47 lines
1.4 KiB
Go
47 lines
1.4 KiB
Go
|
package handlers
|
||
|
|
|
||
|
|
import (
|
||
|
|
"net/http"
|
||
|
|
|
||
|
|
"github.com/ory/fosite"
|
||
|
|
|
||
|
|
"github.com/authelia/authelia/internal/middlewares"
|
||
|
|
)
|
||
|
|
|
||
|
|
func oidcToken(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request) {
|
||
|
|
oidcSession, err := newDefaultOIDCSession(ctx)
|
||
|
|
if err != nil {
|
||
|
|
ctx.Logger.Errorf("Error occurred in NewDefaultOIDCSession: %+v", err)
|
||
|
|
ctx.Providers.OpenIDConnect.Fosite.WriteAccessError(rw, nil, err)
|
||
|
|
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
accessRequest, accessReqErr := ctx.Providers.OpenIDConnect.Fosite.NewAccessRequest(ctx, req, oidcSession)
|
||
|
|
if accessReqErr != nil {
|
||
|
|
ctx.Logger.Errorf("Error occurred in NewAccessRequest: %+v", accessRequest)
|
||
|
|
ctx.Providers.OpenIDConnect.Fosite.WriteAccessError(rw, accessRequest, accessReqErr)
|
||
|
|
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
// If this is a client_credentials grant, grant all scopes the client is allowed to perform.
|
||
|
|
if accessRequest.GetGrantTypes().ExactOne("client_credentials") {
|
||
|
|
for _, scope := range accessRequest.GetRequestedScopes() {
|
||
|
|
if fosite.HierarchicScopeStrategy(accessRequest.GetClient().GetScopes(), scope) {
|
||
|
|
accessRequest.GrantScope(scope)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
response, err := ctx.Providers.OpenIDConnect.Fosite.NewAccessResponse(ctx, accessRequest)
|
||
|
|
if err != nil {
|
||
|
|
ctx.Logger.Errorf("Error occurred in NewAccessResponse: %+v", err)
|
||
|
|
ctx.Providers.OpenIDConnect.Fosite.WriteAccessError(rw, accessRequest, err)
|
||
|
|
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
ctx.Providers.OpenIDConnect.Fosite.WriteAccessResponse(rw, accessRequest, response)
|
||
|
|
}
|