mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-25 21:48:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

forward basic auth to OpenID connect token authentication endpoint

Browse Source 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
This commit is contained in:
Jörn Friedrich Dreyer
2021-05-28 14:59:17 +00:00
parent d6a3da57c6
commit c3951d67c8
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
proxy/pkg/middleware/basic_auth.go
+7 -1
View File
@@ -31,7 +31,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, req *http.Request) {
if h.isPublicLink(req) || !h.isBasicAuth(req) {
if h.isPublicLink(req) || !h.isBasicAuth(req) || h.isOIDCTokenAuth(req) {
if !h.isPublicLink(req) {
userAgentAuthenticateLockIn(w, req, options.CredentialsByUserAgent, "basic")
}
@@ -107,6 +107,12 @@ func (m basicAuth) isPublicLink(req *http.Request) bool {
return ok && login == "public" && strings.HasPrefix(req.URL.Path, publicFilesEndpoint)
}
// The token auth endpoint uses basic auth for clients, see https://openid.net/specs/openid-connect-basic-1_0.html#TokenRequest
// > The Client MUST authenticate to the Token Endpoint using the HTTP Basic method, as described in 2.3.1 of OAuth 2.0.
func (m basicAuth) isOIDCTokenAuth(req *http.Request) bool {
return req.URL.Path == "/konnect/v1/token"
}
func (m basicAuth) isBasicAuth(req *http.Request) bool {
_, _, ok := req.BasicAuth()
return m.enabled && ok