···
73
-
func (o *OauthClient) ResolvePDSAuthServer(ctx context.Context, ustr string) (string, error) {
73
+
func (c *OauthClient) ResolvePDSAuthServer(ctx context.Context, ustr string) (string, error) {
u, err := isSafeAndParsed(ustr)
···
return "", fmt.Errorf("error creating request for oauth protected resource: %w", err)
86
-
resp, err := o.h.Do(req)
86
+
resp, err := c.h.Do(req)
return "", fmt.Errorf("could not get response from server: %w", err)
···
return resource.AuthorizationServers[0], nil
114
-
func (o *OauthClient) FetchAuthServerMetadata(ctx context.Context, ustr string) (any, error) {
114
+
func (c *OauthClient) FetchAuthServerMetadata(ctx context.Context, ustr string) (any, error) {
u, err := isSafeAndParsed(ustr)
···
return nil, fmt.Errorf("error creating request to fetch auth metadata: %w", err)
127
-
resp, err := o.h.Do(req)
127
+
resp, err := c.h.Do(req)
return nil, fmt.Errorf("error getting response for auth metadata: %w", err)
···
155
-
func (o *OauthClient) ClientAssertionJwt(authServerUrl string) (string, error) {
155
+
func (c *OauthClient) ClientAssertionJwt(authServerUrl string) (string, error) {
"iat": time.Now().Unix(),
token := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
165
-
token.Header["kid"] = o.clientKid
165
+
token.Header["kid"] = c.clientKid
167
-
tokenString, err := token.SignedString(o.clientPrivateKey)
167
+
tokenString, err := token.SignedString(c.clientPrivateKey)
···
175
-
func (o *OauthClient) AuthServerDpopJwt(method, url, nonce string, privateJwk jwk.Key) (string, error) {
175
+
func (c *OauthClient) AuthServerDpopJwt(method, url, nonce string, privateJwk jwk.Key) (string, error) {
raw, err := jwk.PublicKeyOf(privateJwk)
···
228
-
func (o *OauthClient) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key) (any, error) {
228
+
func (c *OauthClient) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key) (any, error) {
if authServerMeta == nil {
return nil, fmt.Errorf("nil metadata provided")
···
codeChallenge := generateCodeChallenge(pkceVerifier)
codeChallengeMethod := "S256"
248
-
clientAssertion, err := o.ClientAssertionJwt(authServerUrl)
248
+
clientAssertion, err := c.ClientAssertionJwt(authServerUrl)
255
-
dpopProof, err := o.AuthServerDpopJwt("POST", parUrl, nonce, dpopPrivateKey)
255
+
dpopProof, err := c.AuthServerDpopJwt("POST", parUrl, nonce, dpopPrivateKey)
···
"code_challenge": codeChallenge,
"code_challenge_method": codeChallengeMethod,
264
-
"client_id": o.clientId,
264
+
"client_id": c.clientId,
266
-
"redirect_uri": o.redirectUri,
266
+
"redirect_uri": c.redirectUri,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": clientAssertion,
hailey.at