fix: add code_challenge_methods_supported to discovery endpoint (#43)

* fix: add code_challenge_methods_supported to discovery endpoint * fix mock
zitadel · Aug 20, 2020 · 57cf8ee · 57cf8ee
1 parent 5a8e699
commit 57cf8ee
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 0 deletions.
diff --git a/pkg/oidc/discovery.go b/pkg/oidc/discovery.go
@@ -20,5 +20,6 @@ type DiscoveryConfiguration struct {
 	SubjectTypesSupported             []string `json:"subject_types_supported,omitempty"`
 	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported,omitempty"`
 	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
+	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported,omitempty"`
 	ClaimsSupported                   []string `json:"claims_supported,omitempty"`
 }
diff --git a/pkg/op/config.go b/pkg/op/config.go
@@ -16,6 +16,7 @@ type Configuration interface {
 	KeysEndpoint() Endpoint
 
 	AuthMethodPostSupported() bool
+	CodeMethodS256Supported() bool
 }
 
 func ValidateIssuer(issuer string) error {

diff --git a/pkg/op/default_op.go b/pkg/op/default_op.go
@@ -26,6 +26,8 @@ const (
 	AuthMethodBasic AuthMethod = "client_secret_basic"
 	AuthMethodPost             = "client_secret_post"
 	AuthMethodNone             = "none"
+
+	CodeMethodS256 = "S256"
 )
 
 var (
@@ -58,6 +60,7 @@ type Config struct {
 	Issuer                   string
 	CryptoKey                [32]byte
 	DefaultLogoutRedirectURI string
+	CodeMethodS256           bool
 	// ScopesSupported:                   oidc.SupportedScopes,
 	// ResponseTypesSupported:            responseTypes,
 	// GrantTypesSupported:               oidc.SupportedGrantTypes,
@@ -222,6 +225,10 @@ func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }
 
+func (p *DefaultOP) CodeMethodS256Supported() bool {
+	return p.config.CodeMethodS256
+}
+
 func (p *DefaultOP) HttpHandler() http.Handler {
 	return p.http
 }

diff --git a/pkg/op/discovery.go b/pkg/op/discovery.go
@@ -28,6 +28,7 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati
 		IDTokenSigningAlgValuesSupported:  SigAlgorithms(s),
 		SubjectTypesSupported:             SubjectTypes(c),
 		TokenEndpointAuthMethodsSupported: AuthMethods(c),
+		CodeChallengeMethodsSupported:     CodeChallengeMethods(c),
 	}
 }
 
@@ -117,3 +118,11 @@ func AuthMethods(c Configuration) []string {
 	}
 	return authMethods
 }
+
+func CodeChallengeMethods(c Configuration) []string {
+	codeMethods := make([]string, 0, 1)
+	if c.CodeMethodS256Supported() {
+		codeMethods = append(codeMethods, CodeMethodS256)
+	}
+	return codeMethods
+}
diff --git a/pkg/op/mock/configuration.mock.go b/pkg/op/mock/configuration.mock.go