mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-08 20:38:12 +02:00
Prototype device authorization flow (core)
This commit is contained in:
parent
4eda7479ce
commit
6d947ebd26
13 changed files with 331 additions and 24 deletions
55
pkg/identity/oidc/device_auth.go
Normal file
55
pkg/identity/oidc/device_auth.go
Normal file
|
@ -0,0 +1,55 @@
|
|||
package oidc
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
type UserDeviceAuthResponse struct {
|
||||
// UserCode is the code the user should enter at the verification uri
|
||||
UserCode string `json:"user_code"`
|
||||
// VerificationURI is where user should enter the user code
|
||||
VerificationURI string `json:"verification_uri"`
|
||||
// VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code.
|
||||
VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
|
||||
|
||||
// InitialRetryDelay is the duration in seconds the client must wait before
|
||||
// attempting to retry the request, after completing their sign-in.
|
||||
// This gives the server time to poll the identity provider for the results.
|
||||
InitialRetryDelay int64 `json:"initial_retry_delay,omitempty"`
|
||||
|
||||
// RetryToken should be sent on subsequent retries of the original request.
|
||||
RetryToken []byte `json:"retry_token,omitempty"`
|
||||
}
|
||||
|
||||
type RetryToken struct {
|
||||
DeviceCode string `json:"device_code"`
|
||||
NotBefore int64 `json:"not_before"`
|
||||
NotAfter int64 `json:"not_after"`
|
||||
}
|
||||
|
||||
func (rt RetryToken) AsDeviceAuthResponse() *oauth2.DeviceAuthResponse {
|
||||
return &oauth2.DeviceAuthResponse{
|
||||
DeviceCode: rt.DeviceCode,
|
||||
Expiry: time.Unix(0, rt.NotAfter),
|
||||
}
|
||||
}
|
||||
|
||||
func NewRetryToken(authResp *oauth2.DeviceAuthResponse) RetryToken {
|
||||
return RetryToken{
|
||||
DeviceCode: authResp.DeviceCode,
|
||||
NotBefore: time.Now().Add(time.Duration(authResp.Interval) * time.Second).UnixNano(),
|
||||
NotAfter: authResp.Expiry.UnixNano(),
|
||||
}
|
||||
}
|
||||
|
||||
func NewUserDeviceAuthResponse(authResp *oauth2.DeviceAuthResponse, retryTokenCiphertext []byte) UserDeviceAuthResponse {
|
||||
return UserDeviceAuthResponse{
|
||||
UserCode: authResp.UserCode,
|
||||
VerificationURI: authResp.VerificationURI,
|
||||
VerificationURIComplete: authResp.VerificationURIComplete,
|
||||
InitialRetryDelay: authResp.Interval,
|
||||
RetryToken: retryTokenCiphertext,
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue