MCPcopy
hub / github.com/ory/hydra / verifyConsent

Method verifyConsent

consent/strategy_default.go:619–664  ·  view source on GitHub ↗
(ctx context.Context, _ http.ResponseWriter, r *http.Request, verifier string)

Source from the content-addressed store, hash-verified

617}
618
619func (s *defaultStrategy) verifyConsent(ctx context.Context, _ http.ResponseWriter, r *http.Request, verifier string) (_ *flow.Flow, err error) {
620 ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("").Start(ctx, "DefaultStrategy.verifyConsent")
621 defer otelx.End(span, &err)
622
623 f, err := flow.DecodeAndInvalidateConsentVerifier(ctx, s.r, verifier)
624 if errors.Is(err, sqlcon.ErrNoRows) {
625 return nil, errors.WithStack(fosite.ErrAccessDenied.WithHint("The consent verifier has already been used, has not been granted, or is invalid."))
626 } else if err != nil {
627 return nil, err
628 } else if f.Client.GetID() != r.URL.Query().Get("client_id") {
629 return nil, errors.WithStack(fosite.ErrInvalidClient.WithHint("The flow client id does not match the authorize request client id."))
630 }
631
632 if f.ConsentError.IsError() {
633 f.ConsentError.SetDefaults(flow.ConsentRequestDeniedErrorName)
634 return nil, errors.WithStack(f.ConsentError.ToRFCError())
635 }
636
637 if err := s.r.ConsentManager().CreateConsentSession(ctx, f); errors.Is(err, sqlcon.ErrUniqueViolation) {
638 return nil, errors.WithStack(fosite.ErrAccessDenied.WithHint("The consent verifier has already been used."))
639 } else if errors.Is(err, sqlcon.ErrNoRows) {
640 return nil, errors.WithStack(fosite.ErrAccessDenied.WithHint("The consent verifier has already been used, has not been granted, or is invalid."))
641 } else if err != nil {
642 return nil, err
643 }
644
645 store, err := s.r.CookieStore(ctx)
646 if err != nil {
647 return nil, err
648 }
649
650 clientSpecificCookieNameConsentCSRF := fmt.Sprintf("%s_%s", s.r.Config().CookieNameConsentCSRF(ctx), f.Client.CookieSuffix())
651 if err := validateCSRFCookie(ctx, r, s.r.Config(), store, clientSpecificCookieNameConsentCSRF, f.ConsentCSRF.String()); err != nil {
652 return nil, err
653 }
654
655 if f.SessionAccessToken == nil {
656 f.SessionAccessToken = map[string]interface{}{}
657 }
658
659 if f.SessionIDToken == nil {
660 f.SessionIDToken = map[string]interface{}{}
661 }
662
663 return f, nil
664}
665
666func (s *defaultStrategy) generateFrontChannelLogoutURLs(ctx context.Context, subject, sid string) ([]string, error) {
667 clients, err := s.r.ConsentManager().ListUserAuthenticatedClientsWithFrontChannelLogout(ctx, subject, sid)

Calls 15

validateCSRFCookieFunction · 0.85
WithHintMethod · 0.80
IsErrorMethod · 0.80
SetDefaultsMethod · 0.80
ToRFCErrorMethod · 0.80
CookieNameConsentCSRFMethod · 0.80
CookieSuffixMethod · 0.80
TracerMethod · 0.65
GetIDMethod · 0.65
GetMethod · 0.65
CreateConsentSessionMethod · 0.65

Tested by

no test coverage detected