2): rename SDK method from `discoverOpenIDConfiguration…
aeneasr Jul 6, 2022
cd9688d
refactor(oauth2): rename SDK method from `userinfo` to `getOidcUserInfo`
aeneasr Jul 6, 2022
f12ea23
refactor(oauth2): rename SDK method from `introspectOAuth2Token` to `…
aeneasr Jul 6, 2022
436da68
refactor(oauth2): rename SDK method from `oauth2Token` to `performOAu…
aeneasr Jul 6, 2022
a1da0ef
refactor(oauth2): rename SDK method from `deleteOAuth2Token` to `admi…
aeneasr Jul 6, 2022
9b0b247
refactor(oauth2): clean up changes
aeneasr Jul 6, 2022
0c246f3
chore: regenerate values
aeneasr Jul 6, 2022
847ab83
fix: resolve internal SDK regressions
aeneasr Jul 9, 2022
7fa2c32
fix: remove goswagger generated client
grantzvolsky Aug 1, 2022
2d775a9
fix: docker image build
aeneasr Jul 9, 2022
a8ea371
fix: resolve conformance build issues
aeneasr Jul 9, 2022
ba9f436
fix: conformity health check
aeneasr Jul 10, 2022
87bd804
test: fix conformity issues
aeneasr Jul 10, 2022
fb816c8
test: update paths to reflect new admin api
aeneasr Jul 11, 2022
158e1a0
test: update resource limits
aeneasr Jul 11, 2022
9028ed4
chore: remove fosite replace
aeneasr Jul 11, 2022
71ada55
fix(sdk): use correct struct for response
aeneasr Jul 11, 2022
803f814
refactor: rename `access_log` to `request_log`
aeneasr Jul 12, 2022
547605a
fix: remove deprecated config value
aeneasr Jul 12, 2022
44467fc
chore: remove unused code
aeneasr Jul 14, 2022
fa4345c
chore: reorganize definition
aeneasr Jul 14, 2022
79a41fd
docs: update config key descriptions
aeneasr Jul 14, 2022
97c0995
feat: add embedx helpers (#3189)
aeneasr Jul 14, 2022
ce7e92f
feat: make all ui urls relative
aeneasr Jul 16, 2022
d5703b0
fix: improve duration pattern
aeneasr Jul 16, 2022
d17ff7c
fix(config): add default to supported types.
aeneasr Jul 15, 2022
d50ad65
fix(config): disallow additional properties
aeneasr Jul 15, 2022
472b93e
fix(config): correct salt detection
aeneasr Jul 15, 2022
245c8d1
fix: improve time validation
aeneasr Jul 15, 2022
fb9597c
fix(sdk): genericError type
aeneasr Jul 15, 2022
9046905
feat(sdk): type nulls
aeneasr Jul 15, 2022
055f71f
fix: improve health check reporting
aeneasr Jul 16, 2022
5af62e9
fix: pop compile issue
aeneasr Jul 16, 2022
13bff88
fix: speed up health checks
aeneasr Jul 16, 2022
2c34cba
fix: `max_age=0` forces authentication
aeneasr Jul 18, 2022
48f3d96
fix(config): support number
aeneasr Jul 18, 2022
2b4dfb9
fix(cli): output format issues
aeneasr Jul 17, 2022
0c733f6
fix(oauth2): incorrect TTL override
aeneasr Jul 17, 2022
2f927d0
feat(client): respect ip restrictions in client validation
aeneasr Jul 17, 2022
8046a8e
feat: better control for cookie secure flag
aeneasr Jul 18, 2022
656e604
fix: resolve migration regressions
aeneasr Jul 18, 2022
461d76f
fix: conditionals in db-diff
aeneasr Jul 19, 2022
de0d10b
chore: add json1 tag to db-diff
aeneasr Jul 19, 2022
53ac222
fix: add json1 tag everywhere
aeneasr Jul 19, 2022
ef38039
fix: use --yes flag in db-diff
aeneasr Jul 19, 2022
2b8edad
feat: custom client token ttl (#3206)
grantzvolsky Jul 28, 2022
b79dd31
fix: handle server error when refresh token requests come same time (…
sawadashota Jul 29, 2022
f4a0cb5
autogen: pin v1.11.9-pre.0 release commit
aeneasr Jul 29, 2022
7be5188
chore: update prettierignore
grantzvolsky Jul 31, 2022
af32b1f
chore: update ory/x
grantzvolsky Jul 31, 2022
84cbff6
chore: delete unused code
grantzvolsky Aug 1, 2022
a995592
test: fix a flaky test
grantzvolsky Aug 1, 2022
33468b0
chore: code review
aeneasr Aug 1, 2022
