MCPcopy Index your code
hub / github.com/tinyauthapp/tinyauth / Token

Method Token

internal/controller/oidc_controller.go:198–372  ·  view source on GitHub ↗
(c *gin.Context)

Source from the content-addressed store, hash-verified

196}
197
198func (controller *OIDCController) Token(c *gin.Context) {
199 if !controller.oidc.IsConfigured() {
200 tlog.App.Warn().Msg("OIDC not configured")
201 c.JSON(404, gin.H{
202 "error": "not_found",
203 })
204 return
205 }
206
207 var req TokenRequest
208
209 err := c.Bind(&req)
210 if err != nil {
211 tlog.App.Error().Err(err).Msg("Failed to bind token request")
212 c.JSON(400, gin.H{
213 "error": "invalid_request",
214 })
215 return
216 }
217
218 err = controller.oidc.ValidateGrantType(req.GrantType)
219 if err != nil {
220 tlog.App.Warn().Str("grant_type", req.GrantType).Msg("Unsupported grant type")
221 c.JSON(400, gin.H{
222 "error": err.Error(),
223 })
224 return
225 }
226
227 // First we try form values
228 creds := ClientCredentials{
229 ClientID: req.ClientID,
230 ClientSecret: req.ClientSecret,
231 }
232
233 // If it fails, we try basic auth
234 if creds.ClientID == "" || creds.ClientSecret == "" {
235 tlog.App.Debug().Msg("Tried form values and they are empty, trying basic auth")
236
237 clientId, clientSecret, ok := c.Request.BasicAuth()
238
239 if !ok {
240 tlog.App.Error().Msg("Missing authorization header")
241 c.Header("www-authenticate", `Basic realm="Tinyauth OIDC Token Endpoint"`)
242 c.JSON(400, gin.H{
243 "error": "invalid_client",
244 })
245 return
246 }
247
248 creds.ClientID = clientId
249 creds.ClientSecret = clientSecret
250 }
251
252 // END - we don't support other authentication methods
253
254 client, ok := controller.oidc.GetClient(creds.ClientID)
255

Callers

nothing calls this directly

Calls 10

BindMethod · 0.80
ValidateGrantTypeMethod · 0.80
GetClientMethod · 0.80
GetCodeEntryMethod · 0.80
HashMethod · 0.80
DeleteTokenByCodeHashMethod · 0.80
ValidatePKCEMethod · 0.80
GenerateAccessTokenMethod · 0.80
RefreshAccessTokenMethod · 0.80
IsConfiguredMethod · 0.45

Tested by

no test coverage detected