TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-31 03:28:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(oidc): store requested response_mode (#8145)

Browse Source 
# Which Problems Are Solved

Zitadel never stored or returned the requested `response_mode` in oidc
Auth Requests. This caused the oidc library to fallback to the default
based on the response_type.

# How the Problems Are Solved

- Store the `response_mode` in the Auth request repo
- Store the `response_mode` in the Auth request v2 events
- Return the `resonse_mode` from the Auth Request v1 and v2
`ResponseMode()` methods. (Was hard-coded to an empty string)

# Additional Changes

- Populate the `response_modes_supported` to the oidc Discovery
Configuration. When it was empty, the standard specifies the default of
`query` and `fragment`. However, our oidc library also supports
`form_post` and by this fix, zitadel now also supports this.

# Additional Context

- Closes #6586
- Reported
https://discord.com/channels/927474939156643850/1151508313717084220

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Tim Möhlmann 2024-06-17 12:50:12 +03:00 committed by GitHub
parent 85d7536d44
commit 1aa8c49e41
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 287 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/docs/apis/openidoauth/endpoints.mdx
View File

@ -104,6 +104,22 @@ no additional parameters required
| prompt | If the Auth Server prompts the user for (re)authentication. <br />no prompt: the user will have to choose a session if more than one session exists<br />`none`: user must be authenticated without interaction, an error is returned otherwise <br />`login`: user must reauthenticate / provide a user name <br />`select_account`: user is prompted to select one of the existing sessions or create a new one <br />`create`: the registration form will be displayed to the user directly |
| state | Opaque value used to maintain state between the request and the callback. Used for Cross-Site Request Forgery (CSRF) mitigation as well, therefore highly **recommended**. |
| ui_locales | Spaces delimited list of preferred locales for the login UI, e.g. `de-CH de en`. If none is provided or matches the possible locales provided by the login UI, the `accept-language` header of the browser will be taken into account. |
| response_mode | The mechanism to be used for returning parameters to the application. See [response modes](#response-modes) for valid values. Invalid values are ignored. |
#### Response modes
ZITADEL supports the following `response_mode` values. When no response mode is requested, the response mode is choosen based on the configured Response Type of the application.
As per [OpenID Connect Core 1.0, Section 3.1.2.1](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest):
> The use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type.
| Response Mode | Description |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| query | Encode the returned parameters in the URL query string. This is the default when the Response type is `code`, for example [Web applications](/docs/guides/manage/console/applications#web). |
| fragment | Encode the returned parameters in the URL fragment. This is the default when the Response Type is `id_token`, for example implicit [User Agent apps](/docs/guides/manage/console/applications#user-agent). This mode will not work for server-side applications, because fragments are never sent by the browser to the server. |
| form_post[^1] | ZITADEL serves a small JavaScript to the browser which will send the returned parameters to the `redirect_uri` using HTTP POST. This mode only works for server-side applications and user agents which support / allow JavaScript. |
[^1]: Implements [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html)
### Successful code response

1
internal/api/oidc/auth_request.go
View File

@ -75,6 +75,7 @@ func (o *OPStorage) createAuthRequestLoginClient(ctx context.Context, req *oidc.
Audience: audience,
NeedRefreshToken: slices.Contains(scope, oidc.ScopeOfflineAccess),
ResponseType: ResponseTypeToBusiness(req.ResponseType),
ResponseMode: ResponseModeToBusiness(req.ResponseMode),
CodeChallenge: CodeChallengeToBusiness(req.CodeChallenge, req.CodeChallengeMethod),
Prompt: PromptToBusiness(req.Prompt),
UILocales: UILocalesToBusiness(req.UILocales),