4a09ab2
fix: docker instructions
aeneasr Aug 1, 2022
7d02fea
test: fix resp.bodyclose lint error
grantzvolsky Aug 1, 2022
59494a7
fix: cache migration status
aeneasr Aug 1, 2022
0c57e96
fix: improve migration status speed
aeneasr Aug 1, 2022
85a4c14
fix: prefix paths correctly with /admin
aeneasr Aug 4, 2022
8eb8acd
fix: consistently use RS256 in hot reloading
aeneasr Aug 4, 2022
e7b60eb
fix: move to v0alpha2 api spec
aeneasr Aug 8, 2022
1417dc7
fix: make servicelocator explicit
aeneasr Aug 18, 2022
79de03e
feat: pass options from root
aeneasr Aug 18, 2022
39b6c4e
chore: change metric name and make Go 1.19 compatible (#3223)
nipsufn Aug 23, 2022
7dbf7fc
fix: remove unused swagger struct
aeneasr Aug 23, 2022
f35e1f8
feat: upgrade go-swagger
aeneasr Aug 23, 2022
e52be84
chore: update openapi-generator to 6.0.1
aeneasr Aug 23, 2022
abe8819
chore: regenerate SDKs
aeneasr Aug 23, 2022
f0119f4
fix(sdk): make session uniquely named
aeneasr Aug 23, 2022
5062d54
fix: replace of consent session expires values
aeneasr Aug 23, 2022
bea8c4a
fix(sdk): omit DefaultSession
aeneasr Aug 23, 2022
517a203
chore: regenerate SDKs
aeneasr Aug 23, 2022
0a785c1
chore: address merge conflicts
aeneasr Sep 5, 2022
6a34755
Rework device code for Hydra2
BuzzBumbleBee Sep 2, 2022
707137a
Fix device grant migrations for hydra2
BuzzBumbleBee Sep 4, 2022
eb6ea87
Point go mod to buzzbumblebee downstream
BuzzBumbleBee Sep 4, 2022
e64d230
This adds a own login flow for the Device Auth Grant
supercairos Sep 7, 2022
43c9f8c
Update go.mod & update mocks, sdk, ...
supercairos Sep 7, 2022
18fef67
Merge remote-tracking branch 'github/master' into feat_dev_grants_2x
supercairos Sep 7, 2022
1cb56d5
Merge branch 'feat_dev_grants_2x' into rcaire/retry-pr
supercairos Sep 7, 2022
69ec9e2
Merge pull request #3 from BuzzBumbleBee/rcaire/retry-pr
BuzzBumbleBee Sep 7, 2022
f73f906
Merge remote-tracking branch 'github/master' into feat_dev_grants_2x
supercairos Sep 8, 2022
e464c9c
Use UUID for Postgres database tables for device auth grant.
supercairos Sep 8, 2022
7e667df
Don't edit changelog
supercairos Sep 8, 2022
6ad7962
Merge branch 'master' into feat_dev_grants_2x
supercairos Sep 8, 2022
25560fe
Don't print useless informations
supercairos Sep 9, 2022
5b73751
Fix documentation
supercairos Sep 9, 2022
64c6e0a
Update SDK
supercairos Sep 9, 2022
4060311
Add support for CockroachDB
supercairos Sep 9, 2022
dbfe96b
Remove "device_code" auth flow
supercairos Sep 9, 2022
2967022
Fix merge error
supercairos Sep 12, 2022
7772b6f
Remove unused OIDC device code factory
supercairos Sep 12, 2022
07087a8
Add new provider test to validate polling interval
supercairos Sep 12, 2022
1806a65
Merge branch 'master' into feat_dev_grants_2x
supercairos Sep 12, 2022
93dd7f9
Update Gomod to latest fosite
supercairos Sep 12, 2022
89e7669
Cleanup database migration
supercairos Sep 12, 2022
534decc
Merge branch 'master' into feat_dev_grants_2x
supercairos Sep 12, 2022
7807128
create-device-code-at-start
supercairos Sep 13, 2022
4a627b2
Split files and do some DB optimizations
supercairos Sep 14, 2022
b0d56e6
fix: fix wrong comment
supercairos Sep 14, 2022
6ba4187
Add network id to the device grant database;
supercairos Sep 14, 2022
815b33a
Update go.mod & go.sum
supercairos Sep 14, 2022
a18a285
fix mysql db error
supercairos Sep 14, 2022
1ba9082
Optimize database for MySQL
supercairos Sep 14, 2022
b92ae8c
Remove useless function
supercairos Sep 15, 2022
ffa6d06
Rework cleanup order to fix CI
supercairos Sep 15, 2022
6e6d5d0
