MCPcopy
hub / github.com/tinyauthapp/tinyauth / Authorize

Method Authorize

internal/controller/oidc_controller.go:108–196  ·  view source on GitHub ↗
(c *gin.Context)

Source from the content-addressed store, hash-verified

106}
107
108func (controller *OIDCController) Authorize(c *gin.Context) {
109 if !controller.oidc.IsConfigured() {
110 controller.authorizeError(c, errors.New("err_oidc_not_configured"), "OIDC not configured", "This instance is not configured for OIDC", "", "", "")
111 return
112 }
113
114 userContext, err := utils.GetContext(c)
115
116 if err != nil {
117 controller.authorizeError(c, err, "Failed to get user context", "User is not logged in or the session is invalid", "", "", "")
118 return
119 }
120
121 if !userContext.IsLoggedIn {
122 controller.authorizeError(c, errors.New("err user not logged in"), "User not logged in", "The user is not logged in", "", "", "")
123 return
124 }
125
126 var req service.AuthorizeRequest
127
128 err = c.BindJSON(&req)
129 if err != nil {
130 controller.authorizeError(c, err, "Failed to bind JSON", "The client provided an invalid authorization request", "", "", "")
131 return
132 }
133
134 client, ok := controller.oidc.GetClient(req.ClientID)
135
136 if !ok {
137 controller.authorizeError(c, err, "Client not found", "The client ID is invalid", "", "", "")
138 return
139 }
140
141 err = controller.oidc.ValidateAuthorizeParams(req)
142
143 if err != nil {
144 tlog.App.Error().Err(err).Msg("Failed to validate authorize params")
145 if err.Error() != "invalid_request_uri" {
146 controller.authorizeError(c, err, "Failed validate authorize params", "Invalid request parameters", req.RedirectURI, err.Error(), req.State)
147 return
148 }
149 controller.authorizeError(c, err, "Redirect URI not trusted", "The provided redirect URI is not trusted", "", "", "")
150 return
151 }
152
153 // WARNING: Since Tinyauth is stateless, we cannot have a sub that never changes. We will just create a uuid out of the username and client name which remains stable, but if username or client name changes then sub changes too.
154 sub := utils.GenerateUUID(fmt.Sprintf("%s:%s", userContext.Username, client.ID))
155 code := utils.GenerateString(32)
156
157 // Before storing the code, delete old session
158 err = controller.oidc.DeleteOldSession(c, sub)
159 if err != nil {
160 controller.authorizeError(c, err, "Failed to delete old sessions", "Failed to delete old sessions", req.RedirectURI, "server_error", req.State)
161 return
162 }
163
164 err = controller.oidc.StoreCode(c, sub, code, req)
165

Callers

nothing calls this directly

Calls 10

authorizeErrorMethod · 0.95
GetContextFunction · 0.92
GenerateUUIDFunction · 0.92
GenerateStringFunction · 0.92
GetClientMethod · 0.80
DeleteOldSessionMethod · 0.80
StoreCodeMethod · 0.80
StoreUserinfoMethod · 0.80
IsConfiguredMethod · 0.45

Tested by

no test coverage detected