forked from
anirudh.fi/atproto-oauth
this repo has no description
rename method
+15
-15
+15
-15
oauth.go
+15
-15
oauth.go
···
70
70
}, nil
71
71
}
72
72
73
-
func (o *OauthClient) ResolvePDSAuthServer(ctx context.Context, ustr string) (string, error) {
73
+
func (c *OauthClient) ResolvePDSAuthServer(ctx context.Context, ustr string) (string, error) {
74
74
u, err := isSafeAndParsed(ustr)
75
75
if err != nil {
76
76
return "", err
···
83
83
return "", fmt.Errorf("error creating request for oauth protected resource: %w", err)
84
84
}
85
85
86
-
resp, err := o.h.Do(req)
86
+
resp, err := c.h.Do(req)
87
87
if err != nil {
88
88
return "", fmt.Errorf("could not get response from server: %w", err)
89
89
}
···
111
111
return resource.AuthorizationServers[0], nil
112
112
}
113
113
114
-
func (o *OauthClient) FetchAuthServerMetadata(ctx context.Context, ustr string) (any, error) {
114
+
func (c *OauthClient) FetchAuthServerMetadata(ctx context.Context, ustr string) (any, error) {
115
115
u, err := isSafeAndParsed(ustr)
116
116
if err != nil {
117
117
return nil, err
···
124
124
return nil, fmt.Errorf("error creating request to fetch auth metadata: %w", err)
125
125
}
126
126
127
-
resp, err := o.h.Do(req)
127
+
resp, err := c.h.Do(req)
128
128
if err != nil {
129
129
return nil, fmt.Errorf("error getting response for auth metadata: %w", err)
130
130
}
···
152
152
return metadata, nil
153
153
}
154
154
155
-
func (o *OauthClient) ClientAssertionJwt(authServerUrl string) (string, error) {
155
+
func (c *OauthClient) ClientAssertionJwt(authServerUrl string) (string, error) {
156
156
claims := jwt.MapClaims{
157
-
"iss": o.clientId,
158
-
"sub": o.clientId,
157
+
"iss": c.clientId,
158
+
"sub": c.clientId,
159
159
"aud": authServerUrl,
160
160
"jti": uuid.NewString(),
161
161
"iat": time.Now().Unix(),
162
162
}
163
163
164
164
token := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
165
-
token.Header["kid"] = o.clientKid
165
+
token.Header["kid"] = c.clientKid
166
166
167
-
tokenString, err := token.SignedString(o.clientPrivateKey)
167
+
tokenString, err := token.SignedString(c.clientPrivateKey)
168
168
if err != nil {
169
169
return "", err
170
170
}
···
172
172
return tokenString, nil
173
173
}
174
174
175
-
func (o *OauthClient) AuthServerDpopJwt(method, url, nonce string, privateJwk jwk.Key) (string, error) {
175
+
func (c *OauthClient) AuthServerDpopJwt(method, url, nonce string, privateJwk jwk.Key) (string, error) {
176
176
raw, err := jwk.PublicKeyOf(privateJwk)
177
177
if err != nil {
178
178
return "", err
···
225
225
return tokenString, nil
226
226
}
227
227
228
-
func (o *OauthClient) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key) (any, error) {
228
+
func (c *OauthClient) SendParAuthRequest(ctx context.Context, authServerUrl string, authServerMeta *OauthAuthorizationMetadata, loginHint, scope string, dpopPrivateKey jwk.Key) (any, error) {
229
229
if authServerMeta == nil {
230
230
return nil, fmt.Errorf("nil metadata provided")
231
231
}
···
245
245
codeChallenge := generateCodeChallenge(pkceVerifier)
246
246
codeChallengeMethod := "S256"
247
247
248
-
clientAssertion, err := o.ClientAssertionJwt(authServerUrl)
248
+
clientAssertion, err := c.ClientAssertionJwt(authServerUrl)
249
249
if err != nil {
250
250
return nil, err
251
251
}
252
252
253
253
// TODO: ??
254
254
nonce := ""
255
-
dpopProof, err := o.AuthServerDpopJwt("POST", parUrl, nonce, dpopPrivateKey)
255
+
dpopProof, err := c.AuthServerDpopJwt("POST", parUrl, nonce, dpopPrivateKey)
256
256
if err != nil {
257
257
return nil, err
258
258
}
···
261
261
"response_type": "code",
262
262
"code_challenge": codeChallenge,
263
263
"code_challenge_method": codeChallengeMethod,
264
-
"client_id": o.clientId,
264
+
"client_id": c.clientId,
265
265
"state": state,
266
-
"redirect_uri": o.redirectUri,
266
+
"redirect_uri": c.redirectUri,
267
267
"scope": scope,
268
268
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
269
269
"client_assertion": clientAssertion,