|
|
|
|
@ -16,6 +16,7 @@ import (
|
|
|
|
|
|
|
|
|
|
"github.com/coreos/go-oidc/v3/oidc" |
|
|
|
|
"github.com/gorilla/mux" |
|
|
|
|
"golang.org/x/crypto/bcrypt" |
|
|
|
|
jose "gopkg.in/square/go-jose.v2" |
|
|
|
|
|
|
|
|
|
"github.com/dexidp/dex/connector" |
|
|
|
|
@ -679,12 +680,21 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
} |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if client.Secret != clientSecret { |
|
|
|
|
if clientSecret == "" { |
|
|
|
|
s.logger.Infof("missing client_secret on token request for client: %s", client.ID) |
|
|
|
|
} else { |
|
|
|
|
s.logger.Infof("invalid client_secret on token request for client: %s", client.ID) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if err := checkCost([]byte(client.Secret)); err != nil { |
|
|
|
|
s.logger.Errorf("failed to check cost of client secret: %v", err) |
|
|
|
|
s.tokenErrHelper(w, errServerError, "", http.StatusInternalServerError) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(client.Secret), []byte(clientSecret)); err != nil { |
|
|
|
|
s.tokenErrHelper(w, errInvalidClient, "Invalid client credentials.", http.StatusUnauthorized) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
Josh Winters
6 years ago
committed by
CI Bot