Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 37 additions & 9 deletions Sources/OAuthenticator/Authenticator.swift
Original file line number Diff line number Diff line change
Expand Up @@ -308,20 +308,20 @@ extension Authenticator {
pcke: config.tokenHandling.pkce,
parRequestURI: parRequestURI,
stateToken: stateToken,
responseProvider: { try await self.dpopResponse(for: $0, login: nil) }
responseProvider: { try await self.dpopResponse(for: $0, login: nil, isAuthServer: true) }
)

let tokenURL = try await config.tokenHandling.authorizationURLProvider(authConfig)

let scheme = try config.appCredentials.callbackURLScheme

let callbackURL = try await userAuthenticator(tokenURL, scheme)
let callbackURL = try await userAuthenticator(tokenURL, scheme)

let params = TokenHandling.LoginProviderParameters(
authorizationURL: tokenURL,
credentials: config.appCredentials,
redirectURL: callbackURL,
responseProvider: { try await self.dpopResponse(for: $0, login: nil) },
responseProvider: { try await self.dpopResponse(for: $0, login: nil, isAuthServer: true) },
stateToken: stateToken,
pcke: config.tokenHandling.pkce
)
Expand All @@ -347,7 +347,11 @@ extension Authenticator {
}

do {
let login = try await refreshProvider(login, config.appCredentials, { try await self.dpopResponse(for: $0, login: nil) })
let login = try await refreshProvider(
login, config.appCredentials,
{
try await self.dpopResponse(for: $0, login: nil, isAuthServer: true)
})

try await storeLogin(login)

Expand All @@ -365,7 +369,7 @@ extension Authenticator {
}

let challenge = pkce.challenge
let scopes = config.appCredentials.scopes.joined(separator: " ")
let scopes = config.appCredentials.scopeString
let callbackURI = config.appCredentials.callbackURL
let clientId = config.appCredentials.clientId

Expand All @@ -391,7 +395,7 @@ extension Authenticator {

request.httpBody = Data(body.utf8)

let (parData, _) = try await dpopResponse(for: request, login: nil)
let (parData, _) = try await self.dpopResponse(for: request, login: nil, isAuthServer: true)

return try JSONDecoder().decode(PARResponse.self, from: parData)
}
Expand All @@ -412,7 +416,31 @@ extension Authenticator {
{ try await self.response(for: $0) }
}

private func dpopResponse(for request: URLRequest, login: Login?) async throws -> (Data, URLResponse) {
private func dpopResponse(for request: URLRequest, login: Login?) async throws -> (
Data, URLResponse
) {
var issuer: String? = nil
if let iss = login?.issuingServer {
issuer = URL(string: iss)?.origin
}

guard let requestOrigin = request.url?.origin else {
throw DPoPError.requestInvalid(request)
}

let isAuthServer = issuer == nil || issuer == requestOrigin
Comment thread
ThisIsMissEm marked this conversation as resolved.

return try await dpopResponse(
for: request,
login: login,
isAuthServer: isAuthServer
)
}

private func dpopResponse(for request: URLRequest, login: Login?, isAuthServer: Bool?)
async throws -> (Data, URLResponse)
{
print("Request: \(request.httpMethod!) - \(request.url?.absoluteString ?? "missing url")")
Comment thread
ThisIsMissEm marked this conversation as resolved.
guard let generator = config.tokenHandling.dpopJWTGenerator else {
return try await urlLoader(request)
}
Expand All @@ -430,8 +458,8 @@ extension Authenticator {
using: generator,
token: token,
tokenHash: tokenHash,
issuingServer: login?.issuingServer,
provider: urlLoader
isAuthServer: isAuthServer,
responseProvider: urlLoader
Comment thread
ThisIsMissEm marked this conversation as resolved.
)
}
}
Loading
Loading