Commit 94f1065e authored by Clément OUDOT's avatar Clément OUDOT

Accept 'request' parameter in authorization requests (#184)

parent 0b3f9a78
......@@ -69,8 +69,9 @@ $configuration->{token_endpoint_auth_methods_supported} =
# $configuration->{claims_locales_supported}
# $configuration->{ui_locales_supported}
# $configuration->{claims_parameter_supported}
# $configuration->{request_parameter_supported}
# $configuration->{request_uri_parameter_supported}
$configuration->{request_parameter_supported} = "true";
$configuration->{request_uri_parameter_supported} = "false";
# $configuration->{require_request_uri_registration}
# $configuration->{op_policy_uri}
# $configuration->{op_tos_uri}
......
......@@ -53,7 +53,7 @@ sub issuerForUnAuthUser {
# Get and save parameters
my $oidc_request = {};
foreach my $param (
qw/response_type scope client_id state redirect_uri nonce response_mode display prompt max_age ui_locales id_token_hint login_hint acr_values/
qw/response_type scope client_id state redirect_uri nonce response_mode display prompt max_age ui_locales id_token_hint login_hint acr_values request/
)
{
$oidc_request->{$param} = $self->getHiddenFormValue($param)
......@@ -76,6 +76,21 @@ sub issuerForUnAuthUser {
"OIDC $flow flow requested (response type: $response_type)",
'debug' );
# Extract request parameter
if ( $oidc_request->{'request'} ) {
my $request = $self->getJWTJSONData( $oidc_request->{'request'} );
# Override OIDC parameters by request content
foreach ( keys %$request ) {
$self->lmLog(
"Override $_ OIDC param by value present in request parameter",
'debug'
);
$oidc_request->{$_} = $request->{$_};
$self->setHiddenFormValue( $_, $request->{$_} );
}
}
# State
my $state = $oidc_request->{'state'};
......@@ -498,7 +513,7 @@ sub issuerForAuthUser {
# Get and save parameters
my $oidc_request = {};
foreach my $param (
qw/response_type scope client_id state redirect_uri nonce response_mode display prompt max_age ui_locales id_token_hint login_hint acr_values/
qw/response_type scope client_id state redirect_uri nonce response_mode display prompt max_age ui_locales id_token_hint login_hint acr_valuesi request/
)
{
$oidc_request->{$param} = $self->getHiddenFormValue($param)
......@@ -521,6 +536,21 @@ sub issuerForAuthUser {
"OIDC $flow flow requested (response type: $response_type)",
'debug' );
# Extract request parameter
if ( $oidc_request->{'request'} ) {
my $request = $self->getJWTJSONData( $oidc_request->{'request'} );
# Override OIDC parameters by request content
foreach ( keys %$request ) {
$self->lmLog(
"Override $_ OIDC param by value present in request parameter",
'debug'
);
$oidc_request->{$_} = $request->{$_};
$self->setHiddenFormValue( $_, $request->{$_} );
}
}
# Check all required parameters
unless ( $oidc_request->{'redirect_uri'} ) {
$self->lmLog( "Redirect URI is required", 'error' );
......
......@@ -1317,12 +1317,22 @@ sub getFlowType {
sub getIDTokenSub {
my ( $self, $id_token ) = splice @_;
my $jwt = $self->extractJWT($id_token);
my $payload = decode_json( decode_base64url( $jwt->[1] ) );
my $payload = $self->getJWTJSONData($id_token);
return $payload->{sub};
}
## @method HashRef getJWTJSONData(String jwt)
# Return payload of a JWT as Hash ref
# @param jwt JWT
# @return HashRef payload
sub getJWTJSONData {
my ( $self, $jwt ) = splice @_;
my $jwt_parts = $self->extractJWT($jwt);
return decode_json( decode_base64url( $jwt_parts->[1] ) );
}
## @method HashRef key2jwks(String key)
# Return JWKS representation of a key
# @param key Raw key
......@@ -1555,6 +1565,10 @@ Return flow type
Return sub field of an ID Token
=head2 getJWTJSONData
Return payload of a JWT as Hash ref
=head2 key2jwks
Return JWKS representation of a key
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment