Add DPoP support for token handling #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enabled DPoP token request and verification within the OAuth2 workflow. Adjusted request headers and included new test cases to cover various DPoP scenarios.
Modified the OAuth2 authorization header to consistently use "Bearer" instead of dynamically setting the token type. This change ensures that all requests adhere to standard OAuth2 practices and resolves inconsistencies in authentication token handling.
reinkrul
reviewed
Nov 20, 2024
| response, err := client.RequestServiceAccessToken(httpRequest.Context(), o.NutsSubject, iam.RequestServiceAccessTokenJSONRequestBody{ | ||
| AuthorizationServer: authzServerURL.String(), | ||
| Credentials: &additionalCredentials, | ||
| Scope: scope, | ||
| TokenType: &tokenType, |
There was a problem hiding this comment.
now it ONLY supports DPoP, you probably want the client/application to be able to choose (and default to DPoP, but the Nuts node already does this). Probably creating the OAuth2TokenSource
reinkrul
requested changes
Nov 20, 2024
| var dPoPToken *string | ||
| if tokenType == iam.ServiceAccessTokenRequestTokenTypeDPoP { | ||
| if accessTokenResponse.JSON200.DpopKid == nil { | ||
| return nil, fmt.Errorf("type is DPoP but no DpopKid has been provided") |
There was a problem hiding this comment.
Suggested change
| return nil, fmt.Errorf("type is DPoP but no DpopKid has been provided") | |
| return nil, fmt.Errorf("type is DPoP but no dpop_kid has been provided") |
| return nil, err | ||
| } | ||
| if proofResponse.JSON200 == nil { | ||
| return nil, fmt.Errorf("failed service dpop response: %s", accessTokenResponse.HTTPResponse.Status) |
There was a problem hiding this comment.
Suggested change
| return nil, fmt.Errorf("failed service dpop response: %s", accessTokenResponse.HTTPResponse.Status) | |
| return nil, fmt.Errorf("failed service DPoP response: %s", accessTokenResponse.HTTPResponse.Status) |
This reverts commit d00ac73.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enabled DPoP token request and verification within the OAuth2 workflow. Adjusted request headers and included new test cases to cover various DPoP scenarios.