Merge branch 'master' into feat_dev_grants_2x
supercairos Sep 15, 2022
19db45a
Rework cleanup order to fix CI
supercairos Sep 15, 2022
ac12fcc
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos Sep 15, 2022
f13fc21
Handle errors on Device Authorize Flow
supercairos Sep 15, 2022
0dead43
Add contrains for NID on Device Grant Request table
supercairos Sep 15, 2022
6e7022c
Merge branch 'master' into feat_dev_grants_2x
supercairos Sep 29, 2022
b789517
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos Sep 29, 2022
42518d2
Fix format for linting
supercairos Sep 29, 2022
adf6d97
Fix format using GO 1.19
supercairos Sep 29, 2022
5946f65
Merge branch 'feat_dev_grants_2x' into device-code-rework
supercairos Sep 29, 2022
c63f04b
Don't use inline SQL Reference, instead add them using ALTER TABLE
supercairos Sep 30, 2022
da4dbd4
Update go.mod & go.sum
supercairos Oct 4, 2022
71c5633
Merge branch 'master' into feat_dev_grants_2x
supercairos Oct 4, 2022
7795f5b
Merge branch 'master' into feat_dev_grants_2x
supercairos Oct 20, 2022
dbe98f0
Fix snapshot tests
supercairos Oct 20, 2022
23108a5
Merge branch 'master' into feat_dev_grants_2x
supercairos Nov 18, 2022
59d3f2f
fix following merge update
supercairos Nov 18, 2022
ec41822
Fix following csrf function signature
supercairos Nov 18, 2022
1e19d49
Merge branch 'master' into feat_dev_grants_2x
supercairos Dec 13, 2022
f60e047
Integrate new fosite
supercairos Dec 14, 2022
ec01377
remove the ability to setup a custom url path for the device endpoint.
supercairos Jan 24, 2023
6de6c9a
Merge branch 'master' into feat_dev_grants_2x
supercairos Feb 1, 2023
12c2ea6
Merge branch 'master' into feat_dev_grants_2x
supercairos Mar 14, 2023
929bbf7
Merge branch 'master' into feat_dev_grants_2x
supercairos Mar 20, 2023
3372fb2
Fixup on tag 2.0.3
supercairos Apr 18, 2023
5b7bb83
Merge branch '2.0.3_fix_up' into feat_dev_grants_2x
supercairos Apr 18, 2023
e2a8ace
Merge branch 'master' into feat_dev_grants_2x
supercairos Apr 18, 2023
ff3fdc9
Fix merge
supercairos Apr 18, 2023
3e0388c
Merge branch 'master' into feat_dev_grants_2x
supercairos Jun 2, 2023
343b053
Merge branch 'master' into feat_dev_grants_2x
supercairos Jul 18, 2023
3711af2
Merge branch 'master' into feat_dev_grants_2x
supercairos Nov 24, 2023
662801a
Fix test error
supercairos Nov 25, 2023
aed80e9
Fix tests
supercairos Nov 25, 2023
25346c6
Fix tests
supercairos Nov 25, 2023
44dd093
Fix route spec
supercairos Nov 27, 2023
b8c598a
Update struc name
supercairos Jan 4, 2024
d25a3a8
Update pkgs
supercairos Jan 4, 2024
5191714
Merge branch 'master' into feat_dev_grants_2x
supercairos Jan 4, 2024
edf0738
Start working on persister tests
supercairos Jan 11, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions client/registry.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/ory/fosite"
foauth2 "github.com/ory/fosite/handler/oauth2"
"github.com/ory/fosite/handler/rfc8628"
"github.com/ory/hydra/v2/jwk"
"github.com/ory/hydra/v2/x"
)
Expand All @@ -23,5 +24,6 @@ type Registry interface {
ClientHasher() fosite.Hasher
OpenIDJWTStrategy() jwk.JWTSigner
OAuth2HMACStrategy() *foauth2.HMACSHAStrategy
RFC8628HMACStrategy() rfc8628.RFC8628CodeStrategy
config.Provider
}
90 changes: 90 additions & 0 deletions consent/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
LoginPath = "/oauth2/auth/requests/login"
ConsentPath = "/oauth2/auth/requests/consent"
LogoutPath = "/oauth2/auth/requests/logout"
DevicePath = "/oauth2/auth/requests/device"
SessionsPath = "/oauth2/auth/sessions"
)

