feat: support app-based OIDC flows

ory · Apr 18, 2023 · 1e5f9ff · 1e5f9ff
1 parent 2e72c5b
commit 1e5f9ff
Show file tree

Hide file tree

Showing 56 changed files with 2,180 additions and 86 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -203,13 +203,23 @@ jobs:
           echo 'RN_UI_PATH='"$(realpath react-native-ui)" >> $GITHUB_ENV
           echo 'NODE_UI_PATH='"$(realpath node-ui)" >> $GITHUB_ENV
           echo 'REACT_UI_PATH='"$(realpath react-ui)" >> $GITHUB_ENV
-      - run: |
-          ./test/e2e/run.sh ${{ matrix.database }}
+      - name: "Run Cypress tests"
+        run: ./test/e2e/run.sh ${{ matrix.database }}
         env:
           RN_UI_PATH: react-native-ui
           NODE_UI_PATH: node-ui
           REACT_UI_PATH: react-ui
           CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
+      #      TODO(hperl): Enable this once the React Native app uses the new SDK
+      #      - name: "Run Playwright tests"
+      #        run: |
+      #          cd test/e2e
+      #          npm run playwright
+      #        env:
+      #          DB: ${{ matrix.database }}
+      #          RN_UI_PATH: react-native-ui
+      #          NODE_UI_PATH: node-ui
+      #          REACT_UI_PATH: react-ui
       - if: failure()
         uses: actions/upload-artifact@v2
         with:

diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@ test/e2e/.bin
 pkged.go
 coverage.*
 schema.sql
+*.sqlite
 heap_profiler/
 goroutine_dump/
 inflight_trace_dump/

diff --git a/cmd/cleanup/sql_test.go b/cmd/cleanup/sql_test.go
@@ -15,13 +15,13 @@ func Test_ExecuteCleanupFailedDSN(t *testing.T) {
 	b := bytes.NewBufferString("")
 	cmd.SetOut(b)
 	cmd.SetArgs([]string{"--read-from-env=false"})
-	cmd.Execute()
+	_ = cmd.Execute()
 	out, err := io.ReadAll(b)
 	if err != nil {
 		t.Fatal(err)
 	}
 	if !strings.Contains(string(out), "expected to get the DSN as an argument") {
 		t.Fatalf("expected \"%s\" got \"%s\"", "expected to get the DSN as an argument", string(out))
 	}
-	cmd.Execute()
+	_ = cmd.Execute()
 }
diff --git a/driver/registry.go b/driver/registry.go
@@ -6,6 +6,7 @@ package driver
 import (
 	"context"
 
+	"github.com/ory/kratos/selfservice/sessiontokenexchange"
 	"github.com/ory/x/contextx"
 	"github.com/ory/x/jsonnetsecure"
 	"github.com/ory/x/otelx"
@@ -138,6 +139,9 @@ type Registry interface {
 	verification.HandlerProvider
 	verification.StrategyProvider
 
+	sessiontokenexchange.HandlerProvider
+	sessiontokenexchange.PersistenceProvider
+
 	link.SenderProvider
 	link.VerificationTokenPersistenceProvider
 	link.RecoveryTokenPersistenceProvider

diff --git a/driver/registry_default.go b/driver/registry_default.go
@@ -11,6 +11,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/ory/kratos/selfservice/sessiontokenexchange"
 	"github.com/ory/x/contextx"
 	"github.com/ory/x/jsonnetsecure"
 
@@ -132,6 +133,8 @@ type RegistryDefault struct {
 	selfserviceLoginHandler             *login.Handler
 	selfserviceLoginRequestErrorHandler *login.ErrorHandler
 
+	sessionTokenExchangeHandler *sessiontokenexchange.Handler
+
 	selfserviceSettingsHandler      *settings.Handler
 	selfserviceSettingsErrorHandler *settings.ErrorHandler
 	selfserviceSettingsExecutor     *settings.HookExecutor
@@ -187,6 +190,7 @@ func (m *RegistryDefault) RegisterPublicRoutes(ctx context.Context, router *x.Ro
 	m.SessionHandler().RegisterPublicRoutes(router)
 	m.SelfServiceErrorHandler().RegisterPublicRoutes(router)
 	m.SchemaHandler().RegisterPublicRoutes(router)
+	m.SessionTokenExchangeHandler().RegisterPublicRoutes(router)
 
