| 138 | type clientHandler func(w http.ResponseWriter, r *http.Request, client Client) |
| 139 | |
| 140 | func (s *webServer) withClient(handler clientHandler) http.HandlerFunc { |
| 141 | return func(w http.ResponseWriter, r *http.Request) { |
| 142 | ctx, span := Tracer.Start(r.Context(), r.URL.Path) |
| 143 | defer span.End() |
| 144 | r = r.WithContext(ctx) |
| 145 | |
| 146 | client, err := s.verifyRequestClient(r) |
| 147 | if err != nil { |
| 148 | WriteError(w, r, err, s.getLogger(r.Context())) |
| 149 | return |
| 150 | } |
| 151 | if grantType := oidc.GrantType(r.Form.Get("grant_type")); grantType != "" { |
| 152 | if !ValidateGrantType(client, grantType) { |
| 153 | WriteError(w, r, oidc.ErrUnauthorizedClient().WithDescription("grant_type %q not allowed", grantType), s.getLogger(r.Context())) |
| 154 | return |
| 155 | } |
| 156 | } |
| 157 | handler(w, r, client) |
| 158 | } |
| 159 | } |
| 160 | |
| 161 | func (s *webServer) verifyRequestClient(r *http.Request) (_ Client, err error) { |
| 162 | cc, err := s.parseClientCredentials(r) |