Expand Down Expand Up @@ -66,6 +67,8 @@
admin.GET(LogoutPath, h.getOAuth2LogoutRequest)
admin.PUT(LogoutPath+"/accept", h.acceptOAuth2LogoutRequest)
admin.PUT(LogoutPath+"/reject", h.rejectOAuth2LogoutRequest)

admin.PUT(DevicePath+"/verify", h.verifyUserCodeRequest)
}

// Revoke OAuth 2.0 Consent Session Parameters
Expand Down Expand Up @@ -1037,3 +1040,90 @@

h.r.Writer().Write(w, r, request)
}

// Verify OAuth 2.0 User Code Request
//
// swagger:parameters verifyUserCodeRequest
type verifyUserCodeRequest struct {
// in: query
// required: true
Challenge string `json:"device_challenge"`

// in: body
Body flow.DeviceGrantVerifyUserCodeRequest
}

// swagger:route PUT /admin/oauth2/auth/requests/device/verify oAuth2 verifyUserCodeRequest
//
// # Verifies a device grant request
//
// Verifies a device grant request
//
// Consumes:
// - application/json
//
// Produces:
// - application/json
//
// Schemes: http, https
//
// Responses:
// 200: oAuth2RedirectTo
// default: errorOAuth2
func (h *Handler) verifyUserCodeRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need this if we just use the user code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense now, please ignore :)

Needs tests, though ;)

challenge := stringsx.Coalesce(
r.URL.Query().Get("device_challenge"),
r.URL.Query().Get("challenge"),
)
if challenge == "" {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'challenge' is not defined but should have been.`)))
return

Check warning on line 1080 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1073-L1080

Added lines #L1073 - L1080 were not covered by tests
}

var p flow.DeviceGrantVerifyUserCodeRequest
d := json.NewDecoder(r.Body)
d.DisallowUnknownFields()
if err := d.Decode(&p); err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithWrap(err).WithHintf("Unable to decode body because: %s", err)))
return

Check warning on line 1088 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1083-L1088

Added lines #L1083 - L1088 were not covered by tests
}

if p.UserCode == "" {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint("Field 'user_code' must not be empty.")))
return

Check warning on line 1093 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1091-L1093

Added lines #L1091 - L1093 were not covered by tests
}

userCodeSignature, err := h.r.RFC8628HMACStrategy().UserCodeSignature(r.Context(), p.UserCode)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithHint(`'user_code' signature could not be computed`)))
return

