mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-25 09:07:48 +00:00
14b8cf4894
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
89 lines
2.3 KiB
Go
89 lines
2.3 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
_ "embed"
|
|
errs "errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/api/call"
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
)
|
|
|
|
type AuthRequest struct {
|
|
ID string
|
|
CreationDate time.Time
|
|
LoginClient string
|
|
ClientID string
|
|
Scope []string
|
|
RedirectURI string
|
|
Prompt []domain.Prompt
|
|
UiLocales []string
|
|
LoginHint *string
|
|
MaxAge *time.Duration
|
|
HintUserID *string
|
|
}
|
|
|
|
func (a *AuthRequest) checkLoginClient(ctx context.Context) error {
|
|
if uid := authz.GetCtxData(ctx).UserID; uid != a.LoginClient {
|
|
return errors.ThrowPermissionDenied(nil, "OIDCv2-aL0ag", "Errors.AuthRequest.WrongLoginClient")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
//go:embed embed/auth_request_by_id.sql
|
|
var authRequestByIDQuery string
|
|
|
|
func (q *Queries) authRequestByIDQuery(ctx context.Context) string {
|
|
return fmt.Sprintf(authRequestByIDQuery, q.client.Timetravel(call.Took(ctx)))
|
|
}
|
|
|
|
func (q *Queries) AuthRequestByID(ctx context.Context, shouldTriggerBulk bool, id string, checkLoginClient bool) (_ *AuthRequest, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
if shouldTriggerBulk {
|
|
ctx = projection.AuthRequestProjection.Trigger(ctx)
|
|
}
|
|
|
|
var (
|
|
scope database.StringArray
|
|
prompt database.EnumArray[domain.Prompt]
|
|
locales database.StringArray
|
|
)
|
|
|
|
dst := new(AuthRequest)
|
|
err = q.client.DB.QueryRowContext(
|
|
ctx, q.authRequestByIDQuery(ctx),
|
|
id, authz.GetInstance(ctx).InstanceID(),
|
|
).Scan(
|
|
&dst.ID, &dst.CreationDate, &dst.LoginClient, &dst.ClientID, &scope, &dst.RedirectURI,
|
|
&prompt, &locales, &dst.LoginHint, &dst.MaxAge, &dst.HintUserID,
|
|
)
|
|
if errs.Is(err, sql.ErrNoRows) {
|
|
return nil, errors.ThrowNotFound(err, "QUERY-Thee9", "Errors.AuthRequest.NotExisting")
|
|
}
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Ou8ue", "Errors.Internal")
|
|
}
|
|
|
|
dst.Scope = scope
|
|
dst.Prompt = prompt
|
|
dst.UiLocales = locales
|
|
|
|
if checkLoginClient {
|
|
if err = dst.checkLoginClient(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return dst, nil
|
|
}
|