( ctx context.Context, w http.ResponseWriter, r *http.Request, ar fosite.AuthorizeRequester, session *flow.LoginSession, f *flow.Flow, )
| 188 | } |
| 189 | |
| 190 | func (s *defaultStrategy) forwardAuthenticationRequest( |
| 191 | ctx context.Context, |
| 192 | w http.ResponseWriter, |
| 193 | r *http.Request, |
| 194 | ar fosite.AuthorizeRequester, |
| 195 | session *flow.LoginSession, |
| 196 | f *flow.Flow, |
| 197 | ) error { |
| 198 | sessionID := uuid.New() |
| 199 | skip := false |
| 200 | subject := "" |
| 201 | authenticatedAt := time.Time{} |
| 202 | |
| 203 | if session != nil { |
| 204 | sessionID = session.ID |
| 205 | skip = true |
| 206 | subject = session.Subject |
| 207 | authenticatedAt = time.Time(session.AuthenticatedAt) |
| 208 | } |
| 209 | |
| 210 | // Let's validate that prompt is actually not "none" if we can't skip authentication |
| 211 | prompt := stringsx.Splitx(ar.GetRequestForm().Get("prompt"), " ") |
| 212 | if slices.Contains(prompt, "none") && !skip { |
| 213 | return errors.WithStack(fosite.ErrLoginRequired.WithHint(`Prompt 'none' was requested, but no existing login session was found.`)) |
| 214 | } |
| 215 | |
| 216 | // Set up csrf/challenge/verifier values |
| 217 | challenge := strings.ReplaceAll(uuid.New(), "-", "") |
| 218 | csrf := strings.ReplaceAll(uuid.New(), "-", "") |
| 219 | |
| 220 | // Generate the request URL |
| 221 | var requestURL string |
| 222 | if f != nil { |
| 223 | requestURL = f.RequestURL |
| 224 | } else { |
| 225 | oauth2URL := s.r.Config().OAuth2AuthURL(ctx) |
| 226 | oauth2URL.RawQuery = r.URL.RawQuery |
| 227 | requestURL = oauth2URL.String() |
| 228 | } |
| 229 | |
| 230 | var idTokenHintClaims jwt.MapClaims |
| 231 | if idTokenHint := ar.GetRequestForm().Get("id_token_hint"); len(idTokenHint) > 0 { |
| 232 | claims, err := s.getIDTokenHintClaims(ctx, idTokenHint) |
| 233 | if err != nil { |
| 234 | return err |
| 235 | } |
| 236 | |
| 237 | idTokenHintClaims = claims |
| 238 | } |
| 239 | |
| 240 | // Set the session |
| 241 | cl := sanitizeClientFromRequest(ar) |
| 242 | |
| 243 | if f == nil { |
| 244 | // Regular grant |
| 245 | f = &flow.Flow{ |
| 246 | ID: challenge, |
| 247 | RequestedScope: []string(ar.GetRequestedScopes()), |
no test coverage detected