25
internal/api/oidc/auth_request_converter.go
View File

@ -6,6 +6,7 @@ import (
"strings"
"time"
"github.com/zitadel/logging"
"github.com/zitadel/oidc/v3/pkg/oidc"
"github.com/zitadel/oidc/v3/pkg/op"
"golang.org/x/text/language"
@ -75,7 +76,7 @@ func (a *AuthRequest) GetResponseType() oidc.ResponseType {
}
func (a *AuthRequest) GetResponseMode() oidc.ResponseMode {
return ""
return ResponseModeToOIDC(a.oidc().ResponseMode)
}
func (a *AuthRequest) GetScopes() []string {
@ -121,6 +122,7 @@ func CreateAuthRequestToBusiness(ctx context.Context, authReq *oidc.AuthRequest,
Request: &domain.AuthRequestOIDC{
Scopes: authReq.Scopes,
ResponseType: ResponseTypeToBusiness(authReq.ResponseType),
ResponseMode: ResponseModeToBusiness(authReq.ResponseMode),
Nonce: authReq.Nonce,
CodeChallenge: CodeChallengeToBusiness(authReq.CodeChallenge, authReq.CodeChallengeMethod),
},
@ -232,6 +234,27 @@ func ResponseTypeToOIDC(responseType domain.OIDCResponseType) oidc.ResponseType
}
}
// ResponseModeToBusiness returns the OIDCResponseMode enum value from the domain package.
// An empty or invalid value defaults to unspecified.
func ResponseModeToBusiness(responseMode oidc.ResponseMode) domain.OIDCResponseMode {
if responseMode == "" {
return domain.OIDCResponseModeUnspecified
}
out, err := domain.OIDCResponseModeString(string(responseMode))
logging.OnError(err).Debugln("invalid oidc response_mode, using default")
return out
}
// ResponseModeToOIDC return the oidc string representation of the enum value from the domain package.
// When responseMode is `0 - unspecified`, an empty string is returned.
// This allows the oidc package to pick the appropriate response mode based on the response type.
func ResponseModeToOIDC(responseMode domain.OIDCResponseMode) oidc.ResponseMode {
if responseMode == domain.OIDCResponseModeUnspecified || !responseMode.IsAOIDCResponseMode() {
return ""
}
return oidc.ResponseMode(responseMode.String())
}
func CodeChallengeToBusiness(challenge string, method oidc.CodeChallengeMethod) *domain.OIDCCodeChallenge {
if challenge == "" {
return nil

96
internal/api/oidc/auth_request_converter_test.go Normal file
View File

@ -0,0 +1,96 @@
package oidc
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/zitadel/oidc/v3/pkg/oidc"
"github.com/zitadel/zitadel/internal/domain"
)
func TestResponseModeToBusiness(t *testing.T) {
type args struct {
responseMode oidc.ResponseMode
}
tests := []struct {
name string
args args
want domain.OIDCResponseMode
}{
{
name: "empty",
args: args{""},
want: domain.OIDCResponseModeUnspecified,
},
{
name: "invalid",
args: args{"foo"},
want: domain.OIDCResponseModeUnspecified,
},
{
name: "query",
args: args{oidc.ResponseModeQuery},
want: domain.OIDCResponseModeQuery,
},
{
name: "fragment",
args: args{oidc.ResponseModeFragment},
want: domain.OIDCResponseModeFragment,
},
{
name: "post_form",
args: args{oidc.ResponseModeFormPost},
want: domain.OIDCResponseModeFormPost,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := ResponseModeToBusiness(tt.args.responseMode)
assert.Equal(t, tt.want, got)
})
}
}
func TestResponseModeToOIDC(t *testing.T) {
type args struct {
responseMode domain.OIDCResponseMode
}
tests := []struct {
name string
args args
want oidc.ResponseMode
}{
{
name: "unspecified",
args: args{domain.OIDCResponseModeUnspecified},
want: "",
},
{
name: "invalid",
args: args{99},
want: "",
},
{
name: "query",
args: args{domain.OIDCResponseModeQuery},
want: oidc.ResponseModeQuery,
},
{
name: "fragment",
args: args{domain.OIDCResponseModeFragment},
want: oidc.ResponseModeFragment,
},
{
name: "form_post",
args: args{domain.OIDCResponseModeFormPost},
want: oidc.ResponseModeFormPost,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := ResponseModeToOIDC(tt.args.responseMode)
assert.Equal(t, tt.want, got)
})
}
}

