Made changes to get client credentials grant working

2025-12-20 03:27:02 -07:00 · 2024-03-20 16:52:08 -06:00 · 2024-03-20 16:52:08 -06:00 · 5173701fa0
commit 5173701fa0
parent e67bc3e010
7 changed files with 135 additions and 64 deletions
--- a/internal/flows/client_credentials.go
+++ b/internal/flows/client_credentials.go
@ -8,33 +8,34 @@ import (
 type ClientCredentialsFlowParams struct {
 	State        string `yaml:"state"`
 	ResponseType string `yaml:"response-type"`
+	Client       *oauth.Client
 }

 type ClientCredentialsFlowEndpoints struct {
-	Create    string
+	Clients   string
 	Authorize string
 	Token     string
 }

-func NewClientCredentialsFlow(eps ClientCredentialsFlowEndpoints, client *oauth.Client) error {
+func NewClientCredentialsFlow(eps ClientCredentialsFlowEndpoints, params ClientCredentialsFlowParams) (string, error) {
 	// register a new OAuth 2 client with authorization srever
-	_, err := client.CreateOAuthClient(eps.Create)
+	res, err := params.Client.CreateOAuthClient(eps.Clients, []oauth.GrantType{oauth.ClientCredentials})
 	if err != nil {
-		return fmt.Errorf("failed to register OAuth client: %v", err)
+		return "", fmt.Errorf("failed to register OAuth client: %v", err)
 	}

 	// authorize the client
-	_, err = client.AuthorizeOAuthClient(eps.Authorize)
+	res, err = params.Client.AuthorizeOAuthClient(eps.Authorize)
 	if err != nil {
-		return fmt.Errorf("failed to authorize client: %v", err)
+		return "", fmt.Errorf("failed to authorize client: %v", err)
 	}

 	// request a token from the authorization server
-	res, err := client.PerformTokenGrant(eps.Token, "")
+	res, err = params.Client.PerformClientCredentialsTokenGrant(eps.Token)
 	if err != nil {
-		return fmt.Errorf("failed to fetch token from authorization server: %v", err)
+		return "", fmt.Errorf("failed to fetch token from authorization server: %v", err)
 	}

 	fmt.Printf("token: %v\n", string(res))
-	return nil
+	return string(res), nil
 }
--- a/internal/flows/jwt_bearer.go
+++ b/internal/flows/jwt_bearer.go
@ -29,14 +29,14 @@ type JwtBearerFlowParams struct {
 	KeyPath          string
 }

-type JwtBearerEndpoints struct {
+type JwtBearerFlowEndpoints struct {
 	TrustedIssuers string
 	Token          string
 	Clients        string
 	Register       string
 }

-func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (string, error) {
+func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (string, error) {
 	// 1. verify that the JWT from the issuer is valid using all keys
 	var (
 		idp           = params.IdentityProvider
@ -164,7 +164,7 @@ func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (strin

 	// 5. dynamically register new OAuth client and authorize it to make jwt_bearer request
 	fmt.Printf("Registering new OAuth2 client with authorization server...\n")
-	res, err = client.RegisterOAuthClient(eps.Register)
+	res, err = client.RegisterOAuthClient(eps.Register, []oauth.GrantType{oauth.JwtBearer})
 	if err != nil {
 		return "", fmt.Errorf("failed to register client: %v", err)
 	}
@ -189,7 +189,7 @@ func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (strin
 				return "", fmt.Errorf("failed to delete OAuth client: %v", err)
 			}
 			fmt.Printf("Attempting to re-create client...\n")
-			res, err := client.CreateOAuthClient(eps.Clients)
+			res, err := client.CreateOAuthClient(eps.Clients, []oauth.GrantType{oauth.JwtBearer})
 			if err != nil {
 				return "", fmt.Errorf("failed to register client: %v", err)
 			}
@ -210,7 +210,7 @@ func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (strin
 	if eps.Token != "" {
 		fmt.Printf("Fetching access token from authorization server...\n")
 		fmt.Printf("jwt: %s\n", string(newJwt))
-		res, err := client.PerformTokenGrant(eps.Token, string(newJwt))
+		res, err := client.PerformJwtBearerTokenGrant(eps.Token, string(newJwt))
 		if err != nil {
 			return "", fmt.Errorf("failed to fetch access token: %v", err)
 		}
@ -237,7 +237,7 @@ func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (strin
 	return string(res), nil
 }

-func ForwardToken(eps JwtBearerEndpoints, params JwtBearerFlowParams) error {
+func ForwardToken(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) error {
 	var (
 		client  = params.Client
 		idToken = params.IdToken
@ -279,7 +279,7 @@ func ForwardToken(eps JwtBearerEndpoints, params JwtBearerFlowParams) error {
 	if verbose {
 		fmt.Printf("Registering new OAuth2 client with authorization server...\n")
 	}
-	res, err := client.RegisterOAuthClient(eps.Register)
+	res, err := client.RegisterOAuthClient(eps.Register, []oauth.GrantType{oauth.JwtBearer})
 	if err != nil {
 		return fmt.Errorf("failed to register client: %v", err)
 	}
@ -306,7 +306,7 @@ func ForwardToken(eps JwtBearerEndpoints, params JwtBearerFlowParams) error {
 				return fmt.Errorf("failed to delete OAuth client: %v", err)
 			}
 			fmt.Printf("Attempting to re-create client...\n")
-			res, err := client.CreateOAuthClient(eps.Clients)
+			res, err := client.CreateOAuthClient(eps.Clients, []oauth.GrantType{oauth.JwtBearer})
 			if err != nil {
 				return fmt.Errorf("failed to register client: %v", err)
 			}
@ -327,7 +327,7 @@ func ForwardToken(eps JwtBearerEndpoints, params JwtBearerFlowParams) error {
 		if verbose {
 			fmt.Printf("Fetching access token from authorization server...\n")
 		}
-		res, err := client.PerformTokenGrant(eps.Token, idToken)
+		res, err := client.PerformJwtBearerTokenGrant(eps.Token, idToken)
 		if err != nil {
 			return fmt.Errorf("failed to fetch access token: %v", err)
 		}