Skip to content

Commit e0f39b9

Browse files
jarlahjarlah
committed
add public field to Client and ClientInfo
1 parent f108728 commit e0f39b9

File tree

4 files changed

+18
-14
lines changed

4 files changed

+18
-14
lines changed

manage/manager.go

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -287,12 +287,8 @@ func (m *Manager) GenerateAccessToken(ctx context.Context, gt oauth2.GrantType,
287287
if !cliPass.VerifyPassword(tgr.ClientSecret) {
288288
return nil, errors.ErrInvalidClient
289289
}
290-
} else if len(cli.GetSecret()) > 0 && tgr.ClientSecret != cli.GetSecret() {
291-
// auth code flow doesnt require client_secret if used with PKCE and state parameter
292-
// this is especially useful for mobile apps, that cant hold the secret
293-
if !(gt == oauth2.AuthorizationCode && tgr.ClientSecret == "" && tgr.CodeVerifier != "") {
294-
return nil, errors.ErrInvalidClient
295-
}
290+
} else if cli.IsPublic() == false && len(cli.GetSecret()) > 0 && tgr.ClientSecret != cli.GetSecret() {
291+
return nil, errors.ErrInvalidClient
296292
}
297293
if tgr.RedirectURI != "" {
298294
if err := m.validateURI(cli.GetDomain(), tgr.RedirectURI); err != nil {

model.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ type (
1010
GetID() string
1111
GetSecret() string
1212
GetDomain() string
13+
IsPublic() bool
1314
GetUserID() string
1415
}
1516

models/client.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ type Client struct {
55
ID string
66
Secret string
77
Domain string
8+
Public bool
89
UserID string
910
}
1011

@@ -23,6 +24,11 @@ func (c *Client) GetDomain() string {
2324
return c.Domain
2425
}
2526

27+
// GetUserID user id
28+
func (c *Client) IsPublic() bool {
29+
return c.Public
30+
}
31+
2632
// GetUserID user id
2733
func (c *Client) GetUserID() string {
2834
return c.UserID

server/server_test.go

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,13 @@ func init() {
3636
manager.MustTokenStorage(store.NewMemoryTokenStore())
3737
}
3838

39-
func clientStore(domain string) oauth2.ClientStore {
39+
func clientStore(domain string, public bool) oauth2.ClientStore {
4040
clientStore := store.NewClientStore()
4141
clientStore.Set(clientID, &models.Client{
4242
ID: clientID,
4343
Secret: clientSecret,
4444
Domain: domain,
45+
Public: public,
4546
})
4647
return clientStore
4748
}
@@ -95,7 +96,7 @@ func TestAuthorizeCode(t *testing.T) {
9596
}))
9697
defer csrv.Close()
9798

98-
manager.MapClientStorage(clientStore(csrv.URL))
99+
manager.MapClientStorage(clientStore(csrv.URL, true))
99100
srv = server.NewDefaultServer(manager)
100101
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
101102
userID = "000000"
@@ -146,7 +147,7 @@ func TestAuthorizeCodeWithChallengePlain(t *testing.T) {
146147
}))
147148
defer csrv.Close()
148149

149-
manager.MapClientStorage(clientStore(csrv.URL))
150+
manager.MapClientStorage(clientStore(csrv.URL, true))
150151
srv = server.NewDefaultServer(manager)
151152
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
152153
userID = "000000"
@@ -199,7 +200,7 @@ func TestAuthorizeCodeWithChallengeS256(t *testing.T) {
199200
}))
200201
defer csrv.Close()
201202

202-
manager.MapClientStorage(clientStore(csrv.URL))
203+
manager.MapClientStorage(clientStore(csrv.URL, true))
203204
srv = server.NewDefaultServer(manager)
204205
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
205206
userID = "000000"
@@ -228,7 +229,7 @@ func TestImplicit(t *testing.T) {
228229
csrv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
229230
defer csrv.Close()
230231

231-
manager.MapClientStorage(clientStore(csrv.URL))
232+
manager.MapClientStorage(clientStore(csrv.URL, false))
232233
srv = server.NewDefaultServer(manager)
233234
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
234235
userID = "000000"
@@ -251,7 +252,7 @@ func TestPasswordCredentials(t *testing.T) {
251252
defer tsrv.Close()
252253
e := httpexpect.New(t, tsrv.URL)
253254

254-
manager.MapClientStorage(clientStore(""))
255+
manager.MapClientStorage(clientStore("", false))
255256
srv = server.NewDefaultServer(manager)
256257
srv.SetPasswordAuthorizationHandler(func(ctx context.Context, clientID, username, password string) (userID string, err error) {
257258
if username == "admin" && password == "123456" {
@@ -284,7 +285,7 @@ func TestClientCredentials(t *testing.T) {
284285
defer tsrv.Close()
285286
e := httpexpect.New(t, tsrv.URL)
286287

287-
manager.MapClientStorage(clientStore(""))
288+
manager.MapClientStorage(clientStore("", false))
288289

289290
srv = server.NewDefaultServer(manager)
290291
srv.SetClientInfoHandler(server.ClientFormHandler)
@@ -374,7 +375,7 @@ func TestRefreshing(t *testing.T) {
374375
}))
375376
defer csrv.Close()
376377

377-
manager.MapClientStorage(clientStore(csrv.URL))
378+
manager.MapClientStorage(clientStore(csrv.URL, true))
378379
srv = server.NewDefaultServer(manager)
379380
srv.SetUserAuthorizationHandler(func(w http.ResponseWriter, r *http.Request) (userID string, err error) {
380381
userID = "000000"

0 commit comments

Comments
 (0)