willdot.net
hailey.at
+11
-3
oauth/client/manager.go
+11
-3
oauth/client/manager.go
···
57
}
58
59
var jwks jwk.Key
60
-
if metadata.JWKS != nil {
61
// TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to
62
// make sure we use the right one
63
-
k, err := helpers.ParseJWKFromBytes((*metadata.JWKS)[0])
64
if err != nil {
65
return nil, err
66
}
67
jwks = k
68
} else if metadata.JWKSURI != nil {
69
maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI)
···
72
}
73
74
jwks = maybeJwks
75
}
76
77
return &Client{
···
262
return nil, errors.New("private_key_jwt auth method requires jwks or jwks_uri")
263
}
264
265
-
if metadata.JWKS != nil && len(*metadata.JWKS) == 0 {
266
return nil, errors.New("private_key_jwt auth method requires atleast one key in jwks")
267
}
268
···
57
}
58
59
var jwks jwk.Key
60
+
if metadata.JWKS != nil && len(metadata.JWKS.Keys) > 0 {
61
// TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to
62
// make sure we use the right one
63
+
b, err := json.Marshal(metadata.JWKS.Keys[0])
64
if err != nil {
65
return nil, err
66
}
67
+
68
+
k, err := helpers.ParseJWKFromBytes(b)
69
+
if err != nil {
70
+
return nil, err
71
+
}
72
+
73
jwks = k
74
} else if metadata.JWKSURI != nil {
75
maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI)
···
78
}
79
80
jwks = maybeJwks
81
+
} else {
82
+
return nil, fmt.Errorf("no valid jwks found in oauth client metadata")
83
}
84
85
return &Client{
···
270
return nil, errors.New("private_key_jwt auth method requires jwks or jwks_uri")
271
}
272
273
+
if metadata.JWKS != nil && len(metadata.JWKS.Keys) == 0 {
274
return nil, errors.New("private_key_jwt auth method requires atleast one key in jwks")
275
}
276
+20
-16
oauth/client/metadata.go
+20
-16
oauth/client/metadata.go
···
1
package client
2
3
type Metadata struct {
4
-
ClientID string `json:"client_id"`
5
-
ClientName string `json:"client_name"`
6
-
ClientURI string `json:"client_uri"`
7
-
LogoURI string `json:"logo_uri"`
8
-
TOSURI string `json:"tos_uri"`
9
-
PolicyURI string `json:"policy_uri"`
10
-
RedirectURIs []string `json:"redirect_uris"`
11
-
GrantTypes []string `json:"grant_types"`
12
-
ResponseTypes []string `json:"response_types"`
13
-
ApplicationType string `json:"application_type"`
14
-
DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"`
15
-
JWKSURI *string `json:"jwks_uri,omitempty"`
16
-
JWKS *[][]byte `json:"jwks,omitempty"`
17
-
Scope string `json:"scope"`
18
-
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
19
-
TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"`
20
}
···
1
package client
2
3
type Metadata struct {
4
+
ClientID string `json:"client_id"`
5
+
ClientName string `json:"client_name"`
6
+
ClientURI string `json:"client_uri"`
7
+
LogoURI string `json:"logo_uri"`
8
+
TOSURI string `json:"tos_uri"`
9
+
PolicyURI string `json:"policy_uri"`
10
+
RedirectURIs []string `json:"redirect_uris"`
11
+
GrantTypes []string `json:"grant_types"`
12
+
ResponseTypes []string `json:"response_types"`
13
+
ApplicationType string `json:"application_type"`
14
+
DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"`
15
+
JWKSURI *string `json:"jwks_uri,omitempty"`
16
+
JWKS *MetadataJwks `json:"jwks,omitempty"`
17
+
Scope string `json:"scope"`
18
+
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
19
+
TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"`
20
+
}
21
+
22
+
type MetadataJwks struct {
23
+
Keys []any `json:"keys"`
24
}