Skip to content

Commit

Permalink
feat: include config params for PAR, JARM, and DPoP (#312)
Browse files Browse the repository at this point in the history
- PAR: Pushed Authorization Requests
- JARM: JWT Secured Authorization Response Mode
- DPoP: Demonstrating Proof of Possession

Extracted from paulswartz#3
  • Loading branch information
paulswartz authored Dec 16, 2023
1 parent b5c266d commit e567c01
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 2 deletions.
14 changes: 14 additions & 0 deletions include/oidcc_provider_configuration.hrl
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,20 @@
code_challenge_methods_supported = undefined :: [binary()] | undefined,
%% OpenID Connect RP-Initiated Logout 1.0
end_session_endpoint = undefined :: uri_string:uri_string() | undefined,
%% OAuth 2.0 Pushed Authorization Requests
require_pushed_authorization_requests = false :: boolean(),
%% OAuth 2.0 Pushed Authorization Requests
pushed_authorization_request_endpoint = undefined :: uri_string:uri_string() | undefined,
%% JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
authorization_signing_alg_values_supported = undefined :: [binary()] | undefined,
%% JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
authorization_encryption_alg_values_supported = undefined :: [binary()] | undefined,
%% JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
authorization_encryption_enc_values_supported = undefined :: [binary()] | undefined,
%% OAuth 2.0 Authorization Server Issuer Identification (RFC9207)
authorization_response_iss_parameter_supported = false :: boolean(),
%% OAuth 2.0 Demonstrating Proof of Possession (DPoP)
dpop_signing_alg_values_supported = undefined :: [binary()] | undefined,
%% Unknown Fields
extra_fields = #{} :: #{binary() => term()}
}
Expand Down
7 changes: 7 additions & 0 deletions lib/oidcc/provider_configuration.ex
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,13 @@ defmodule Oidcc.ProviderConfiguration do
introspection_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined,
code_challenge_methods_supported: [String.t()] | :undefined,
end_session_endpoint: :uri_string.uri_string() | :undefined,
require_pushed_authorization_requests: boolean(),
pushed_authorization_request_endpoint: :uri_string.uri_string() | :undefined,
authorization_response_iss_parameter_supported: boolean(),
authorization_signing_alg_values_supported: [String.t()] | :undefined,
authorization_encryption_alg_values_supported: [String.t()] | :undefined,
authorization_encryption_enc_values_supported: [String.t()] | :undefined,
dpop_signing_alg_values_supported: [String.t()] | :undefined,
extra_fields: %{String.t() => term()}
}

Expand Down
49 changes: 47 additions & 2 deletions src/oidcc_provider_configuration.erl
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,13 @@
[binary()] | undefined,
code_challenge_methods_supported :: [binary()] | undefined,
end_session_endpoint :: uri_string:uri_string() | undefined,
require_pushed_authorization_requests :: boolean(),
pushed_authorization_request_endpoint :: uri_string:uri_string() | undefined,
authorization_signing_alg_values_supported :: [binary()] | undefined,
authorization_encryption_alg_values_supported :: [binary()] | undefined,
authorization_encryption_enc_values_supported :: [binary()] | undefined,
authorization_response_iss_parameter_supported :: boolean(),
dpop_signing_alg_values_supported :: [binary()] | undefined,
extra_fields :: #{binary() => term()}
}.
%% Record containing OpenID and OAuth 2.0 Configuration
Expand Down Expand Up @@ -339,7 +346,18 @@ decode_configuration(Configuration0, Opts) ->
introspection_endpoint_auth_signing_alg_values_supported :=
IntrospectionEndpointAuthSigningAlgValuesSupported,
code_challenge_methods_supported := CodeChallengeMethodsSupported,
end_session_endpoint := EndSessionEndpoint
end_session_endpoint := EndSessionEndpoint,
require_pushed_authorization_requests := RequirePushedAuthorizationRequests,
pushed_authorization_request_endpoint := PushedAuthorizationRequestEndpoint,
authorization_signing_alg_values_supported :=
AuthorizationSigningAlgValuesSupported,
authorization_encryption_alg_values_supported :=
AuthorizationEncryptionAlgValuesSupported,
authorization_encryption_enc_values_supported :=
AuthorizationEncryptionEncValuesSupported,
authorization_response_iss_parameter_supported :=
AuthorizationResponseIssParameterSupported,
dpop_signing_alg_values_supported := DpopSigningAlgValuesSupported
},
ExtraFields
}} ?=
Expand Down Expand Up @@ -431,7 +449,24 @@ decode_configuration(Configuration0, Opts) ->
case AllowUnsafeHttp of
true -> fun oidcc_decode_util:parse_setting_uri/2;
false -> fun oidcc_decode_util:parse_setting_uri_https/2
end}
end},
{optional, require_pushed_authorization_requests, false,
fun oidcc_decode_util:parse_setting_boolean/2},
{optional, pushed_authorization_request_endpoint, undefined,
case AllowUnsafeHttp of
true -> fun oidcc_decode_util:parse_setting_uri/2;
false -> fun oidcc_decode_util:parse_setting_uri_https/2
end},
{optional, authorization_signing_alg_values_supported, undefined,
fun parse_token_signing_alg_values_no_none/2},
{optional, authorization_encryption_alg_values_supported, undefined,
fun oidcc_decode_util:parse_setting_binary_list/2},
{optional, authorization_encryption_enc_values_supported, undefined,
fun oidcc_decode_util:parse_setting_binary_list/2},
{optional, authorization_response_iss_parameter_supported, false,
fun oidcc_decode_util:parse_setting_boolean/2},
{optional, dpop_signing_alg_values_supported, undefined,
fun parse_token_signing_alg_values_no_none/2}
],
#{}
),
Expand Down Expand Up @@ -497,6 +532,16 @@ decode_configuration(Configuration0, Opts) ->
code_challenge_methods_supported =
CodeChallengeMethodsSupported,
end_session_endpoint = EndSessionEndpoint,
require_pushed_authorization_requests = RequirePushedAuthorizationRequests,
pushed_authorization_request_endpoint = PushedAuthorizationRequestEndpoint,
authorization_signing_alg_values_supported = AuthorizationSigningAlgValuesSupported,
authorization_encryption_alg_values_supported =
AuthorizationEncryptionAlgValuesSupported,
authorization_encryption_enc_values_supported =
AuthorizationEncryptionEncValuesSupported,
authorization_response_iss_parameter_supported =
AuthorizationResponseIssParameterSupported,
dpop_signing_alg_values_supported = DpopSigningAlgValuesSupported,
extra_fields = ExtraFields
}}
end.
Expand Down

0 comments on commit e567c01

Please sign in to comment.