MCPcopy
hub / github.com/ory/hydra / forwardAuthenticationRequest

Method forwardAuthenticationRequest

consent/strategy_default.go:190–314  ·  view source on GitHub ↗
(
	ctx context.Context,
	w http.ResponseWriter,
	r *http.Request,
	ar fosite.AuthorizeRequester,
	session *flow.LoginSession,
	f *flow.Flow,
)

Source from the content-addressed store, hash-verified

188}
189
190func (s *defaultStrategy) forwardAuthenticationRequest(
191 ctx context.Context,
192 w http.ResponseWriter,
193 r *http.Request,
194 ar fosite.AuthorizeRequester,
195 session *flow.LoginSession,
196 f *flow.Flow,
197) error {
198 sessionID := uuid.New()
199 skip := false
200 subject := ""
201 authenticatedAt := time.Time{}
202
203 if session != nil {
204 sessionID = session.ID
205 skip = true
206 subject = session.Subject
207 authenticatedAt = time.Time(session.AuthenticatedAt)
208 }
209
210 // Let's validate that prompt is actually not "none" if we can't skip authentication
211 prompt := stringsx.Splitx(ar.GetRequestForm().Get("prompt"), " ")
212 if slices.Contains(prompt, "none") && !skip {
213 return errors.WithStack(fosite.ErrLoginRequired.WithHint(`Prompt 'none' was requested, but no existing login session was found.`))
214 }
215
216 // Set up csrf/challenge/verifier values
217 challenge := strings.ReplaceAll(uuid.New(), "-", "")
218 csrf := strings.ReplaceAll(uuid.New(), "-", "")
219
220 // Generate the request URL
221 var requestURL string
222 if f != nil {
223 requestURL = f.RequestURL
224 } else {
225 oauth2URL := s.r.Config().OAuth2AuthURL(ctx)
226 oauth2URL.RawQuery = r.URL.RawQuery
227 requestURL = oauth2URL.String()
228 }
229
230 var idTokenHintClaims jwt.MapClaims
231 if idTokenHint := ar.GetRequestForm().Get("id_token_hint"); len(idTokenHint) > 0 {
232 claims, err := s.getIDTokenHintClaims(ctx, idTokenHint)
233 if err != nil {
234 return err
235 }
236
237 idTokenHintClaims = claims
238 }
239
240 // Set the session
241 cl := sanitizeClientFromRequest(ar)
242
243 if f == nil {
244 // Regular grant
245 f = &flow.Flow{
246 ID: challenge,
247 RequestedScope: []string(ar.GetRequestedScopes()),

Callers 1

requestAuthenticationMethod · 0.95

Calls 15

getIDTokenHintClaimsMethod · 0.95
setCSRFCookieFunction · 0.85
WithHintMethod · 0.80
OAuth2AuthURLMethod · 0.80
CookieNameLoginCSRFMethod · 0.80
CookieSuffixMethod · 0.80
ConsentRequestMaxAgeMethod · 0.80
ToLoginChallengeMethod · 0.80
RegistrationURLMethod · 0.80
LoginURLMethod · 0.80
GetMethod · 0.65

Tested by

no test coverage detected