func handleGetPublicKey(core *roll.Core, w http.ResponseWriter, r *http.Request) {
//Extract client id
clientID := strings.TrimPrefix(r.RequestURI, JWTFlowCertsURI)
if clientID == "" {
respondError(w, http.StatusBadRequest, errors.New("Resource not specified"))
return
}
log.Info("retrieve public key for application: ", clientID)
//Retrieve the app definition. Note that here since we are only returning publically
//available information, we do not have to apply the data security model
app, err := core.SystemRetrieveApplication(clientID)
if err != nil {
log.Info("error retrieving application")
respondError(w, http.StatusInternalServerError, errReadingApplicationRecord)
return
}
if app == nil {
log.Info("application not found")
respondError(w, http.StatusNotFound, nil)
return
}
pk := publicKeyCtx{
PublicKey: app.JWTFlowPublicKey,
}
respondOk(w, &pk)
}
func lookupApplicationFromFormClientID(core *roll.Core, r *http.Request) (*roll.Application, error) {
app, err := core.SystemRetrieveApplication(r.Form["client_id"][0])
if err != nil {
return nil, err
}
if app == nil {
return nil, errors.New("Invalid client id")
}
return app, nil
}
func lookupApplication(core *roll.Core, clientID string) (*roll.Application, error) {
app, err := core.SystemRetrieveApplication(clientID)
if err != nil {
log.Info("Error retrieving app data: ", err.Error())
return nil, ErrRetrievingAppData
}
if app == nil {
log.Info("Invalid client id: ", clientID)
return nil, errors.New("Invalid client id")
}
return app, nil
}
func validateClientSecret(core *roll.Core, r *http.Request, clientID, clientSecret string) (*roll.Application, error) {
app, err := core.SystemRetrieveApplication(clientID)
if err != nil {
return nil, errReadingApplicationRecord
}
if app == nil {
return nil, errApplicationNotFound
}
if clientSecret != app.ClientSecret {
return nil, errInvalidClientSecret
}
return app, nil
}
func validateInputParams(core *roll.Core, r *http.Request) (*roll.Application, error) {
responseType := r.FormValue("response_type")
if responseType != "token" && responseType != "code" {
return nil, errors.New("response_type must be code or token")
}
//Client id is application key
clientID := r.FormValue("client_id")
app, err := core.SystemRetrieveApplication(clientID)
if err != nil {
return nil, err
}
if app == nil {
return nil, errors.New("Invalid client id")
}
redirectURI := r.FormValue("redirect_uri")
if app.RedirectURI != redirectURI {
return nil, errors.New("redirect_uri does not match registered redirect URIs")
}
return app, nil
}