1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
package handlers
import (
"net/http"
"github.com/google/uuid"
"github.com/ory/fosite"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/oidc"
)
// OAuthIntrospectionPOST handles POST requests to the OAuth 2.0 Introspection endpoint.
//
// https://datatracker.ietf.org/doc/html/rfc7662
func OAuthIntrospectionPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request) {
var (
requestID uuid.UUID
responder fosite.IntrospectionResponder
err error
)
if requestID, err = uuid.NewRandom(); err != nil {
ctx.Providers.OpenIDConnect.WriteIntrospectionError(ctx, rw, fosite.ErrServerError)
return
}
oidcSession := oidc.NewSession()
ctx.Logger.Debugf("Introspection Request with id '%s' is being processed", requestID)
if responder, err = ctx.Providers.OpenIDConnect.NewIntrospectionRequest(ctx, req, oidcSession); err != nil {
rfc := fosite.ErrorToRFC6749Error(err)
ctx.Logger.Errorf("Introspection Request with id '%s' failed with error: %s", requestID, rfc.WithExposeDebug(true).GetDescription())
ctx.Providers.OpenIDConnect.WriteIntrospectionError(ctx, rw, err)
return
}
requester := responder.GetAccessRequester()
ctx.Logger.Tracef("Introspection Request with id '%s' yeilded a %s (active: %t) requested at %s created with request id '%s' on client with id '%s'", requestID, responder.GetTokenUse(), responder.IsActive(), requester.GetRequestedAt().String(), requester.GetID(), requester.GetClient().GetID())
ctx.Providers.OpenIDConnect.WriteIntrospectionResponse(ctx, rw, responder)
ctx.Logger.Debugf("Introspection Request with id '%s' was processed successfully", requestID)
}
|
