mirror of https://github.com/dexidp/dex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.6 KiB
56 lines
1.6 KiB
package server |
|
|
|
import ( |
|
"encoding/json" |
|
"net/http" |
|
|
|
"github.com/coreos/dex/client" |
|
"github.com/coreos/dex/pkg/log" |
|
|
|
"github.com/coreos/go-oidc/oauth2" |
|
"github.com/coreos/go-oidc/oidc" |
|
) |
|
|
|
const ( |
|
invalidRedirectURI = "invalid_redirect_uri" |
|
invalidClientMetadata = "invalid_client_metadata" |
|
) |
|
|
|
func (s *Server) handleClientRegistration(w http.ResponseWriter, r *http.Request) { |
|
resp, err := s.handleClientRegistrationRequest(r) |
|
if err != nil { |
|
code := http.StatusBadRequest |
|
if err.Type == oauth2.ErrorServerError { |
|
code = http.StatusInternalServerError |
|
} |
|
writeResponseWithBody(w, code, err) |
|
} else { |
|
writeResponseWithBody(w, http.StatusCreated, resp) |
|
} |
|
} |
|
|
|
func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientRegistrationResponse, *apiError) { |
|
var clientMetadata oidc.ClientMetadata |
|
if err := json.NewDecoder(r.Body).Decode(&clientMetadata); err != nil { |
|
return nil, newAPIError(oauth2.ErrorInvalidRequest, err.Error()) |
|
} |
|
if err := s.ProviderConfig().Supports(clientMetadata); err != nil { |
|
return nil, newAPIError(invalidClientMetadata, err.Error()) |
|
} |
|
|
|
// metadata is guarenteed to have at least one redirect_uri by earlier validation. |
|
cli := client.Client{ |
|
Metadata: clientMetadata, |
|
} |
|
creds, err := s.ClientManager.New(cli, nil) |
|
if err != nil { |
|
log.Errorf("Failed to create new client identity: %v", err) |
|
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata") |
|
} |
|
|
|
return &oidc.ClientRegistrationResponse{ |
|
ClientID: creds.ID, |
|
ClientSecret: creds.Secret, |
|
ClientMetadata: clientMetadata, |
|
}, nil |
|
}
|
|
|