Ejemplo n.º 1
0
func (d *dbDriver) NewClient(meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) {
	if err := d.Valid(&meta); err != nil {
		return nil, err
	}
	var clientID string
	var err error

	if meta.RedirectURIs[0].Host != "" {
		clientID, err = oidc.GenClientID(meta.RedirectURIs[0].Host)
	} else if meta.RedirectURIs[0].Scheme != "" {
		clientID, err = oidc.GenClientID(meta.RedirectURIs[0].Scheme)
	}
	if err != nil {
		return nil, err
	}
	if clientID == "" {
		return nil, errors.New("invalid first redirect URL")
	}

	cc, err := d.ciRepo.New(clientID, meta)
	if err != nil {
		return nil, err
	}

	if admin {
		d.ciRepo.SetDexAdmin(clientID, admin)
	}

	return cc, nil
}
Ejemplo n.º 2
0
func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientRegistrationResponse, *apiError) {
	var clientMetadata oidc.ClientMetadata
	if err := json.NewDecoder(r.Body).Decode(&clientMetadata); err != nil {
		return nil, newAPIError(oauth2.ErrorInvalidRequest, err.Error())
	}
	if err := s.ProviderConfig().Supports(clientMetadata); err != nil {
		return nil, newAPIError(invalidClientMetadata, err.Error())
	}

	// metadata is guarenteed to have at least one redirect_uri by earlier validation.
	id, err := oidc.GenClientID(clientMetadata.RedirectURIs[0].Host)
	if err != nil {
		log.Errorf("Faild to create client ID: %v", err)
		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
	}

	creds, err := s.ClientIdentityRepo.New(id, clientMetadata)
	if err != nil {
		log.Errorf("Failed to create new client identity: %v", err)
		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
	}

	return &oidc.ClientRegistrationResponse{
		ClientID:       creds.ID,
		ClientSecret:   creds.Secret,
		ClientMetadata: clientMetadata,
	}, nil
}
Ejemplo n.º 3
0
func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
	if err := meta.Valid(); err != nil {
		return nil, err
	}

	clientID, err := oidc.GenClientID(meta.RedirectURLs[0].Host)
	if err != nil {
		return nil, err
	}

	return d.ciRepo.New(clientID, meta)
}
Ejemplo n.º 4
0
func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
	ct := r.Header.Get("content-type")
	if ct != "application/json" {
		log.Debugf("Unsupported request content-type: %v", ct)
		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidRequest, "unsupported content-type"))
		return
	}

	var sc schema.Client
	dec := json.NewDecoder(r.Body)
	err := dec.Decode(&sc)
	if err != nil {
		log.Debugf("Error decoding request body: %v", err)
		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidRequest, "unable to decode request body"))
		return
	}

	ci, err := schema.MapSchemaClientToClientIdentity(sc)
	if err != nil {
		log.Debugf("Invalid request data: %v", err)
		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, "missing or invalid field: redirectURIs"))
		return
	}

	if err := ci.Metadata.Valid(); err != nil {
		log.Debugf("ClientMetadata invalid: %v", err)
		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
		return
	}

	clientID, err := oidc.GenClientID(ci.Metadata.RedirectURIs[0].Host)
	if err != nil {
		log.Errorf("Failed generating ID for new client: %v", err)
		writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to generate client ID"))
		return
	}

	creds, err := c.repo.New(clientID, ci.Metadata)
	if err != nil {
		log.Errorf("Failed creating client: %v", err)
		writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to create client"))
		return
	}
	ci.Credentials = *creds

	ssc := schema.MapClientIdentityToSchemaClientWithSecret(ci)
	w.Header().Add("Location", phttp.NewResourceLocation(r.URL, ci.Credentials.ID))
	writeResponseWithBody(w, http.StatusCreated, ssc)
}