Check warning on line 1099 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1096-L1099

Added lines #L1096 - L1099 were not covered by tests
}
userCodeRequest, err := h.r.OAuth2Storage().GetUserCodeSession(r.Context(), userCodeSignature, &fosite.DefaultSession{})
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrNotFound.WithWrap(err).WithHint(`'user_code' session not found`)))
return

Check warning on line 1104 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1101-L1104

Added lines #L1101 - L1104 were not covered by tests
}

clientId := userCodeRequest.GetClient().GetID()

Check warning on line 1107 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1107

Added line #L1107 was not covered by tests
// UserCode & DeviceCode Request shares the same RequestId as it's the same request;
deviceRequestId := userCodeRequest.GetID()
requestedScopes := userCodeRequest.GetRequestedScopes()
requestedAudience := userCodeRequest.GetRequestedAudience()

Check warning on line 1111 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1109-L1111

Added lines #L1109 - L1111 were not covered by tests

err = h.r.OAuth2Storage().InvalidateUserCodeSession(r.Context(), userCodeSignature)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithHint(`Could not invalidate 'user_code'`)))
return

Check warning on line 1116 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1113-L1116

Added lines #L1113 - L1116 were not covered by tests
}

// req.GetID() is actually the DeviceCodeSignature
grantRequest, err := h.r.ConsentManager().AcceptDeviceGrantRequest(r.Context(), challenge, deviceRequestId, clientId, requestedScopes, requestedAudience)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithHint(`Could not accept device grant request`)))
return

Check warning on line 1123 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1120-L1123

Added lines #L1120 - L1123 were not covered by tests
}

h.r.Writer().Write(w, r, &flow.OAuth2RedirectTo{
RedirectTo: urlx.SetQuery(h.c.OAuth2DeviceAuthorisationURL(r.Context()), url.Values{"device_verifier": {grantRequest.Verifier}, "client_id": {clientId}}).String(),
})

Check warning on line 1128 in consent/handler.go

View check run for this annotation

Codecov / codecov/patch

consent/handler.go#L1126-L1128

Added lines #L1126 - L1128 were not covered by tests
}
2 changes: 1 addition & 1 deletion consent/helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"github.com/ory/hydra/v2/flow"
)

func sanitizeClientFromRequest(ar fosite.AuthorizeRequester) *client.Client {
func sanitizeClientFromRequest(ar fosite.Requester) *client.Client {
return sanitizeClient(ar.GetClient().(*client.Client))
}

Expand Down
6 changes: 6 additions & 0 deletions consent/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/gofrs/uuid"

"github.com/ory/fosite"
"github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/flow"
)
Expand Down Expand Up @@ -60,6 +61,11 @@ type (
AcceptLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error)
RejectLogoutRequest(ctx context.Context, challenge string) error
VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error)

CreateDeviceGrantRequest(ctx context.Context, req *flow.DeviceGrantRequest) error
GetDeviceGrantRequestByVerifier(ctx context.Context, verifier string) (*flow.DeviceGrantRequest, error)
AcceptDeviceGrantRequest(ctx context.Context, challenge string, device_code_signature string, clientId string, requested_scopes fosite.Arguments, requested_aud fosite.Arguments) (*flow.DeviceGrantRequest, error)
VerifyAndInvalidateDeviceGrantRequest(ctx context.Context, verifier string) (*flow.DeviceGrantRequest, error)
}

ManagerProvider interface {
Expand Down
6 changes: 6 additions & 0 deletions consent/strategy.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ type Strategy interface {
r *http.Request,
req fosite.AuthorizeRequester,
) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
HandleOAuth2DeviceAuthorizationRequest(
ctx context.Context,
w http.ResponseWriter,
r *http.Request,
req fosite.DeviceAuthorizeRequester,
) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
HandleHeadlessLogout(ctx context.Context, w http.ResponseWriter, r *http.Request, sid string) error
ObfuscateSubjectIdentifier(ctx context.Context, cl fosite.Client, subject, forcedIdentifier string) (string, error)
Expand Down
Loading
Loading