Can bypass code verifier for specific clients

This commit is contained in:
Pierre HUBERT 2022-04-15 18:28:53 +02:00
parent 1d21b30b68
commit cac461e03d
3 changed files with 16 additions and 10 deletions

View File

@ -36,7 +36,8 @@ pub async fn get_configuration(app_conf: web::Data<AppConfig>) -> impl Responder
subject_types_supported: vec!["public"], subject_types_supported: vec!["public"],
id_token_signing_alg_values_supported: vec!["RS256"], id_token_signing_alg_values_supported: vec!["RS256"],
token_endpoint_auth_methods_supported: vec!["client_secret_post", "client_secret_basic"], token_endpoint_auth_methods_supported: vec!["client_secret_post", "client_secret_basic"],
claims_supported: vec!["sub", "exp", "name", "given_name", "family_name", "email"], claims_supported: vec!["sub", "name", "given_name", "family_name", "email"],
code_challenge_methods_supported: vec!["plain", "S256"],
}) })
} }
@ -293,6 +294,7 @@ pub async fn token(req: HttpRequest,
} }
// Check code challenge, if needed // Check code challenge, if needed
if !client.disable_code_verifier.unwrap_or(false) {
if let Some(chall) = &session.code_challenge { if let Some(chall) = &session.code_challenge {
let code_verifier = match &q.code_verifier { let code_verifier = match &q.code_verifier {
None => { None => {
@ -305,6 +307,7 @@ pub async fn token(req: HttpRequest,
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier")); return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
} }
} }
}
if session.authorization_code_used { if session.authorization_code_used {
return Ok(error_response(&query, "invalid_request", "Authorization code already used!")); return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));

View File

@ -10,6 +10,7 @@ pub struct Client {
pub description: String, pub description: String,
pub secret: String, pub secret: String,
pub redirect_uri: String, pub redirect_uri: String,
pub disable_code_verifier: Option<bool>,
} }
impl PartialEq for Client { impl PartialEq for Client {

View File

@ -32,4 +32,6 @@ pub struct OpenIDConfig {
/// RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. /// RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
pub claims_supported: Vec<&'static str>, pub claims_supported: Vec<&'static str>,
pub code_challenge_methods_supported: Vec<&'static str>,
} }