aboutsummaryrefslogtreecommitdiff
path: root/src/identity-provider/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/identity-provider/plugin_rest_openid_connect.c')
-rw-r--r--src/identity-provider/plugin_rest_openid_connect.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/identity-provider/plugin_rest_openid_connect.c
index 9c2f7fb3d..cc4b83dae 100644
--- a/src/identity-provider/plugin_rest_openid_connect.c
+++ b/src/identity-provider/plugin_rest_openid_connect.c
@@ -1412,6 +1412,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1412 json_t *root, *ticket_string, *nonce, *max_age; 1412 json_t *root, *ticket_string, *nonce, *max_age;
1413 json_error_t error; 1413 json_error_t error;
1414 char *json_response; 1414 char *json_response;
1415 char *jwt_secret;
1415 1416
1416 /* 1417 /*
1417 * Check Authorization 1418 * Check Authorization
@@ -1447,7 +1448,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1447 GNUNET_SCHEDULER_add_now (&do_error, handle); 1448 GNUNET_SCHEDULER_add_now (&do_error, handle);
1448 return; 1449 return;
1449 } 1450 }
1450 GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw); 1451 GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), (void**)&user_psw);
1451 1452
1452 if ( NULL == user_psw ) 1453 if ( NULL == user_psw )
1453 { 1454 {
@@ -1598,7 +1599,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1598 } 1599 }
1599 1600
1600 //decode code 1601 //decode code
1601 GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); 1602 GNUNET_STRINGS_base64_decode(code,strlen(code), (void**)&code_output);
1602 root = json_loads (code_output, 0, &error); 1603 root = json_loads (code_output, 0, &error);
1603 GNUNET_free(code_output); 1604 GNUNET_free(code_output);
1604 ticket_string = json_object_get (root, "ticket"); 1605 ticket_string = json_object_get (root, "ticket");
@@ -1717,15 +1718,32 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1717 { 1718 {
1718 GNUNET_free_non_null(user_psw); 1719 GNUNET_free_non_null(user_psw);
1719 handle->emsg = GNUNET_strdup("invalid_request"); 1720 handle->emsg = GNUNET_strdup("invalid_request");
1720 handle->edesc = GNUNET_strdup("invalid code...."); 1721 handle->edesc = GNUNET_strdup("invalid code...");
1721 handle->response_code = MHD_HTTP_BAD_REQUEST; 1722 handle->response_code = MHD_HTTP_BAD_REQUEST;
1722 GNUNET_SCHEDULER_add_now (&do_error, handle); 1723 GNUNET_SCHEDULER_add_now (&do_error, handle);
1723 GNUNET_free(ticket); 1724 GNUNET_free(ticket);
1724 return; 1725 return;
1725 } 1726 }
1727 if ( GNUNET_OK
1728 != GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
1729 "jwt_secret", &jwt_secret) )
1730 {
1731 GNUNET_free_non_null(user_psw);
1732 handle->emsg = GNUNET_strdup("invalid_request");
1733 handle->edesc = GNUNET_strdup("No signing secret configured!");
1734 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
1735 GNUNET_SCHEDULER_add_now (&do_error, handle);
1736 GNUNET_free(ticket);
1737 return;
1738 }
1739 struct GNUNET_CRYPTO_AuthKey jwt_sign_key;
1740 struct GNUNET_CRYPTO_EcdsaPublicKey pk;
1741 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk);
1742 GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key);
1726 char *id_token = jwt_create_from_list(&ticket->audience, 1743 char *id_token = jwt_create_from_list(&ticket->audience,
1744 &pk,
1727 cl, 1745 cl,
1728 GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego)); 1746 &jwt_sign_key);
1729 1747
1730 //Create random access_token 1748 //Create random access_token
1731 char* access_token_number; 1749 char* access_token_number;
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 20:05:00 +0000