2
internal/api/oidc/auth_request_converter_v2.go
View File

@ -53,7 +53,7 @@ func (a *AuthRequestV2) GetResponseType() oidc.ResponseType {
}
func (a *AuthRequestV2) GetResponseMode() oidc.ResponseMode {
return ""
return ResponseModeToOIDC(a.ResponseMode)
}
func (a *AuthRequestV2) GetScopes() []string {

39
internal/api/oidc/server.go
View File

@ -173,23 +173,28 @@ func (s *Server) EndSession(ctx context.Context, r *op.Request[oidc.EndSessionRe
func (s *Server) createDiscoveryConfig(ctx context.Context, supportedUILocales oidc.Locales) *oidc.DiscoveryConfiguration {
issuer := op.IssuerFromContext(ctx)
return &oidc.DiscoveryConfiguration{
Issuer: issuer,
AuthorizationEndpoint: s.Endpoints().Authorization.Absolute(issuer),
TokenEndpoint: s.Endpoints().Token.Absolute(issuer),
IntrospectionEndpoint: s.Endpoints().Introspection.Absolute(issuer),
UserinfoEndpoint: s.Endpoints().Userinfo.Absolute(issuer),
RevocationEndpoint: s.Endpoints().Revocation.Absolute(issuer),
EndSessionEndpoint: s.Endpoints().EndSession.Absolute(issuer),
JwksURI: s.Endpoints().JwksURI.Absolute(issuer),
DeviceAuthorizationEndpoint: s.Endpoints().DeviceAuthorization.Absolute(issuer),
ScopesSupported: op.Scopes(s.Provider()),
ResponseTypesSupported: op.ResponseTypes(s.Provider()),
GrantTypesSupported: op.GrantTypes(s.Provider()),
SubjectTypesSupported: op.SubjectTypes(s.Provider()),
IDTokenSigningAlgValuesSupported: []string{s.signingKeyAlgorithm},
RequestObjectSigningAlgValuesSupported: op.RequestObjectSigAlgorithms(s.Provider()),
TokenEndpointAuthMethodsSupported: op.AuthMethodsTokenEndpoint(s.Provider()),
TokenEndpointAuthSigningAlgValuesSupported: op.TokenSigAlgorithms(s.Provider()),
Issuer: issuer,
AuthorizationEndpoint: s.Endpoints().Authorization.Absolute(issuer),
TokenEndpoint: s.Endpoints().Token.Absolute(issuer),
IntrospectionEndpoint: s.Endpoints().Introspection.Absolute(issuer),
UserinfoEndpoint: s.Endpoints().Userinfo.Absolute(issuer),
RevocationEndpoint: s.Endpoints().Revocation.Absolute(issuer),
EndSessionEndpoint: s.Endpoints().EndSession.Absolute(issuer),
JwksURI: s.Endpoints().JwksURI.Absolute(issuer),
DeviceAuthorizationEndpoint: s.Endpoints().DeviceAuthorization.Absolute(issuer),
ScopesSupported: op.Scopes(s.Provider()),
ResponseTypesSupported: op.ResponseTypes(s.Provider()),
ResponseModesSupported: []string{
string(oidc.ResponseModeQuery),
string(oidc.ResponseModeFragment),
string(oidc.ResponseModeFormPost),
},
GrantTypesSupported: op.GrantTypes(s.Provider()),
SubjectTypesSupported: op.SubjectTypes(s.Provider()),
IDTokenSigningAlgValuesSupported: []string{s.signingKeyAlgorithm},
RequestObjectSigningAlgValuesSupported: op.RequestObjectSigAlgorithms(s.Provider()),
TokenEndpointAuthMethodsSupported: op.AuthMethodsTokenEndpoint(s.Provider()),
TokenEndpointAuthSigningAlgValuesSupported: op.TokenSigAlgorithms(s.Provider()),
IntrospectionEndpointAuthSigningAlgValuesSupported: op.IntrospectionSigAlgorithms(s.Provider()),
IntrospectionEndpointAuthMethodsSupported: op.AuthMethodsIntrospectionEndpoint(s.Provider()),
RevocationEndpointAuthSigningAlgValuesSupported: op.RevocationSigAlgorithms(s.Provider()),

