2021-05-04 22:06:05 +00:00
package handlers
import (
"net/http"
"github.com/ory/fosite"
2021-08-11 01:04:35 +00:00
"github.com/authelia/authelia/v4/internal/middlewares"
2022-03-15 22:55:38 +00:00
"github.com/authelia/authelia/v4/internal/oidc"
2021-05-04 22:06:05 +00:00
)
2022-04-07 00:58:51 +00:00
// OpenIDConnectTokenPOST handles POST requests to the OpenID Connect 1.0 Token endpoint.
//
// https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
func OpenIDConnectTokenPOST ( ctx * middlewares . AutheliaCtx , rw http . ResponseWriter , req * http . Request ) {
2022-03-15 22:55:38 +00:00
var (
requester fosite . AccessRequester
responder fosite . AccessResponder
err error
)
2021-05-04 22:06:05 +00:00
2022-03-15 22:55:38 +00:00
oidcSession := oidc . NewSession ( )
if requester , err = ctx . Providers . OpenIDConnect . Fosite . NewAccessRequest ( ctx , req , oidcSession ) ; err != nil {
rfc := fosite . ErrorToRFC6749Error ( err )
2022-04-25 00:31:05 +00:00
ctx . Logger . Errorf ( "Access Request failed with error: %s" , rfc . WithExposeDebug ( true ) . GetDescription ( ) )
2022-03-15 22:55:38 +00:00
ctx . Providers . OpenIDConnect . Fosite . WriteAccessError ( rw , requester , err )
2021-05-04 22:06:05 +00:00
return
}
2022-03-15 22:55:38 +00:00
client := requester . GetClient ( )
ctx . Logger . Debugf ( "Access Request with id '%s' on client with id '%s' is being processed" , requester . GetID ( ) , client . GetID ( ) )
2021-05-04 22:06:05 +00:00
// If this is a client_credentials grant, grant all scopes the client is allowed to perform.
2022-03-15 22:55:38 +00:00
if requester . GetGrantTypes ( ) . ExactOne ( "client_credentials" ) {
for _ , scope := range requester . GetRequestedScopes ( ) {
if fosite . HierarchicScopeStrategy ( client . GetScopes ( ) , scope ) {
requester . GrantScope ( scope )
2021-05-04 22:06:05 +00:00
}
}
}
2022-06-17 12:25:14 +00:00
ctx . Logger . Tracef ( "Access Request with id '%s' on client with id '%s' response is being generated for session with type '%T'" , requester . GetID ( ) , client . GetID ( ) , requester . GetSession ( ) )
2022-03-15 22:55:38 +00:00
if responder , err = ctx . Providers . OpenIDConnect . Fosite . NewAccessResponse ( ctx , requester ) ; err != nil {
rfc := fosite . ErrorToRFC6749Error ( err )
2022-04-25 00:31:05 +00:00
ctx . Logger . Errorf ( "Access Response for Request with id '%s' failed to be created with error: %s" , requester . GetID ( ) , rfc . WithExposeDebug ( true ) . GetDescription ( ) )
2022-03-15 22:55:38 +00:00
ctx . Providers . OpenIDConnect . Fosite . WriteAccessError ( rw , requester , err )
2021-05-04 22:06:05 +00:00
return
}
2022-03-15 22:55:38 +00:00
ctx . Logger . Debugf ( "Access Request with id '%s' on client with id '%s' has successfully been processed" , requester . GetID ( ) , client . GetID ( ) )
ctx . Logger . Tracef ( "Access Request with id '%s' on client with id '%s' produced the following claims: %+v" , requester . GetID ( ) , client . GetID ( ) , responder . ToMap ( ) )
ctx . Providers . OpenIDConnect . Fosite . WriteAccessResponse ( rw , requester , responder )
2021-05-04 22:06:05 +00:00
}