 	m.AllRecoveryStrategies().RegisterPublicRoutes(router)
 	m.RecoveryHandler().RegisterPublicRoutes(router)
@@ -206,6 +210,7 @@ func (m *RegistryDefault) RegisterAdminRoutes(ctx context.Context, router *x.Rou
 	m.IdentityHandler().RegisterAdminRoutes(router)
 	m.CourierHandler().RegisterAdminRoutes(router)
 	m.SelfServiceErrorHandler().RegisterAdminRoutes(router)
+	m.SessionTokenExchangeHandler().RegisterAdminRoutes(router)
 
 	m.RecoveryHandler().RegisterAdminRoutes(router)
 	m.AllRecoveryStrategies().RegisterAdminRoutes(router)

diff --git a/driver/registry_default_sessiontokenexchange.go b/driver/registry_default_sessiontokenexchange.go
@@ -0,0 +1,18 @@
+// Copyright © 2023 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package driver
+
+import "github.com/ory/kratos/selfservice/sessiontokenexchange"
+
+func (m *RegistryDefault) SessionTokenExchangeHandler() *sessiontokenexchange.Handler {
+	if m.sessionTokenExchangeHandler == nil {
+		m.sessionTokenExchangeHandler = sessiontokenexchange.NewHandler(m)
+	}
+
+	return m.sessionTokenExchangeHandler
+}
+
+func (m *RegistryDefault) SessionTokenExchangePersister() sessiontokenexchange.Persister {
+	return m.Persister()
+}
diff --git a/internal/client-go/.openapi-generator/FILES b/internal/client-go/.openapi-generator/FILES
@@ -75,6 +75,7 @@ docs/SessionAuthenticationMethod.md
 docs/SessionDevice.md
 docs/SettingsFlow.md
 docs/SettingsFlowState.md
+docs/SuccessfulCodeExchangeResponse.md
 docs/SuccessfulNativeLogin.md
 docs/SuccessfulNativeRegistration.md
 docs/TokenPagination.md
@@ -183,6 +184,7 @@ model_session_authentication_method.go
 model_session_device.go
 model_settings_flow.go
 model_settings_flow_state.go
+model_successful_code_exchange_response.go
 model_successful_native_login.go
 model_successful_native_registration.go
 model_token_pagination.go

diff --git a/internal/client-go/README.md b/internal/client-go/README.md
@@ -94,6 +94,7 @@ Class | Method | HTTP request | Description
 *FrontendApi* | [**CreateNativeVerificationFlow**](docs/FrontendApi.md#createnativeverificationflow) | **Get** /self-service/verification/api | Create Verification Flow for Native Apps
 *FrontendApi* | [**DisableMyOtherSessions**](docs/FrontendApi.md#disablemyothersessions) | **Delete** /sessions | Disable my other sessions
 *FrontendApi* | [**DisableMySession**](docs/FrontendApi.md#disablemysession) | **Delete** /sessions/{id} | Disable one of my sessions
+*FrontendApi* | [**ExchangeSessionToken**](docs/FrontendApi.md#exchangesessiontoken) | **Get** /self-service/exchange-code-for-session-token | Exchange Session Token
 *FrontendApi* | [**GetFlowError**](docs/FrontendApi.md#getflowerror) | **Get** /self-service/errors | Get User-Flow Errors
 *FrontendApi* | [**GetLoginFlow**](docs/FrontendApi.md#getloginflow) | **Get** /self-service/login/flows | Get Login Flow
 *FrontendApi* | [**GetRecoveryFlow**](docs/FrontendApi.md#getrecoveryflow) | **Get** /self-service/recovery/flows | Get Recovery Flow
@@ -198,6 +199,7 @@ Class | Method | HTTP request | Description
  - [SessionDevice](docs/SessionDevice.md)
  - [SettingsFlow](docs/SettingsFlow.md)
  - [SettingsFlowState](docs/SettingsFlowState.md)
+ - [SuccessfulCodeExchangeResponse](docs/SuccessfulCodeExchangeResponse.md)
  - [SuccessfulNativeLogin](docs/SuccessfulNativeLogin.md)
  - [SuccessfulNativeRegistration](docs/SuccessfulNativeRegistration.md)
  - [TokenPagination](docs/TokenPagination.md)