2
internal/api/oidc/server_test.go
View File

@ -73,7 +73,7 @@ func TestServer_createDiscoveryConfig(t *testing.T) {
RegistrationEndpoint: "",
ScopesSupported: []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopePhone, oidc.ScopeAddress, oidc.ScopeOfflineAccess},
ResponseTypesSupported: []string{string(oidc.ResponseTypeCode), string(oidc.ResponseTypeIDTokenOnly), string(oidc.ResponseTypeIDToken)},
ResponseModesSupported: nil,
ResponseModesSupported: []string{string(oidc.ResponseModeQuery), string(oidc.ResponseModeFragment), string(oidc.ResponseModeFormPost)},
GrantTypesSupported: []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeImplicit, oidc.GrantTypeRefreshToken, oidc.GrantTypeBearer},
ACRValuesSupported: nil,
SubjectTypesSupported: []string{"public"},

3
internal/command/auth_request.go
View File

@ -21,6 +21,7 @@ type AuthRequest struct {
Scope []string
Audience []string
ResponseType domain.OIDCResponseType
ResponseMode domain.OIDCResponseMode
CodeChallenge *domain.OIDCCodeChallenge
Prompt []domain.Prompt
UILocales []string
@ -64,6 +65,7 @@ func (c *Commands) AddAuthRequest(ctx context.Context, authRequest *AuthRequest)
authRequest.Scope,
authRequest.Audience,
authRequest.ResponseType,
authRequest.ResponseMode,
authRequest.CodeChallenge,
authRequest.Prompt,
authRequest.UILocales,
@ -162,6 +164,7 @@ func authRequestWriteModelToCurrentAuthRequest(writeModel *AuthRequestWriteModel
Scope: writeModel.Scope,
Audience: writeModel.Audience,
ResponseType: writeModel.ResponseType,
ResponseMode: writeModel.ResponseMode,
CodeChallenge: writeModel.CodeChallenge,
Prompt: writeModel.Prompt,
UILocales: writeModel.UILocales,

2
internal/command/auth_request_model.go
View File

@ -23,6 +23,7 @@ type AuthRequestWriteModel struct {
Scope []string
Audience []string
ResponseType domain.OIDCResponseType
ResponseMode domain.OIDCResponseMode
CodeChallenge *domain.OIDCCodeChallenge
Prompt []domain.Prompt
UILocales []string
@ -58,6 +59,7 @@ func (m *AuthRequestWriteModel) Reduce() error {
m.Scope = e.Scope
m.Audience = e.Audience
m.ResponseType = e.ResponseType
m.ResponseMode = e.ResponseMode
m.CodeChallenge = e.CodeChallenge
m.Prompt = e.Prompt
m.UILocales = e.UILocales

