/* * Copyright © 2015-2018 Aeneas Rekkas * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @author Aeneas Rekkas * @copyright 2015-2018 Aeneas Rekkas * @license Apache-2.0 * */ package compose import ( "github.com/ory/fosite/handler/oauth2" "github.com/ory/fosite/handler/openid" "github.com/ory/fosite/token/jwt" ) // OpenIDConnectExplicitFactory creates an OpenID Connect explicit ("authorize code flow") grant handler. // // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler! func OpenIDConnectExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} { return &openid.OpenIDConnectExplicitHandler{ OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage), IDTokenHandleHelper: &openid.IDTokenHandleHelper{ IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy), }, OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)). WithRedirectSecureChecker(config.GetRedirectSecureChecker()), } } // OpenIDConnectRefreshFactory creates a handler for refreshing openid connect tokens. // // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler! func OpenIDConnectRefreshFactory(config *Config, storage interface{}, strategy interface{}) interface{} { return &openid.OpenIDConnectRefreshHandler{ IDTokenHandleHelper: &openid.IDTokenHandleHelper{ IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy), }, } } // OpenIDConnectImplicitFactory creates an OpenID Connect implicit ("implicit flow") grant handler. // // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler! func OpenIDConnectImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} { return &openid.OpenIDConnectImplicitHandler{ AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{ AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy), AccessTokenStorage: storage.(oauth2.AccessTokenStorage), AccessTokenLifespan: config.GetAccessTokenLifespan(), }, ScopeStrategy: config.GetScopeStrategy(), IDTokenHandleHelper: &openid.IDTokenHandleHelper{ IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy), }, OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)). WithRedirectSecureChecker(config.GetRedirectSecureChecker()), MinParameterEntropy: config.GetMinParameterEntropy(), } } // OpenIDConnectHybridFactory creates an OpenID Connect hybrid grant handler. // // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler! func OpenIDConnectHybridFactory(config *Config, storage interface{}, strategy interface{}) interface{} { return &openid.OpenIDConnectHybridHandler{ AuthorizeExplicitGrantHandler: &oauth2.AuthorizeExplicitGrantHandler{ AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy), RefreshTokenStrategy: strategy.(oauth2.RefreshTokenStrategy), AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy), CoreStorage: storage.(oauth2.CoreStorage), AuthCodeLifespan: config.GetAuthorizeCodeLifespan(), AccessTokenLifespan: config.GetAccessTokenLifespan(), RefreshTokenLifespan: config.GetRefreshTokenLifespan(), IsRedirectURISecure: config.GetRedirectSecureChecker(), }, ScopeStrategy: config.GetScopeStrategy(), AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{ AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy), AccessTokenStorage: storage.(oauth2.AccessTokenStorage), AccessTokenLifespan: config.GetAccessTokenLifespan(), }, IDTokenHandleHelper: &openid.IDTokenHandleHelper{ IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy), }, OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage), OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)). WithRedirectSecureChecker(config.GetRedirectSecureChecker()), MinParameterEntropy: config.GetMinParameterEntropy(), } }