3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-09 12:58:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

Prototype device authorization flow (core)

Browse source
This commit is contained in:
Joe Kralicky 2024-05-16 16:47:02 -04:00
parent 4eda7479ce
commit 6d947ebd26
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
13 changed files with 331 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

55
pkg/identity/oidc/device_auth.go Normal file
View file

@ -0,0 +1,55 @@
package oidc
import (
"time"
"golang.org/x/oauth2"
)
type UserDeviceAuthResponse struct {
// UserCode is the code the user should enter at the verification uri
UserCode string `json:"user_code"`
// VerificationURI is where user should enter the user code
VerificationURI string `json:"verification_uri"`
// VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code.
VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
// InitialRetryDelay is the duration in seconds the client must wait before
// attempting to retry the request, after completing their sign-in.
// This gives the server time to poll the identity provider for the results.
InitialRetryDelay int64 `json:"initial_retry_delay,omitempty"`
// RetryToken should be sent on subsequent retries of the original request.
RetryToken []byte `json:"retry_token,omitempty"`
}
type RetryToken struct {
DeviceCode string `json:"device_code"`
NotBefore int64 `json:"not_before"`
NotAfter int64 `json:"not_after"`
}
func (rt RetryToken) AsDeviceAuthResponse() *oauth2.DeviceAuthResponse {
return &oauth2.DeviceAuthResponse{
DeviceCode: rt.DeviceCode,
Expiry: time.Unix(0, rt.NotAfter),
}
}
func NewRetryToken(authResp *oauth2.DeviceAuthResponse) RetryToken {
return RetryToken{
DeviceCode: authResp.DeviceCode,
NotBefore: time.Now().Add(time.Duration(authResp.Interval) * time.Second).UnixNano(),
NotAfter: authResp.Expiry.UnixNano(),
}
}
func NewUserDeviceAuthResponse(authResp *oauth2.DeviceAuthResponse, retryTokenCiphertext []byte) UserDeviceAuthResponse {
return UserDeviceAuthResponse{
UserCode: authResp.UserCode,
VerificationURI: authResp.VerificationURI,
VerificationURIComplete: authResp.VerificationURIComplete,
InitialRetryDelay: authResp.Interval,
RetryToken: retryTokenCiphertext,
}
}