(c *gin.Context, sub string, code string, req AuthorizeRequest)
| 312 | } |
| 313 | |
| 314 | func (service *OIDCService) StoreCode(c *gin.Context, sub string, code string, req AuthorizeRequest) error { |
| 315 | // Fixed 10 minutes |
| 316 | expiresAt := time.Now().Add(time.Minute * time.Duration(10)).Unix() |
| 317 | |
| 318 | entry := repository.CreateOidcCodeParams{ |
| 319 | Sub: sub, |
| 320 | CodeHash: service.Hash(code), |
| 321 | // Here it's safe to split and trust the output since, we validated the scopes before |
| 322 | Scope: strings.Join(service.filterScopes(strings.Split(req.Scope, " ")), ","), |
| 323 | RedirectURI: req.RedirectURI, |
| 324 | ClientID: req.ClientID, |
| 325 | ExpiresAt: expiresAt, |
| 326 | Nonce: req.Nonce, |
| 327 | } |
| 328 | |
| 329 | if req.CodeChallenge != "" { |
| 330 | if req.CodeChallengeMethod == "S256" { |
| 331 | entry.CodeChallenge = req.CodeChallenge |
| 332 | } else { |
| 333 | entry.CodeChallenge = service.hashAndEncodePKCE(req.CodeChallenge) |
| 334 | tlog.App.Warn().Msg("Received plain PKCE code challenge, it's recommended to use S256 for better security") |
| 335 | } |
| 336 | } |
| 337 | |
| 338 | // Insert the code into the database |
| 339 | _, err := service.queries.CreateOidcCode(c, entry) |
| 340 | |
| 341 | return err |
| 342 | } |
| 343 | |
| 344 | func (service *OIDCService) StoreUserinfo(c *gin.Context, sub string, userContext config.UserContext, req AuthorizeRequest) error { |
| 345 | userInfoParams := repository.CreateOidcUserInfoParams{ |
no test coverage detected