diff options
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 55 |
1 files changed, 8 insertions, 47 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 5a34e5b72..d1c5b31b6 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] = | |||
168 | { | 168 | { |
169 | "display", | 169 | "display", |
170 | "prompt", | 170 | "prompt", |
171 | "max_age", | ||
172 | "ui_locales", | 171 | "ui_locales", |
173 | "response_mode", | 172 | "response_mode", |
174 | "id_token_hint", | 173 | "id_token_hint", |
@@ -1320,7 +1319,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1320 | int client_exists = GNUNET_NO; | 1319 | int client_exists = GNUNET_NO; |
1321 | struct MHD_Response *resp; | 1320 | struct MHD_Response *resp; |
1322 | char* code_output; | 1321 | char* code_output; |
1323 | json_t *root, *ticket_string, *nonce, *max_age; | 1322 | json_t *root; |
1323 | json_t *ticket_string; | ||
1324 | json_t *nonce; | ||
1324 | json_error_t error; | 1325 | json_error_t error; |
1325 | char *json_response; | 1326 | char *json_response; |
1326 | char *jwt_secret; | 1327 | char *jwt_secret; |
@@ -1515,7 +1516,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1515 | GNUNET_free(code_output); | 1516 | GNUNET_free(code_output); |
1516 | ticket_string = json_object_get (root, "ticket"); | 1517 | ticket_string = json_object_get (root, "ticket"); |
1517 | nonce = json_object_get (root, "nonce"); | 1518 | nonce = json_object_get (root, "nonce"); |
1518 | max_age = json_object_get (root, "max_age"); | ||
1519 | 1519 | ||
1520 | if(ticket_string == NULL && !json_is_string(ticket_string)) | 1520 | if(ticket_string == NULL && !json_is_string(ticket_string)) |
1521 | { | 1521 | { |
@@ -1557,9 +1557,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1557 | } | 1557 | } |
1558 | 1558 | ||
1559 | //create jwt | 1559 | //create jwt |
1560 | unsigned long long int expiration_time; | 1560 | struct GNUNET_TIME_Relative expiration_time; |
1561 | if ( GNUNET_OK | 1561 | if ( GNUNET_OK |
1562 | != GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin", | 1562 | != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin", |
1563 | "expiration_time", &expiration_time) ) | 1563 | "expiration_time", &expiration_time) ) |
1564 | { | 1564 | { |
1565 | GNUNET_free_non_null(user_psw); | 1565 | GNUNET_free_non_null(user_psw); |
@@ -1572,48 +1572,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1572 | } | 1572 | } |
1573 | 1573 | ||
1574 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | 1574 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1575 | //aud REQUIRED public key client_id must be there | 1575 | |
1576 | GNUNET_RECLAIM_ATTRIBUTE_list_add(cl, | ||
1577 | "aud", | ||
1578 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
1579 | client_id, | ||
1580 | strlen(client_id)); | ||
1581 | //exp REQUIRED time expired from config | ||
1582 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( | ||
1583 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | ||
1584 | expiration_time)); | ||
1585 | const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time); | ||
1586 | GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, | ||
1587 | "exp", | ||
1588 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
1589 | exp_time_string, | ||
1590 | strlen(exp_time_string)); | ||
1591 | //iat REQUIRED time now | ||
1592 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); | ||
1593 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); | ||
1594 | GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, | ||
1595 | "iat", | ||
1596 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
1597 | time_now_string, | ||
1598 | strlen(time_now_string)); | ||
1599 | //nonce only if nonce is provided | ||
1600 | if ( NULL != nonce && json_is_string(nonce) ) | ||
1601 | { | ||
1602 | GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, | ||
1603 | "nonce", | ||
1604 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
1605 | json_string_value(nonce), | ||
1606 | strlen(json_string_value(nonce))); | ||
1607 | } | ||
1608 | //auth_time only if max_age is provided | ||
1609 | if ( NULL != max_age && json_is_string(max_age) ) | ||
1610 | { | ||
1611 | GNUNET_RECLAIM_ATTRIBUTE_list_add (cl, | ||
1612 | "auth_time", | ||
1613 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
1614 | json_string_value(max_age), | ||
1615 | strlen(json_string_value(max_age))); | ||
1616 | } | ||
1617 | //TODO OPTIONAL acr,amr,azp | 1576 | //TODO OPTIONAL acr,amr,azp |
1618 | 1577 | ||
1619 | struct EgoEntry *ego_entry; | 1578 | struct EgoEntry *ego_entry; |
@@ -1652,6 +1611,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1652 | char *id_token = jwt_create_from_list(&ticket->audience, | 1611 | char *id_token = jwt_create_from_list(&ticket->audience, |
1653 | &pk, | 1612 | &pk, |
1654 | cl, | 1613 | cl, |
1614 | &expiration_time, | ||
1615 | (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL, | ||
1655 | jwt_secret); | 1616 | jwt_secret); |
1656 | 1617 | ||
1657 | //Create random access_token | 1618 | //Create random access_token |