17
internal/command/auth_request_test.go
View File

@ -54,6 +54,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -89,6 +90,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -115,6 +117,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
Scope: []string{"openid"},
Audience: []string{"audience"},
ResponseType: domain.OIDCResponseTypeCode,
ResponseMode: domain.OIDCResponseModeQuery,
CodeChallenge: &domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -137,6 +140,7 @@ func TestCommands_AddAuthRequest(t *testing.T) {
Scope: []string{"openid"},
Audience: []string{"audience"},
ResponseType: domain.OIDCResponseTypeCode,
ResponseMode: domain.OIDCResponseModeQuery,
CodeChallenge: &domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -220,6 +224,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -261,6 +266,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -300,6 +306,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -338,6 +345,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -399,6 +407,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -449,6 +458,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -513,6 +523,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
Scope: []string{"openid"},
Audience: []string{"audience"},
ResponseType: domain.OIDCResponseTypeCode,
ResponseMode: domain.OIDCResponseModeQuery,
},
SessionID: "sessionID",
UserID: "userID",
@ -535,6 +546,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -600,6 +612,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
Scope: []string{"openid"},
Audience: []string{"audience"},
ResponseType: domain.OIDCResponseTypeCode,
ResponseMode: domain.OIDCResponseModeQuery,
},
SessionID: "sessionID",
UserID: "userID",
@ -678,6 +691,7 @@ func TestCommands_FailAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
nil,
nil,
nil,
@ -712,6 +726,7 @@ func TestCommands_FailAuthRequest(t *testing.T) {
Scope: []string{"openid"},
Audience: []string{"audience"},
ResponseType: domain.OIDCResponseTypeCode,
ResponseMode: domain.OIDCResponseModeQuery,
},
},
},
@ -773,6 +788,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -810,6 +826,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,

4
internal/command/oidc_session_test.go
View File

@ -124,6 +124,7 @@ func TestCommands_CreateOIDCSessionFromAuthRequest(t *testing.T) {
[]string{"openid", "offline_access"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -167,6 +168,7 @@ func TestCommands_CreateOIDCSessionFromAuthRequest(t *testing.T) {
[]string{"openid", "offline_access"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -218,6 +220,7 @@ func TestCommands_CreateOIDCSessionFromAuthRequest(t *testing.T) {
[]string{"openid", "offline_access"},
[]string{"audience"},
domain.OIDCResponseTypeCode,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,
@ -336,6 +339,7 @@ func TestCommands_CreateOIDCSessionFromAuthRequest(t *testing.T) {
[]string{"openid"},
[]string{"audience"},
domain.OIDCResponseTypeIDToken,
domain.OIDCResponseModeQuery,
&domain.OIDCCodeChallenge{
Challenge: "challenge",
Method: domain.CodeChallengeMethodS256,

10
internal/domain/application_oidc.go
View File

@ -83,6 +83,16 @@ const (
OIDCResponseTypeIDTokenToken
)
//go:generate enumer -type OIDCResponseMode -transform snake -trimprefix OIDCResponseMode
type OIDCResponseMode int
const (
OIDCResponseModeUnspecified OIDCResponseMode = iota
OIDCResponseModeQuery
OIDCResponseModeFragment
OIDCResponseModeFormPost
)
type OIDCGrantType int32
const (

