[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 42/45: -wip token endpoint fix
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] 42/45: -wip token endpoint fix |
|
Date: |
Sun, 25 Feb 2018 16:25:46 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 0166171bb810849613164867bc3450bf5bf73a5a
Author: Phil <address@hidden>
AuthorDate: Mon Feb 5 14:57:22 2018 +0100
-wip token endpoint fix
---
src/identity-provider/jwt.c | 2 +-
.../plugin_rest_identity_provider.c | 66 ++++++++++++++++++----
2 files changed, 57 insertions(+), 11 deletions(-)
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c
index 02a920f14..ede5424c8 100644
--- a/src/identity-provider/jwt.c
+++ b/src/identity-provider/jwt.c
@@ -39,6 +39,7 @@
#define JWT_TYP_VALUE "jwt"
+//TODO change server address
#define SERVER_ADDRESS "https://localhost";
static char*
@@ -101,7 +102,6 @@ jwt_create_from_list (const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
body = json_object ();
/* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
//iss REQUIRED case sensitive server uri with https
- //TODO change server address
json_object_set_new (body,
"iss", json_string (SERVER_ADDRESS));
//sub REQUIRED public key identity, not exceed 255 ASCII length
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index a0adf1b38..8011d8da5 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -108,6 +108,21 @@
#define ID_REST_STATE_POST_INIT 1
/**
+ * OIDC grant_type key
+ */
+#define OIDC_GRANT_TYPE_KEY "grant_type"
+
+/**
+ * OIDC grant_type key
+ */
+#define OIDC_GRANT_TYPE_VALUE "authorization_code"
+
+/**
+ * OIDC code key
+ */
+#define OIDC_CODE_KEY "code"
+
+/**
* OIDC response_type key
*/
#define OIDC_RESPONSE_TYPE_KEY "response_type"
@@ -205,7 +220,9 @@ struct Plugin
{
const struct GNUNET_CONFIGURATION_Handle *cfg;
};
-
+/**
+ * OIDC needed variables
+ */
struct OIDC_Variables
{
@@ -1673,7 +1690,6 @@ static void namestore_iteration_finished (void *cls)
{
handle->oidc->nonce =
GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&cache_key);
- //TODO: what do we do with the nonce? => token
handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
}
@@ -1868,6 +1884,34 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
}
static void
+consume_ticket (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ json_t *value;
+
+ if (NULL == identity)
+ {
+ GNUNET_SCHEDULER_add_now (&return_response, handle);
+ return;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute: %s\n",
+ attr->name);
+ json_resource = GNUNET_JSONAPI_resource_new
(GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+ attr->name);
+ GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
+
+ value = json_string (attr->data);
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "value",
+ value);
+ json_decref (value);
+}
+
+static void
token_cont(struct GNUNET_REST_RequestHandle *con_handle,
const char* url,
void *cls)
@@ -1968,7 +2012,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
}
//REQUIRED grant_type
- GNUNET_CRYPTO_hash ("grant_type", strlen ("grant_type"), &cache_key);
+ GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY),
&cache_key);
if ( GNUNET_NO
== GNUNET_CONTAINER_multihashmap_contains (
handle->rest_handle->url_param_map, &cache_key) )
@@ -1982,7 +2026,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
handle->rest_handle->url_param_map, &cache_key);
//REQUIRED code
- GNUNET_CRYPTO_hash ("code", strlen ("code"), &cache_key);
+ GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
if ( GNUNET_NO
== GNUNET_CONTAINER_multihashmap_contains (
handle->rest_handle->url_param_map, &cache_key) )
@@ -2029,7 +2073,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
}
//Check parameter grant_type == "authorization_code"
- if (0 != strcmp("authorization_code", grant_type))
+ if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
{
handle->emsg=GNUNET_strdup("unsupported_grant_type");
handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -2081,7 +2125,7 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- //TODO lookup if audience is the current client
+ // this is the current client (relying party)
//TODO change
struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
@@ -2193,20 +2237,22 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
MHD_add_response_header (resp, "Pragma", "no-cache");
MHD_add_response_header (resp, "Content-Type", "application/json");
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
//necessary? should be
// handle->idp_op =
GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(handle->ego_entry->ego),ticket,consume_cont,
handle);
GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
//TODO write method
- handle->idp_op =
GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego),ticket,consume_cont,handle);
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+ handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+ handle->idp_op =
GNUNET_IDENTITY_PROVIDER_ticket_consume(handle->idp,GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego),ticket,consume_ticket,handle);
GNUNET_free(access_token_number);
- GNUNET_free(credentials);
+// GNUNET_free(credentials);
GNUNET_free(access_token);
GNUNET_free(user_psw);
- GNUNET_free(code);
+// GNUNET_free(code);
GNUNET_free(id_token);
json_decref(root);
+// GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
}
/**
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] 20/45: -minor, (continued)
- [GNUnet-SVN] [gnunet] 20/45: -minor, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 15/45: -commit header parse work in progress, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 35/45: -merge branch 'master' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 19/45: -add login and login timeout, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 28/45: -wip client_id check, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 37/45: Merge branch 'master' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 45/45: -fix, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 23/45: -fix login time, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 30/45: -fix get request without authorization code, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 26/45: -wip post request testing required and namestore handle fix required, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 42/45: -wip token endpoint fix,
gnunet <=
- [GNUnet-SVN] [gnunet] 36/45: -wip token request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 43/45: -wip token endpoint refactor, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 34/45: -wip token request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 25/45: -wip post authentication, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 29/45: -wip attribute collection, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 41/45: -changes for using token endpoint & added token endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 32/45: -fix GET request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 40/45: -wip token endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 44/45: -wip UserInfo Endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 33/45: -fix get and post authorization request, gnunet, 2018/02/25