diff --git a/internal/flows/jwt_bearer.go b/internal/flows/jwt_bearer.go index a0287d9..2e93265 100644 --- a/internal/flows/jwt_bearer.go +++ b/internal/flows/jwt_bearer.go @@ -51,9 +51,6 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s if client == nil { return "", fmt.Errorf("invalid client (client is nil)") } - if verbose { - fmt.Printf("ID token (IDP): %s\n access token (IDP): %s", accessToken, idToken) - } if accessToken != "" { _, err := jws.Verify([]byte(accessToken), jws.WithKeySet(client.Provider.KeySet), jws.WithValidateKey(true)) if err != nil { diff --git a/internal/oauth/authenticate.go b/internal/oauth/authenticate.go index 4af65cb..b579e8e 100644 --- a/internal/oauth/authenticate.go +++ b/internal/oauth/authenticate.go @@ -109,14 +109,12 @@ func (client *Client) FetchTokenFromAuthenticationServer(code string, state stri } res, err := http.PostForm(client.Provider.Endpoints.Token, body) if err != nil { - return nil, fmt.Errorf("failed to get ID token: %v", err) + return nil, fmt.Errorf("failed to get ID token: %s", err) } - b, err := io.ReadAll(res.Body) - if err != nil { - return nil, fmt.Errorf("failed to read response body: %v", err) - } - fmt.Printf("%s\n", string(b)) defer res.Body.Close() - return b, nil + // domain, _ := url.Parse("http://127.0.0.1") + // client.Jar.SetCookies(domain, res.Cookies()) + + return io.ReadAll(res.Body) } diff --git a/internal/server/server.go b/internal/server/server.go index 3fdae97..16b7b51 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -141,47 +141,38 @@ func (s *Server) StartLogin(clients []oauth.Client, params ServerParams) error { p = params.AuthProvider jwks []byte ) - - fetchAndMarshal := func() (err error) { - err = p.FetchJwks() + // try and get the JWKS from param first + if p.Endpoints.JwksUri != "" { + err := p.FetchJwks() if err != nil { - fmt.Printf("failed to fetch keys: %v\n", err) - return + fmt.Printf("failed to fetch keys using JWKS url...trying to fetch config and try again...\n") } jwks, err = json.Marshal(p.KeySet) if err != nil { fmt.Printf("failed to marshal JWKS: %v\n", err) } - return - } - - // try and get the JWKS from param first - if p.Endpoints.JwksUri != "" { - if err := fetchAndMarshal(); err != nil { - w.Write(jwks) - return - } - } - - // otherwise or if fetching the JWKS failed, try and fetch the whole config first and try again - if p.Endpoints.Config != "" { - if err := p.FetchServerConfig(); err != nil { + } else if p.Endpoints.Config != "" && jwks == nil { + // otherwise, try and fetch the whole config and try again + err := p.FetchServerConfig() + if err != nil { fmt.Printf("failed to fetch server config: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + http.Redirect(w, r, "/error", http.StatusInternalServerError) + return + } + err = p.FetchJwks() + if err != nil { + fmt.Printf("failed to fetch JWKS after fetching server config: %v\n", err) + http.Redirect(w, r, "/error", http.StatusInternalServerError) return } - } else { - fmt.Printf("getting JWKS from param failed and endpoints config unavailable\n") - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return } - if err := fetchAndMarshal(); err != nil { - fmt.Printf("failed to fetch and marshal JWKS after config update: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + // forward the JWKS from the authorization server + if jwks == nil { + fmt.Printf("no JWKS was fetched from authorization server\n") + http.Redirect(w, r, "/error", http.StatusInternalServerError) return } - w.Write(jwks) }) r.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {