summaryrefslogtreecommitdiff
path: root/internal/handlers/handler_oidc_authorization.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/handlers/handler_oidc_authorization.go')
-rw-r--r--internal/handlers/handler_oidc_authorization.go18
1 files changed, 12 insertions, 6 deletions
diff --git a/internal/handlers/handler_oidc_authorization.go b/internal/handlers/handler_oidc_authorization.go
index 2099b9af1..86bb74b49 100644
--- a/internal/handlers/handler_oidc_authorization.go
+++ b/internal/handlers/handler_oidc_authorization.go
@@ -28,8 +28,7 @@ func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWr
err error
)
- requester, err = ctx.Providers.OpenIDConnect.NewAuthorizeRequest(ctx, r)
- if requester == nil {
+ if requester, err = ctx.Providers.OpenIDConnect.NewAuthorizeRequest(ctx, r); requester == nil {
err = oauthelia2.ErrServerError.WithDebug("The requester was nil.")
ctx.Logger.Errorf("Authorization Request failed with error: %s", oauthelia2.ErrorToDebugRFC6749Error(err))
@@ -81,7 +80,6 @@ func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWr
var (
issuer *url.URL
- details *authentication.UserDetails
userSession session.UserSession
consent *model.OAuth2ConsentSession
handled bool
@@ -119,7 +117,9 @@ func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWr
return
}
- if details, err = ctx.Providers.UserProvider.GetDetails(userSession.Username); err != nil {
+ var details *authentication.UserDetailsExtended
+
+ if details, err = ctx.Providers.UserProvider.GetDetailsExtended(userSession.Username); err != nil {
ctx.Logger.WithError(err).Errorf("Authorization Request with id '%s' on client with id '%s' using policy '%s' could not be processed: error occurred retrieving user details for '%s' from the backend", requester.GetID(), client.GetID(), policy.Name, userSession.Username)
ctx.Providers.OpenIDConnect.WriteAuthorizeError(ctx, rw, requester, oauthelia2.ErrServerError.WithHint("Could not obtain the users details."))
@@ -127,11 +127,17 @@ func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWr
return
}
- extraClaims := oidcGrantRequests(requester, consent, details)
+ var requests *oidc.ClaimsRequests
+
+ extra := map[string]any{}
+
+ if requests, handled = handleOAuth2AuthorizationClaims(ctx, rw, r, "Authorization", userSession, details, client, requester, issuer, consent, extra); handled {
+ return
+ }
ctx.Logger.Debugf("Authorization Request with id '%s' on client with id '%s' was successfully processed, proceeding to build Authorization Response", requester.GetID(), clientID)
- session := oidc.NewSessionWithAuthorizeRequest(ctx, issuer, ctx.Providers.OpenIDConnect.KeyManager.GetKeyID(ctx, client.GetIDTokenSignedResponseKeyID(), client.GetIDTokenSignedResponseAlg()), details.Username, userSession.AuthenticationMethodRefs.MarshalRFC8176(), extraClaims, userSession.LastAuthenticatedTime(), consent, requester)
+ session := oidc.NewSessionWithRequester(ctx, issuer, ctx.Providers.OpenIDConnect.KeyManager.GetKeyID(ctx, client.GetIDTokenSignedResponseKeyID(), client.GetIDTokenSignedResponseAlg()), details.Username, userSession.AuthenticationMethodRefs.MarshalRFC8176(), extra, userSession.LastAuthenticatedTime(), consent, requester, requests)
ctx.Logger.Tracef("Authorization Request with id '%s' on client with id '%s' using policy '%s' creating session for Authorization Response for subject '%s' with username '%s' with groups: %+v and claims: %+v",
requester.GetID(), session.ClientID, policy.Name, session.Subject, session.Username, userSession.Groups, session.Claims)