Can bypass code verifier for specific clients
This commit is contained in:
parent
1d21b30b68
commit
cac461e03d
@ -36,7 +36,8 @@ pub async fn get_configuration(app_conf: web::Data<AppConfig>) -> impl Responder
|
|||||||
subject_types_supported: vec!["public"],
|
subject_types_supported: vec!["public"],
|
||||||
id_token_signing_alg_values_supported: vec!["RS256"],
|
id_token_signing_alg_values_supported: vec!["RS256"],
|
||||||
token_endpoint_auth_methods_supported: vec!["client_secret_post", "client_secret_basic"],
|
token_endpoint_auth_methods_supported: vec!["client_secret_post", "client_secret_basic"],
|
||||||
claims_supported: vec!["sub", "exp", "name", "given_name", "family_name", "email"],
|
claims_supported: vec!["sub", "name", "given_name", "family_name", "email"],
|
||||||
|
code_challenge_methods_supported: vec!["plain", "S256"],
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -293,6 +294,7 @@ pub async fn token(req: HttpRequest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check code challenge, if needed
|
// Check code challenge, if needed
|
||||||
|
if !client.disable_code_verifier.unwrap_or(false) {
|
||||||
if let Some(chall) = &session.code_challenge {
|
if let Some(chall) = &session.code_challenge {
|
||||||
let code_verifier = match &q.code_verifier {
|
let code_verifier = match &q.code_verifier {
|
||||||
None => {
|
None => {
|
||||||
@ -305,6 +307,7 @@ pub async fn token(req: HttpRequest,
|
|||||||
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
|
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if session.authorization_code_used {
|
if session.authorization_code_used {
|
||||||
return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));
|
return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));
|
||||||
|
@ -10,6 +10,7 @@ pub struct Client {
|
|||||||
pub description: String,
|
pub description: String,
|
||||||
pub secret: String,
|
pub secret: String,
|
||||||
pub redirect_uri: String,
|
pub redirect_uri: String,
|
||||||
|
pub disable_code_verifier: Option<bool>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl PartialEq for Client {
|
impl PartialEq for Client {
|
||||||
|
@ -32,4 +32,6 @@ pub struct OpenIDConfig {
|
|||||||
|
|
||||||
/// RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
|
/// RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
|
||||||
pub claims_supported: Vec<&'static str>,
|
pub claims_supported: Vec<&'static str>,
|
||||||
|
|
||||||
|
pub code_challenge_methods_supported: Vec<&'static str>,
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user