(c *gin.Context)
| 196 | } |
| 197 | |
| 198 | func (controller *OIDCController) Token(c *gin.Context) { |
| 199 | if !controller.oidc.IsConfigured() { |
| 200 | tlog.App.Warn().Msg("OIDC not configured") |
| 201 | c.JSON(404, gin.H{ |
| 202 | "error": "not_found", |
| 203 | }) |
| 204 | return |
| 205 | } |
| 206 | |
| 207 | var req TokenRequest |
| 208 | |
| 209 | err := c.Bind(&req) |
| 210 | if err != nil { |
| 211 | tlog.App.Error().Err(err).Msg("Failed to bind token request") |
| 212 | c.JSON(400, gin.H{ |
| 213 | "error": "invalid_request", |
| 214 | }) |
| 215 | return |
| 216 | } |
| 217 | |
| 218 | err = controller.oidc.ValidateGrantType(req.GrantType) |
| 219 | if err != nil { |
| 220 | tlog.App.Warn().Str("grant_type", req.GrantType).Msg("Unsupported grant type") |
| 221 | c.JSON(400, gin.H{ |
| 222 | "error": err.Error(), |
| 223 | }) |
| 224 | return |
| 225 | } |
| 226 | |
| 227 | // First we try form values |
| 228 | creds := ClientCredentials{ |
| 229 | ClientID: req.ClientID, |
| 230 | ClientSecret: req.ClientSecret, |
| 231 | } |
| 232 | |
| 233 | // If it fails, we try basic auth |
| 234 | if creds.ClientID == "" || creds.ClientSecret == "" { |
| 235 | tlog.App.Debug().Msg("Tried form values and they are empty, trying basic auth") |
| 236 | |
| 237 | clientId, clientSecret, ok := c.Request.BasicAuth() |
| 238 | |
| 239 | if !ok { |
| 240 | tlog.App.Error().Msg("Missing authorization header") |
| 241 | c.Header("www-authenticate", `Basic realm="Tinyauth OIDC Token Endpoint"`) |
| 242 | c.JSON(400, gin.H{ |
| 243 | "error": "invalid_client", |
| 244 | }) |
| 245 | return |
| 246 | } |
| 247 | |
| 248 | creds.ClientID = clientId |
| 249 | creds.ClientSecret = clientSecret |
| 250 | } |
| 251 | |
| 252 | // END - we don't support other authentication methods |
| 253 | |
| 254 | client, ok := controller.oidc.GetClient(creds.ClientID) |
| 255 |
nothing calls this directly
no test coverage detected