mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-06-20 02:10:14 +00:00
feat: allow for prompt to skip authorize screen
This commit is contained in:
Stavros
@@ -69,11 +69,11 @@ type ClientCredentials struct {
|
||||
}
|
||||
|
||||
type AuthorizeScreenParams struct {
|
||||
LoginFor FrontendLoginFor `url:"login_for"`
|
||||
OIDCTicket string `url:"oidc_ticket"`
|
||||
OIDCScope string `url:"oidc_scope"`
|
||||
OIDCName string `url:"oidc_name"`
|
||||
OIDCLogin bool `url:"oidc_login"`
|
||||
LoginFor FrontendLoginFor `url:"login_for"`
|
||||
OIDCTicket string `url:"oidc_ticket"`
|
||||
OIDCScope string `url:"oidc_scope"`
|
||||
OIDCName string `url:"oidc_name"`
|
||||
OIDCPrompt service.OIDCPrompt `url:"oidc_prompt,omitempty"`
|
||||
}
|
||||
|
||||
type AuthorizeCompleteRequest struct {
|
||||
@@ -168,6 +168,8 @@ func (controller *OIDCController) authorize(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
prompt := controller.oidc.GetPrompt(req.Prompt)
|
||||
|
||||
userContext, err := new(model.UserContext).NewFromGin(c)
|
||||
|
||||
if err != nil {
|
||||
@@ -176,7 +178,7 @@ func (controller *OIDCController) authorize(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
if (err != nil || !userContext.Authenticated) && req.Prompt == "none" {
|
||||
if (err != nil || !userContext.Authenticated) && prompt == service.OIDCPromptNone {
|
||||
controller.authorizeError(c, authorizeErrorParams{
|
||||
err: errors.New("user not logged in"),
|
||||
reason: "User not logged in",
|
||||
@@ -195,10 +197,7 @@ func (controller *OIDCController) authorize(c *gin.Context) {
|
||||
OIDCTicket: ticket,
|
||||
OIDCScope: req.Scope,
|
||||
OIDCName: client.Name,
|
||||
}
|
||||
|
||||
if req.Prompt == "login" {
|
||||
values.OIDCLogin = true
|
||||
OIDCPrompt: prompt,
|
||||
}
|
||||
|
||||
queries, err := query.Values(values)
|
||||
|
||||
@@ -44,6 +44,15 @@ var (
|
||||
ErrInvalidClient = errors.New("invalid_client")
|
||||
)
|
||||
|
||||
type OIDCPrompt string
|
||||
|
||||
const (
|
||||
OIDCPromptLogin OIDCPrompt = "login"
|
||||
OIDCPromptNone OIDCPrompt = "none"
|
||||
)
|
||||
|
||||
var SupportedPrompts = []string{string(OIDCPromptLogin), string(OIDCPromptNone)}
|
||||
|
||||
// This is not spec-compliant, the ID token SHOULD NOT contain user info claims but,
|
||||
// it has became a "standard" and apps are looking for the claims in the ID tokens
|
||||
// instead of calling the userinfo endpoint, so we include them in the ID token as well
|
||||
@@ -937,3 +946,20 @@ func (service *OIDCService) DecodeAuthorizeJWT(tokenString string) (*AuthorizeRe
|
||||
Prompt: get("prompt"),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Return the first prompt in the list of prompts, or an empty string if no prompt is specified
|
||||
func (service *OIDCService) GetPrompt(prompt string) OIDCPrompt {
|
||||
if prompt == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
prompts := strings.Split(prompt, " ")
|
||||
|
||||
for _, p := range prompts {
|
||||
if slices.Contains(SupportedPrompts, p) {
|
||||
return OIDCPrompt(p)
|
||||
}
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user