commit 195e3b04a2a384ec0bc86e33b116a5da2b36d0cd · hailey.at/cocoon

+11 -3

oauth/client/manager.go

···

       57
       57
        
       	}

     

       58
       58
        
       

     

       59
       59
        
       	var jwks jwk.Key

     

       60
       60
       -
       	if metadata.JWKS != nil {

     

       60
       60
       +
       	if metadata.JWKS != nil && len(metadata.JWKS.Keys) > 0 {

     

       61
       61
        
       		// TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to

     

       62
       62
        
       		// make sure we use the right one

     

       63
       63
       -
       		k, err := helpers.ParseJWKFromBytes((*metadata.JWKS)[0])

     

       63
       63
       +
       		b, err := json.Marshal(metadata.JWKS.Keys[0])

     

       64
       64
        
       		if err != nil {

     

       65
       65
        
       			return nil, err

     

       66
       66
        
       		}

     

       67
       67
       +
       

     

       68
       68
       +
       		k, err := helpers.ParseJWKFromBytes(b)

     

       69
       69
       +
       		if err != nil {

     

       70
       70
       +
       			return nil, err

     

       71
       71
       +
       		}

     

       72
       72
       +
       

     

       67
       73
        
       		jwks = k

     

       68
       74
        
       	} else if metadata.JWKSURI != nil {

     

       69
       75
        
       		maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI)

     
···

       72
       78
        
       		}

     

       73
       79
        
       

     

       74
       80
        
       		jwks = maybeJwks

     

       81
       81
       +
       	} else {

     

       82
       82
       +
       		return nil, fmt.Errorf("no valid jwks found in oauth client metadata")

     

       75
       83
        
       	}

     

       76
       84
        
       

     

       77
       85
        
       	return &Client{

     
···

       262
       270
        
       			return nil, errors.New("private_key_jwt auth method requires jwks or jwks_uri")

     

       263
       271
        
       		}

     

       264
       272
        
       

     

       265
       265
       -
       		if metadata.JWKS != nil && len(*metadata.JWKS) == 0 {

     

       273
       273
       +
       		if metadata.JWKS != nil && len(metadata.JWKS.Keys) == 0 {

     

       266
       274
        
       			return nil, errors.New("private_key_jwt auth method requires atleast one key in jwks")

     

       267
       275
        
       		}

     

       268
       276

+20 -16

oauth/client/metadata.go

···

       1
       1
        
       package client

     

       2
       2
        
       

     

       3
       3
        
       type Metadata struct {

     

       4
       4
       -
       	ClientID                    string    `json:"client_id"`

     

       5
       5
       -
       	ClientName                  string    `json:"client_name"`

     

       6
       6
       -
       	ClientURI                   string    `json:"client_uri"`

     

       7
       7
       -
       	LogoURI                     string    `json:"logo_uri"`

     

       8
       8
       -
       	TOSURI                      string    `json:"tos_uri"`

     

       9
       9
       -
       	PolicyURI                   string    `json:"policy_uri"`

     

       10
       10
       -
       	RedirectURIs                []string  `json:"redirect_uris"`

     

       11
       11
       -
       	GrantTypes                  []string  `json:"grant_types"`

     

       12
       12
       -
       	ResponseTypes               []string  `json:"response_types"`

     

       13
       13
       -
       	ApplicationType             string    `json:"application_type"`

     

       14
       14
       -
       	DpopBoundAccessTokens       bool      `json:"dpop_bound_access_tokens"`

     

       15
       15
       -
       	JWKSURI                     *string   `json:"jwks_uri,omitempty"`

     

       16
       16
       -
       	JWKS                        *[][]byte `json:"jwks,omitempty"`

     

       17
       17
       -
       	Scope                       string    `json:"scope"`

     

       18
       18
       -
       	TokenEndpointAuthMethod     string    `json:"token_endpoint_auth_method"`

     

       19
       19
       -
       	TokenEndpointAuthSigningAlg string    `json:"token_endpoint_auth_signing_alg"`

     

       4
       4
       +
       	ClientID                    string        `json:"client_id"`

     

       5
       5
       +
       	ClientName                  string        `json:"client_name"`

     

       6
       6
       +
       	ClientURI                   string        `json:"client_uri"`

     

       7
       7
       +
       	LogoURI                     string        `json:"logo_uri"`

     

       8
       8
       +
       	TOSURI                      string        `json:"tos_uri"`

     

       9
       9
       +
       	PolicyURI                   string        `json:"policy_uri"`

     

       10
       10
       +
       	RedirectURIs                []string      `json:"redirect_uris"`

     

       11
       11
       +
       	GrantTypes                  []string      `json:"grant_types"`

     

       12
       12
       +
       	ResponseTypes               []string      `json:"response_types"`

     

       13
       13
       +
       	ApplicationType             string        `json:"application_type"`

     

       14
       14
       +
       	DpopBoundAccessTokens       bool          `json:"dpop_bound_access_tokens"`

     

       15
       15
       +
       	JWKSURI                     *string       `json:"jwks_uri,omitempty"`

     

       16
       16
       +
       	JWKS                        *MetadataJwks `json:"jwks,omitempty"`

     

       17
       17
       +
       	Scope                       string        `json:"scope"`

     

       18
       18
       +
       	TokenEndpointAuthMethod     string        `json:"token_endpoint_auth_method"`

     

       19
       19
       +
       	TokenEndpointAuthSigningAlg string        `json:"token_endpoint_auth_signing_alg"`

     

       20
       20
       +
       }

     

       21
       21
       +
       

     

       22
       22
       +
       type MetadataJwks struct {

     

       23
       23
       +
       	Keys []any `json:"keys"`

     

       20
       24
        
       }