86
internal/domain/oidcresponsemode_enumer.go Normal file
View File

@ -0,0 +1,86 @@
// Code generated by "enumer -type OIDCResponseMode -transform snake -trimprefix OIDCResponseMode"; DO NOT EDIT.
package domain
import (
"fmt"
"strings"
)
const _OIDCResponseModeName = "unspecifiedqueryfragmentform_post"
var _OIDCResponseModeIndex = [...]uint8{0, 11, 16, 24, 33}
const _OIDCResponseModeLowerName = "unspecifiedqueryfragmentform_post"
func (i OIDCResponseMode) String() string {
if i < 0 || i >= OIDCResponseMode(len(_OIDCResponseModeIndex)-1) {
return fmt.Sprintf("OIDCResponseMode(%d)", i)
}
return _OIDCResponseModeName[_OIDCResponseModeIndex[i]:_OIDCResponseModeIndex[i+1]]
}
// An "invalid array index" compiler error signifies that the constant values have changed.
// Re-run the stringer command to generate them again.
func _OIDCResponseModeNoOp() {
var x [1]struct{}
_ = x[OIDCResponseModeUnspecified-(0)]
_ = x[OIDCResponseModeQuery-(1)]
_ = x[OIDCResponseModeFragment-(2)]
_ = x[OIDCResponseModeFormPost-(3)]
}
var _OIDCResponseModeValues = []OIDCResponseMode{OIDCResponseModeUnspecified, OIDCResponseModeQuery, OIDCResponseModeFragment, OIDCResponseModeFormPost}
var _OIDCResponseModeNameToValueMap = map[string]OIDCResponseMode{
_OIDCResponseModeName[0:11]: OIDCResponseModeUnspecified,
_OIDCResponseModeLowerName[0:11]: OIDCResponseModeUnspecified,
_OIDCResponseModeName[11:16]: OIDCResponseModeQuery,
_OIDCResponseModeLowerName[11:16]: OIDCResponseModeQuery,
_OIDCResponseModeName[16:24]: OIDCResponseModeFragment,
_OIDCResponseModeLowerName[16:24]: OIDCResponseModeFragment,
_OIDCResponseModeName[24:33]: OIDCResponseModeFormPost,
_OIDCResponseModeLowerName[24:33]: OIDCResponseModeFormPost,
}
var _OIDCResponseModeNames = []string{
_OIDCResponseModeName[0:11],
_OIDCResponseModeName[11:16],
_OIDCResponseModeName[16:24],
_OIDCResponseModeName[24:33],
}
// OIDCResponseModeString retrieves an enum value from the enum constants string name.
// Throws an error if the param is not part of the enum.
func OIDCResponseModeString(s string) (OIDCResponseMode, error) {
if val, ok := _OIDCResponseModeNameToValueMap[s]; ok {
return val, nil
}
if val, ok := _OIDCResponseModeNameToValueMap[strings.ToLower(s)]; ok {
return val, nil
}
return 0, fmt.Errorf("%s does not belong to OIDCResponseMode values", s)
}
// OIDCResponseModeValues returns all values of the enum
func OIDCResponseModeValues() []OIDCResponseMode {
return _OIDCResponseModeValues
}
// OIDCResponseModeStrings returns a slice of all String values of the enum
func OIDCResponseModeStrings() []string {
strs := make([]string, len(_OIDCResponseModeNames))
copy(strs, _OIDCResponseModeNames)
return strs
}
// IsAOIDCResponseMode returns "true" if the value is listed in the enum definition. "false" otherwise
func (i OIDCResponseMode) IsAOIDCResponseMode() bool {
for _, v := range _OIDCResponseModeValues {
if i == v {
return true
}
}
return false
}

1
internal/domain/request.go
View File

@ -29,6 +29,7 @@ const (
type AuthRequestOIDC struct {
Scopes []string
ResponseType OIDCResponseType
ResponseMode OIDCResponseMode
Nonce string
CodeChallenge *OIDCCodeChallenge
}

3
internal/repository/authrequest/auth_request.go
View File

@ -30,6 +30,7 @@ type AddedEvent struct {
Scope []string `json:"scope,omitempty"`
Audience []string `json:"audience,omitempty"`
ResponseType domain.OIDCResponseType `json:"response_type,omitempty"`
ResponseMode domain.OIDCResponseMode `json:"response_mode,omitempty"`
CodeChallenge *domain.OIDCCodeChallenge `json:"code_challenge,omitempty"`
Prompt []domain.Prompt `json:"prompt,omitempty"`
UILocales []string `json:"ui_locales,omitempty"`
@ -57,6 +58,7 @@ func NewAddedEvent(ctx context.Context,
scope,
audience []string,
responseType domain.OIDCResponseType,
responseMode domain.OIDCResponseMode,
codeChallenge *domain.OIDCCodeChallenge,
prompt []domain.Prompt,
uiLocales []string,
@ -79,6 +81,7 @@ func NewAddedEvent(ctx context.Context,
Scope: scope,
Audience: audience,
ResponseType: responseType,
ResponseMode: responseMode,
CodeChallenge: codeChallenge,
Prompt: prompt,
UILocales: uiLocales,