func handleGetPublicKey(core *roll.Core, w http.ResponseWriter, r *http.Request) { //Extract client id clientID := strings.TrimPrefix(r.RequestURI, JWTFlowCertsURI) if clientID == "" { respondError(w, http.StatusBadRequest, errors.New("Resource not specified")) return } log.Info("retrieve public key for application: ", clientID) //Retrieve the app definition. Note that here since we are only returning publically //available information, we do not have to apply the data security model app, err := core.SystemRetrieveApplication(clientID) if err != nil { log.Info("error retrieving application") respondError(w, http.StatusInternalServerError, errReadingApplicationRecord) return } if app == nil { log.Info("application not found") respondError(w, http.StatusNotFound, nil) return } pk := publicKeyCtx{ PublicKey: app.JWTFlowPublicKey, } respondOk(w, &pk) }
func lookupApplicationFromFormClientID(core *roll.Core, r *http.Request) (*roll.Application, error) { app, err := core.SystemRetrieveApplication(r.Form["client_id"][0]) if err != nil { return nil, err } if app == nil { return nil, errors.New("Invalid client id") } return app, nil }
func lookupApplication(core *roll.Core, clientID string) (*roll.Application, error) { app, err := core.SystemRetrieveApplication(clientID) if err != nil { log.Info("Error retrieving app data: ", err.Error()) return nil, ErrRetrievingAppData } if app == nil { log.Info("Invalid client id: ", clientID) return nil, errors.New("Invalid client id") } return app, nil }
func validateClientSecret(core *roll.Core, r *http.Request, clientID, clientSecret string) (*roll.Application, error) { app, err := core.SystemRetrieveApplication(clientID) if err != nil { return nil, errReadingApplicationRecord } if app == nil { return nil, errApplicationNotFound } if clientSecret != app.ClientSecret { return nil, errInvalidClientSecret } return app, nil }
func validateInputParams(core *roll.Core, r *http.Request) (*roll.Application, error) { responseType := r.FormValue("response_type") if responseType != "token" && responseType != "code" { return nil, errors.New("response_type must be code or token") } //Client id is application key clientID := r.FormValue("client_id") app, err := core.SystemRetrieveApplication(clientID) if err != nil { return nil, err } if app == nil { return nil, errors.New("Invalid client id") } redirectURI := r.FormValue("redirect_uri") if app.RedirectURI != redirectURI { return nil, errors.New("redirect_uri does not match registered redirect URIs") } return app, nil }