techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
8ee0597486
authelia/internal/oidc/client.go
James Elliott ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991) 
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00

110 lines
3.0 KiB
Go
Raw Blame History

package oidc
import (
"github.com/ory/fosite"
"github.com/authelia/authelia/internal/authentication"
"github.com/authelia/authelia/internal/authorization"
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/session"
)
// NewClient creates a new InternalClient.
func NewClient(config schema.OpenIDConnectClientConfiguration) (client *InternalClient) {
client = &InternalClient{
ID: config.ID,
Description: config.Description,
Policy: authorization.PolicyToLevel(config.Policy),
Secret: []byte(config.Secret),
RedirectURIs: config.RedirectURIs,
GrantTypes: config.GrantTypes,
ResponseTypes: config.ResponseTypes,
Scopes: config.Scopes,
ResponseModes: []fosite.ResponseModeType{
fosite.ResponseModeDefault,
},
}
for _, mode := range config.ResponseModes {
client.ResponseModes = append(client.ResponseModes, fosite.ResponseModeType(mode))
}
return client
}
// IsAuthenticationLevelSufficient returns if the provided authentication.Level is sufficient for the client of the AutheliaClient.
func (c InternalClient) IsAuthenticationLevelSufficient(level authentication.Level) bool {
return authorization.IsAuthLevelSufficient(level, c.Policy)
}
// GetID returns the ID.
func (c InternalClient) GetID() string {
return c.ID
}
// GetConsentResponseBody returns the proper consent response body for this session.OIDCWorkflowSession.
func (c InternalClient) GetConsentResponseBody(session *session.OIDCWorkflowSession) ConsentGetResponseBody {
body := ConsentGetResponseBody{
ClientID: c.ID,
ClientDescription: c.Description,
}
if session != nil {
body.Scopes = scopeNamesToScopes(session.RequestedScopes)
body.Audience = audienceNamesToAudience(session.RequestedAudience)
}
return body
}
// GetHashedSecret returns the Secret.
func (c InternalClient) GetHashedSecret() []byte {
return c.Secret
}
// GetRedirectURIs returns the RedirectURIs.
func (c InternalClient) GetRedirectURIs() []string {
return c.RedirectURIs
}
// GetGrantTypes returns the GrantTypes.
func (c InternalClient) GetGrantTypes() fosite.Arguments {
if len(c.GrantTypes) == 0 {
return fosite.Arguments{"authorization_code"}
}
return c.GrantTypes
}
// GetResponseTypes returns the ResponseTypes.
func (c InternalClient) GetResponseTypes() fosite.Arguments {
if len(c.ResponseTypes) == 0 {
return fosite.Arguments{"code"}
}
return c.ResponseTypes
}
// GetScopes returns the Scopes.
func (c InternalClient) GetScopes() fosite.Arguments {
return c.Scopes
}
// IsPublic returns the value of the Public property.
func (c InternalClient) IsPublic() bool {
return c.Public
}
// GetAudience returns the Audience.
func (c InternalClient) GetAudience() fosite.Arguments {
return c.Audience
}
// GetResponseModes returns the valid response modes for this client.
//
// Implements the fosite.ResponseModeClient.
func (c InternalClient) GetResponseModes() []fosite.ResponseModeType {
return c.ResponseModes
}
Reference in New Issue View Git Blame Copy Permalink