summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/oauth/oauth.go17
-rw-r--r--internal/oauth/oauth_test.go6
-rw-r--r--internal/server/instituteaccess.go2
-rw-r--r--internal/server/secureinternet.go2
4 files changed, 4 insertions, 23 deletions
diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
index f2e7719..80aac73 100644
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -2,7 +2,6 @@
// However, we try to follow some recommendations from the v2.1 oauth draft RFC
// Some specific things we implement here:
// - PKCE (RFC 7636)
-// - ISS (RFC 9207)
package oauth
import (
@@ -82,9 +81,6 @@ type OAuth struct {
// The HTTP client that is used
httpClient *httpw.Client
- // ISS indicates the issuer identifier of the authorization server as defined in RFC 9207
- ISS string `json:"iss"`
-
// BaseAuthorizationURL is the URL where authorization should take place
BaseAuthorizationURL string `json:"base_authorization_url"`
@@ -104,9 +100,6 @@ type exchangeSession struct {
// ClientID is the ID of the OAuth client
ClientID string
- // ISS indicates the issuer identifier
- ISS string
-
// State is the expected URL state parameter
State string
@@ -365,12 +358,7 @@ func writeResponseHTML(w http.ResponseWriter, title string, message string) erro
// Authcode gets the authorization code from the url
// It returns the code and an error if there is one
func (s *exchangeSession) Authcode(url *url.URL) (string, error) {
- // ISS: https://www.rfc-editor.org/rfc/rfc9207.html
q := url.Query()
- iss := q.Get("iss")
- if s.ISS != iss {
- return "", errors.Errorf("failed matching ISS; expected '%s' got '%s'", s.ISS, iss)
- }
// Make sure the state is present and matches to protect against cross-site request forgeries
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-04#section-7.15
@@ -423,11 +411,9 @@ func (oauth *OAuth) Handler(w http.ResponseWriter, req *http.Request) {
}
// Init initializes OAuth with the following parameters:
-// - OAuth server issuer identification
// - The URL used for authorization
// - The URL to obtain new tokens.
-func (oauth *OAuth) Init(iss string, baseAuthorizationURL string, tokenURL string) {
- oauth.ISS = iss
+func (oauth *OAuth) Init(baseAuthorizationURL string, tokenURL string) {
oauth.BaseAuthorizationURL = baseAuthorizationURL
oauth.TokenURL = tokenURL
}
@@ -464,7 +450,6 @@ func (oauth *OAuth) AuthURL(name string, postProcessAuth func(string) string) (s
// Fill the struct with the necessary fields filled for the next call to getting the HTTP client
oauth.session = exchangeSession{
ClientID: name,
- ISS: oauth.ISS,
State: state,
Verifier: v,
ErrChan: make(chan error),
diff --git a/internal/oauth/oauth_test.go b/internal/oauth/oauth_test.go
index 8f5f04c..d46df4a 100644
--- a/internal/oauth/oauth_test.go
+++ b/internal/oauth/oauth_test.go
@@ -159,11 +159,10 @@ func Test_secretJSON(t *testing.T) {
}
func Test_AuthURL(t *testing.T) {
- iss := "local"
auth := "https://127.0.0.1/auth"
token := "https://127.0.0.1/token"
id := "client_id"
- o := OAuth{ISS: iss, BaseAuthorizationURL: auth, TokenURL: token}
+ o := OAuth{BaseAuthorizationURL: auth, TokenURL: token}
s, err := o.AuthURL(id, func(s string) string {
// We do nothing here are this function is for skipping WAYF
return s
@@ -176,9 +175,6 @@ func Test_AuthURL(t *testing.T) {
if o.session.ClientID != id {
t.Fatalf("OAuth ClientID not equal, want: %v, got: %v", o.session.ClientID, id)
}
- if o.session.ISS != iss {
- t.Fatalf("OAuth ISS not equal, want: %v, got: %v", o.session.ISS, iss)
- }
if o.session.State == "" {
t.Fatal("No OAuth session state paremeter found")
}
diff --git a/internal/server/instituteaccess.go b/internal/server/instituteaccess.go
index a51409f..f77e64a 100644
--- a/internal/server/instituteaccess.go
+++ b/internal/server/instituteaccess.go
@@ -109,6 +109,6 @@ func (ias *InstituteAccessServer) init(
return err
}
API := ias.Basic.Endpoints.API.V3
- ias.Auth.Init(url, API.Authorization, API.Token)
+ ias.Auth.Init(API.Authorization, API.Token)
return nil
}
diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index 3c40253..6c9520f 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -134,7 +134,7 @@ func (s *SecureInternetHomeServer) init(
}
// Make sure oauth contains our endpoints
- s.Auth.Init(b.URL, b.Endpoints.API.V3.Authorization, b.Endpoints.API.V3.Token)
+ s.Auth.Init(b.Endpoints.API.V3.Authorization, b.Endpoints.API.V3.Token)
return nil
}