willdot.net
Compare changes
Choose any two refs to compare.
+2
-1
cmd/cocoon/main.go
+2
-1
cmd/cocoon/main.go
···
6
6
"crypto/rand"
7
7
"encoding/json"
8
8
"fmt"
9
+
"log/slog"
9
10
"os"
10
11
"time"
11
12
···
180
181
Flags: []cli.Flag{},
181
182
Action: func(cmd *cli.Context) error {
182
183
183
-
logger := telemetry.StartLogger(cmd)
184
+
logger := telemetry.StartLogger(cmd, telemetry.WithLevel(slog.LevelWarn))
184
185
telemetry.StartMetrics(cmd)
185
186
186
187
s, err := server.New(&server.Args{
+24
-7
oauth/provider/client_auth.go
+24
-7
oauth/provider/client_auth.go
···
6
6
"encoding/base64"
7
7
"errors"
8
8
"fmt"
9
+
"log/slog"
10
+
"strings"
9
11
"time"
10
12
11
13
"github.com/golang-jwt/jwt/v4"
···
25
27
}
26
28
27
29
func (p *Provider) AuthenticateClient(ctx context.Context, req AuthenticateClientRequestBase, proof *dpop.Proof, opts *AuthenticateClientOptions) (*client.Client, *ClientAuth, error) {
28
-
client, err := p.ClientManager.GetClient(ctx, req.ClientID)
29
-
if err != nil {
30
-
return nil, nil, fmt.Errorf("failed to get client: %w", err)
30
+
var c *client.Client
31
+
var err error
32
+
33
+
slog.Warn("client ID", "is", req.ClientID)
34
+
35
+
if !strings.Contains(req.ClientID, "localhost") {
36
+
c, err = p.ClientManager.GetClient(ctx, req.ClientID)
37
+
if err != nil {
38
+
return nil, nil, fmt.Errorf("failed to get client: %w", err)
39
+
}
40
+
} else {
41
+
c = &client.Client{
42
+
Metadata: &client.Metadata{
43
+
ClientID: req.ClientID,
44
+
TokenEndpointAuthMethod: "none",
45
+
DpopBoundAccessTokens: true,
46
+
},
47
+
}
31
48
}
32
49
33
-
if client.Metadata.DpopBoundAccessTokens && proof == nil && (opts == nil || !opts.AllowMissingDpopProof) {
50
+
if c.Metadata.DpopBoundAccessTokens && proof == nil && (opts == nil || !opts.AllowMissingDpopProof) {
34
51
return nil, nil, errors.New("dpop proof required")
35
52
}
36
53
37
-
if proof != nil && !client.Metadata.DpopBoundAccessTokens {
54
+
if proof != nil && !c.Metadata.DpopBoundAccessTokens {
38
55
return nil, nil, errors.New("dpop proof not allowed for this client")
39
56
}
40
57
41
-
clientAuth, err := p.Authenticate(ctx, req, client)
58
+
clientAuth, err := p.Authenticate(ctx, req, c)
42
59
if err != nil {
43
60
return nil, nil, err
44
61
}
45
62
46
-
return client, clientAuth, nil
63
+
return c, clientAuth, nil
47
64
}
48
65
49
66
func (p *Provider) Authenticate(_ context.Context, req AuthenticateClientRequestBase, client *client.Client) (*ClientAuth, error) {