Comments (6)
Hey @shnplr
I see the problem. The AuthURLHandler
currently does not allow to do so.
It's only possible in the AuthURL
function:
http.Redirect(w, r, rp.AuthURL(state, provider, rp.WithPrompt(oidc.PromptSelectAccount)), http.StatusFound)
I'll create a PR to change it and for the CodeExchange
/ CodeExchangeHandler
.
from oidc.
@livio-a can you glance into this?
from oidc.
@livio-a
If we expose opts ...AuthURLOpt
in AuthURLHandler()
, there will be a hypothetical case where a double code challenge can be set. 1 time by the caller using WithCodeChallenge()
directly and 1 time by the conditional below:
oidc/pkg/client/rp/relying_party.go
Lines 345 to 352 in fa222c5
There is no way of knowing if it was already set in opts
, as the AuthURLOpt
type is a function, which cannot be compared to be equal in Go. Perhaps calling the option and comparing outputs or some other de-duplication logic when building the redirect URL, but that would be a dirty solution.
As WithPrompt()
and WithCodeChallenge()
are the only 2 AuthURLOpt
s, I would propose to only expose the ability of setting additional prompts:
func AuthURLHandler(stateFn func() string, rp RelyingParty, prompts ...string) http.HandlerFunc {
...
if len(prompts) > 0 {
opts = append(opts, WithPrompt(prompts...))
}
...
}
... and for the
CodeExchange
/CodeExchangeHandler
.
Likewise, for CodeExchangeHandler()
there are only 2 CodeExchangeOpt
s and both of them are set in conditionals. IMO we shouldn't change anything here:
oidc/pkg/client/rp/relying_party.go
Lines 415 to 430 in fa222c5
from oidc.
Oops. I just now read #265, which would add more options. I will give it some more thought.
from oidc.
I think I found a suitable solution. Perhaps we should continue the conversation at PR #273. Have a good weekend.
from oidc.
🎉 This issue has been resolved in version 1.13.1 🎉
The release is available on GitHub release
Your semantic-release bot 📦🚀
from oidc.
Related Issues (20)
- Can't revoke token HOT 1
- allow to set audiences for device authorization
- return an ID token with Device Authorizaiton HOT 1
- [Spike]: OpenID Conformance testing suite
- Need to add a "typ":"JWT" header to my tokens HOT 1
- proposal(op): new server interface to replace storage HOT 8
- state always returned in access token response HOT 2
- JWT Assertion payload does not match RFC example when generated with OIDC relying party HOT 8
- [Bug]: Client Assertion token request includes basic auth header HOT 3
- PKCE support is not enough HOT 1
- use trace id of external service HOT 2
- Allow custom forwarded header HOT 2
- [Bug]: client invalid signature when OIDC server is restarted HOT 2
- The automated release is failing 🚨
- [Bug]: nil pointer dereference in `crypto.BytesToPrivateKey` HOT 3
- Access to auto discovery configuration HOT 3
- Allow empty nonce from ID Tokens issued from Refresh Tokens HOT 10
- Support form_post OIDC response mode HOT 4
- Do not ignore all JWKS parsing errors HOT 1
- [Bug]: nil pointer dereference when not setting unauthorized handler HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc.