mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
143db66445
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
112 lines
3.0 KiB
Go
112 lines
3.0 KiB
Go
package oidc
|
|
|
|
import (
|
|
"github.com/ory/fosite"
|
|
|
|
"github.com/authelia/authelia/internal/authentication"
|
|
"github.com/authelia/authelia/internal/authorization"
|
|
"github.com/authelia/authelia/internal/configuration/schema"
|
|
"github.com/authelia/authelia/internal/session"
|
|
)
|
|
|
|
// NewClient creates a new InternalClient.
|
|
func NewClient(config schema.OpenIDConnectClientConfiguration) (client *InternalClient) {
|
|
client = &InternalClient{
|
|
ID: config.ID,
|
|
Description: config.Description,
|
|
Policy: authorization.PolicyToLevel(config.Policy),
|
|
Secret: []byte(config.Secret),
|
|
RedirectURIs: config.RedirectURIs,
|
|
GrantTypes: config.GrantTypes,
|
|
ResponseTypes: config.ResponseTypes,
|
|
Scopes: config.Scopes,
|
|
|
|
UserinfoSigningAlgorithm: config.UserinfoSigningAlgorithm,
|
|
|
|
ResponseModes: []fosite.ResponseModeType{
|
|
fosite.ResponseModeDefault,
|
|
},
|
|
}
|
|
|
|
for _, mode := range config.ResponseModes {
|
|
client.ResponseModes = append(client.ResponseModes, fosite.ResponseModeType(mode))
|
|
}
|
|
|
|
return client
|
|
}
|
|
|
|
// IsAuthenticationLevelSufficient returns if the provided authentication.Level is sufficient for the client of the AutheliaClient.
|
|
func (c InternalClient) IsAuthenticationLevelSufficient(level authentication.Level) bool {
|
|
return authorization.IsAuthLevelSufficient(level, c.Policy)
|
|
}
|
|
|
|
// GetID returns the ID.
|
|
func (c InternalClient) GetID() string {
|
|
return c.ID
|
|
}
|
|
|
|
// GetConsentResponseBody returns the proper consent response body for this session.OIDCWorkflowSession.
|
|
func (c InternalClient) GetConsentResponseBody(session *session.OIDCWorkflowSession) ConsentGetResponseBody {
|
|
body := ConsentGetResponseBody{
|
|
ClientID: c.ID,
|
|
ClientDescription: c.Description,
|
|
}
|
|
|
|
if session != nil {
|
|
body.Scopes = scopeNamesToScopes(session.RequestedScopes)
|
|
body.Audience = audienceNamesToAudience(session.RequestedAudience)
|
|
}
|
|
|
|
return body
|
|
}
|
|
|
|
// GetHashedSecret returns the Secret.
|
|
func (c InternalClient) GetHashedSecret() []byte {
|
|
return c.Secret
|
|
}
|
|
|
|
// GetRedirectURIs returns the RedirectURIs.
|
|
func (c InternalClient) GetRedirectURIs() []string {
|
|
return c.RedirectURIs
|
|
}
|
|
|
|
// GetGrantTypes returns the GrantTypes.
|
|
func (c InternalClient) GetGrantTypes() fosite.Arguments {
|
|
if len(c.GrantTypes) == 0 {
|
|
return fosite.Arguments{"authorization_code"}
|
|
}
|
|
|
|
return c.GrantTypes
|
|
}
|
|
|
|
// GetResponseTypes returns the ResponseTypes.
|
|
func (c InternalClient) GetResponseTypes() fosite.Arguments {
|
|
if len(c.ResponseTypes) == 0 {
|
|
return fosite.Arguments{"code"}
|
|
}
|
|
|
|
return c.ResponseTypes
|
|
}
|
|
|
|
// GetScopes returns the Scopes.
|
|
func (c InternalClient) GetScopes() fosite.Arguments {
|
|
return c.Scopes
|
|
}
|
|
|
|
// IsPublic returns the value of the Public property.
|
|
func (c InternalClient) IsPublic() bool {
|
|
return c.Public
|
|
}
|
|
|
|
// GetAudience returns the Audience.
|
|
func (c InternalClient) GetAudience() fosite.Arguments {
|
|
return c.Audience
|
|
}
|
|
|
|
// GetResponseModes returns the valid response modes for this client.
|
|
//
|
|
// Implements the fosite.ResponseModeClient.
|
|
func (c InternalClient) GetResponseModes() []fosite.ResponseModeType {
|
|
return c.ResponseModes
|
|
}
|