func (d *dbDriver) NewClient(meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) {
if err := d.Valid(&meta); err != nil {
return nil, err
}
var clientID string
var err error
if meta.RedirectURIs[0].Host != "" {
clientID, err = oidc.GenClientID(meta.RedirectURIs[0].Host)
} else if meta.RedirectURIs[0].Scheme != "" {
clientID, err = oidc.GenClientID(meta.RedirectURIs[0].Scheme)
}
if err != nil {
return nil, err
}
if clientID == "" {
return nil, errors.New("invalid first redirect URL")
}
cc, err := d.ciRepo.New(clientID, meta)
if err != nil {
return nil, err
}
if admin {
d.ciRepo.SetDexAdmin(clientID, admin)
}
return cc, nil
}
func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientRegistrationResponse, *apiError) {
var clientMetadata oidc.ClientMetadata
if err := json.NewDecoder(r.Body).Decode(&clientMetadata); err != nil {
return nil, newAPIError(oauth2.ErrorInvalidRequest, err.Error())
}
if err := s.ProviderConfig().Supports(clientMetadata); err != nil {
return nil, newAPIError(invalidClientMetadata, err.Error())
}
// metadata is guarenteed to have at least one redirect_uri by earlier validation.
id, err := oidc.GenClientID(clientMetadata.RedirectURIs[0].Host)
if err != nil {
log.Errorf("Faild to create client ID: %v", err)
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
}
creds, err := s.ClientIdentityRepo.New(id, clientMetadata)
if err != nil {
log.Errorf("Failed to create new client identity: %v", err)
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
}
return &oidc.ClientRegistrationResponse{
ClientID: creds.ID,
ClientSecret: creds.Secret,
ClientMetadata: clientMetadata,
}, nil
}
func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
if err := meta.Valid(); err != nil {
return nil, err
}
clientID, err := oidc.GenClientID(meta.RedirectURLs[0].Host)
if err != nil {
return nil, err
}
return d.ciRepo.New(clientID, meta)
}
func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
ct := r.Header.Get("content-type")
if ct != "application/json" {
log.Debugf("Unsupported request content-type: %v", ct)
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidRequest, "unsupported content-type"))
return
}
var sc schema.Client
dec := json.NewDecoder(r.Body)
err := dec.Decode(&sc)
if err != nil {
log.Debugf("Error decoding request body: %v", err)
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidRequest, "unable to decode request body"))
return
}
ci, err := schema.MapSchemaClientToClientIdentity(sc)
if err != nil {
log.Debugf("Invalid request data: %v", err)
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, "missing or invalid field: redirectURIs"))
return
}
if err := ci.Metadata.Valid(); err != nil {
log.Debugf("ClientMetadata invalid: %v", err)
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
return
}
clientID, err := oidc.GenClientID(ci.Metadata.RedirectURIs[0].Host)
if err != nil {
log.Errorf("Failed generating ID for new client: %v", err)
writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to generate client ID"))
return
}
creds, err := c.repo.New(clientID, ci.Metadata)
if err != nil {
log.Errorf("Failed creating client: %v", err)
writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to create client"))
return
}
ci.Credentials = *creds
ssc := schema.MapClientIdentityToSchemaClientWithSecret(ci)
w.Header().Add("Location", phttp.NewResourceLocation(r.URL, ci.Credentials.ID))
writeResponseWithBody(w, http.StatusCreated, ssc)
}
