diff --git a/pkg/oidc/discovery.go b/pkg/oidc/discovery.go index 5d2875ea..9333ca9a 100644 --- a/pkg/oidc/discovery.go +++ b/pkg/oidc/discovery.go @@ -20,5 +20,6 @@ type DiscoveryConfiguration struct { SubjectTypesSupported []string `json:"subject_types_supported,omitempty"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` + CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` } diff --git a/pkg/op/config.go b/pkg/op/config.go index c52609a9..b3df9438 100644 --- a/pkg/op/config.go +++ b/pkg/op/config.go @@ -16,6 +16,7 @@ type Configuration interface { KeysEndpoint() Endpoint AuthMethodPostSupported() bool + CodeMethodS256Supported() bool } func ValidateIssuer(issuer string) error { diff --git a/pkg/op/default_op.go b/pkg/op/default_op.go index a16d4d3f..732df213 100644 --- a/pkg/op/default_op.go +++ b/pkg/op/default_op.go @@ -26,6 +26,8 @@ const ( AuthMethodBasic AuthMethod = "client_secret_basic" AuthMethodPost = "client_secret_post" AuthMethodNone = "none" + + CodeMethodS256 = "S256" ) var ( @@ -58,6 +60,7 @@ type Config struct { Issuer string CryptoKey [32]byte DefaultLogoutRedirectURI string + CodeMethodS256 bool // ScopesSupported: oidc.SupportedScopes, // ResponseTypesSupported: responseTypes, // GrantTypesSupported: oidc.SupportedGrantTypes, @@ -222,6 +225,10 @@ func (p *DefaultOP) AuthMethodPostSupported() bool { return true //TODO: config } +func (p *DefaultOP) CodeMethodS256Supported() bool { + return p.config.CodeMethodS256 +} + func (p *DefaultOP) HttpHandler() http.Handler { return p.http } diff --git a/pkg/op/discovery.go b/pkg/op/discovery.go index fd6e0a6f..54c473bc 100644 --- a/pkg/op/discovery.go +++ b/pkg/op/discovery.go @@ -28,6 +28,7 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati IDTokenSigningAlgValuesSupported: SigAlgorithms(s), SubjectTypesSupported: SubjectTypes(c), TokenEndpointAuthMethodsSupported: AuthMethods(c), + CodeChallengeMethodsSupported: CodeChallengeMethods(c), } } @@ -117,3 +118,11 @@ func AuthMethods(c Configuration) []string { } return authMethods } + +func CodeChallengeMethods(c Configuration) []string { + codeMethods := make([]string, 0, 1) + if c.CodeMethodS256Supported() { + codeMethods = append(codeMethods, CodeMethodS256) + } + return codeMethods +} diff --git a/pkg/op/mock/configuration.mock.go b/pkg/op/mock/configuration.mock.go index b1965083..88e9aa71 100644 --- a/pkg/op/mock/configuration.mock.go +++ b/pkg/op/mock/configuration.mock.go @@ -61,6 +61,20 @@ func (mr *MockConfigurationMockRecorder) AuthorizationEndpoint() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthorizationEndpoint", reflect.TypeOf((*MockConfiguration)(nil).AuthorizationEndpoint)) } +// CodeMethodS256Supported mocks base method +func (m *MockConfiguration) CodeMethodS256Supported() bool { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "CodeMethodS256Supported") + ret0, _ := ret[0].(bool) + return ret0 +} + +// CodeMethodS256Supported indicates an expected call of CodeMethodS256Supported +func (mr *MockConfigurationMockRecorder) CodeMethodS256Supported() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CodeMethodS256Supported", reflect.TypeOf((*MockConfiguration)(nil).CodeMethodS256Supported)) +} + // EndSessionEndpoint mocks base method func (m *MockConfiguration) EndSessionEndpoint() op.Endpoint { m.ctrl.T.Helper()