Prototype device authorization flow (core)

2025-07-16 00:06:31 +02:00 · 2024-05-16 16:47:02 -04:00 · 2024-05-16 16:47:02 -04:00 · 6d947ebd26
commit 6d947ebd26
parent 4eda7479ce
13 changed files with 331 additions and 24 deletions
--- a/proxy/handlers.go
+++ b/proxy/handlers.go
@ -39,6 +39,10 @@ func (p *Proxy) registerDashboardHandlers(r *mux.Router) *mux.Router {
 		Queries(urlutil.QueryRedirectURI, "").
 		Methods(http.MethodGet)

+	a.Path("/v1/device_auth").Handler(httputil.HandlerFunc(p.DeviceAuthLogin)).
+		Queries(urlutil.QueryDeviceAuthRouteURI, "").
+		Methods(http.MethodGet, http.MethodPost)
+
 	return r
 }

@ -136,6 +140,30 @@ func (p *Proxy) ProgrammaticLogin(w http.ResponseWriter, r *http.Request) error
 	return nil
 }

+func (p *Proxy) DeviceAuthLogin(w http.ResponseWriter, r *http.Request) error {
+	state := p.state.Load()
+	options := p.currentOptions.Load()
+
+	params := url.Values{}
+	routeUri, err := urlutil.ParseAndValidateURL(r.FormValue(urlutil.QueryDeviceAuthRouteURI))
+	if err != nil {
+		return httputil.NewError(http.StatusBadRequest, err)
+	}
+	params.Set(urlutil.QueryDeviceAuthRouteURI, routeUri.String())
+
+	idp, err := options.GetIdentityProviderForRequestURL(routeUri.String())
+	if err != nil {
+		return httputil.NewError(http.StatusInternalServerError, err)
+	}
+	params.Set(urlutil.QueryIdentityProviderID, idp.Id)
+
+	if retryToken := r.FormValue(urlutil.QueryDeviceAuthRetryToken); retryToken != "" {
+		params.Set(urlutil.QueryDeviceAuthRetryToken, retryToken)
+	}
+
+	return state.authenticateFlow.AuthenticateDeviceCode(w, r, params)
+}
+
 // jwtAssertion returns the current request's JWT assertion (rfc7519#section-10.3.1).
 func (p *Proxy) jwtAssertion(w http.ResponseWriter, r *http.Request) error {
 	rawAssertionJWT := r.Header.Get(httputil.HeaderPomeriumJWTAssertion)