(ctx context.Context, r *http.Request, request *AuthorizeRequest)
| 282 | } |
| 283 | |
| 284 | func (f *Fosite) authorizeRequestFromPAR(ctx context.Context, r *http.Request, request *AuthorizeRequest) (bool, error) { |
| 285 | configProvider, ok := f.Config.(PushedAuthorizeRequestConfigProvider) |
| 286 | if !ok { |
| 287 | // If the config provider is not implemented, PAR cannot be used. |
| 288 | return false, nil |
| 289 | } |
| 290 | |
| 291 | requestURI := r.Form.Get("request_uri") |
| 292 | if requestURI == "" || !strings.HasPrefix(requestURI, configProvider.GetPushedAuthorizeRequestURIPrefix(ctx)) { |
| 293 | // nothing to do here |
| 294 | return false, nil |
| 295 | } |
| 296 | |
| 297 | clientID := r.Form.Get("client_id") |
| 298 | |
| 299 | storage, ok := f.Store.(PARStorageProvider) |
| 300 | if !ok { |
| 301 | return false, errorsx.WithStack(ErrServerError.WithHint(ErrorPARNotSupported).WithDebug(DebugPARStorageInvalid)) |
| 302 | } |
| 303 | |
| 304 | // hydrate the requester |
| 305 | var parRequest AuthorizeRequester |
| 306 | var err error |
| 307 | if parRequest, err = storage.PARStorage().GetPARSession(ctx, requestURI); err != nil { |
| 308 | return false, errorsx.WithStack(ErrInvalidRequestURI.WithHint("Invalid PAR session").WithWrap(err).WithDebug(err.Error())) |
| 309 | } |
| 310 | |
| 311 | // hydrate the request object |
| 312 | request.Merge(parRequest) |
| 313 | request.RedirectURI = parRequest.GetRedirectURI() |
| 314 | request.ResponseTypes = parRequest.GetResponseTypes() |
| 315 | request.State = parRequest.GetState() |
| 316 | request.ResponseMode = parRequest.GetResponseMode() |
| 317 | |
| 318 | if err := storage.PARStorage().DeletePARSession(ctx, requestURI); err != nil { |
| 319 | return false, errorsx.WithStack(ErrServerError.WithWrap(err).WithDebug(err.Error())) |
| 320 | } |
| 321 | |
| 322 | // validate the clients match |
| 323 | if clientID != request.GetClient().GetID() { |
| 324 | return false, errorsx.WithStack(ErrInvalidRequest.WithHint("The 'client_id' must match the one sent in the pushed authorization request.")) |
| 325 | } |
| 326 | |
| 327 | return true, nil |
| 328 | } |
| 329 | |
| 330 | func (f *Fosite) NewAuthorizeRequest(ctx context.Context, r *http.Request) (_ AuthorizeRequester, err error) { |
| 331 | ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("github.com/ory/hydra/v2/fosite").Start(ctx, "Fosite.NewAuthorizeRequest") |
no test coverage detected