ValidateAccessTokenRequest validates the token request parameters including authorization check of the client and returns the previous created auth request corresponding to the auth code
(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger)
| 49 | // ValidateAccessTokenRequest validates the token request parameters including authorization check of the client |
| 50 | // and returns the previous created auth request corresponding to the auth code |
| 51 | func ValidateAccessTokenRequest(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, Client, error) { |
| 52 | ctx, span := Tracer.Start(ctx, "ValidateAccessTokenRequest") |
| 53 | defer span.End() |
| 54 | |
| 55 | authReq, client, err := AuthorizeCodeClient(ctx, tokenReq, exchanger) |
| 56 | if err != nil { |
| 57 | return nil, nil, err |
| 58 | } |
| 59 | if client.GetID() != authReq.GetClientID() { |
| 60 | return nil, nil, oidc.ErrInvalidGrant() |
| 61 | } |
| 62 | if !ValidateGrantType(client, oidc.GrantTypeCode) { |
| 63 | return nil, nil, oidc.ErrUnauthorizedClient().WithDescription("client missing grant type " + string(oidc.GrantTypeCode)) |
| 64 | } |
| 65 | if tokenReq.RedirectURI != authReq.GetRedirectURI() { |
| 66 | return nil, nil, oidc.ErrInvalidGrant().WithDescription("redirect_uri does not correspond") |
| 67 | } |
| 68 | return authReq, client, nil |
| 69 | } |
| 70 | |
| 71 | // AuthorizeCodeClient checks the authorization of the client and that the used method was the one previously registered. |
| 72 | // It than returns the auth request corresponding to the auth code |
no test coverage detected
searching dependent graphs…