3.4.0: support client credentials grant type

zandbelt · zandbelt · commit 7db9cc1c3f40 · 2023-12-06T15:43:16.000+01:00
depend on liboauth &gt;= 1.6.0

Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+12/06/2023
+- add support for the client credentials grant type
+- depend on liboauth >= 1.6.0
+- release 3.4.0
+
 03/08/2023
 - move repo to OpenIDC github organization
 
diff --git a/Makefile.am b/Makefile.am
@@ -23,6 +23,7 @@ lib_LTLIBRARIES = @PACKAGE_NAME@.la
 	src/liboauth2-sts/src/sts.c \
 	src/liboauth2-sts/src/wstrust.c \
 	src/liboauth2-sts/src/ropc.c \
+	src/liboauth2-sts/src/cc.c \
 	src/liboauth2-sts/src/otx.c \
 	src/@PACKAGE_NAME@.c \
 	src/@PACKAGE_NAME@_modules.c
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ WS-Trust STS with HTTP Basic authentication and setting the target token in a co
             STSVariables $source_token $wst_target_token;
             
             proxy_set_header Cookie STS_COOKIE=$wst_target_token;
-            proxy_pass http://echo:8080/headers$is_args$args;
+            proxy_pass http://echo:8080$is_args$args;            
         }
 ```
 
@@ -33,7 +33,22 @@ OAuth 2.0 Resource Owner Password Credentials based Token Exchange with `client_
             STSVariables $source_token $ropc_target_token;
             
             proxy_set_header Cookie STS_COOKIE=$ropc_target_token;
-            proxy_pass http://echo:8080/headers$is_args$args;            
+            proxy_pass http://echo:8080$is_args$args;            
+        }
+```
+
+OAuth 2.0 Client Credentials based token retrieval with `client_secret_basic` authentication.
+
+```nginx
+        location /sts/cc {        
+			STSExchange cc https://keycloak:8443/realms/master/protocol/openid-connect/token
+				auth=client_secret_basic&client_id=cc_client&client_secret=mysecret&ssl_verify=false;
+          
+            set $dummy_variable "notempty";
+            STSVariables $dummy_variable $cc_target_token;
+            
+            proxy_set_header Authorization "bearer $cc_target_token";
+            proxy_pass http://echo:8080$is_args$args;            
         }
 ```
 
@@ -47,7 +62,7 @@ OAuth 2.0 Token Exchange with `client_secret_basic` authentication.
             STSVariables $source_token $otx_target_token;
             
             proxy_set_header Cookie STS_COOKIE=$otx_target_token;
-            proxy_pass http://echo:8080/headers$is_args$args;            
+            proxy_pass http://echo:8080$is_args$args;            
         }        
 ```
 
diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([ngx_sts_module],[3.3.0],[hans.zandbelt@openidc.com])
+AC_INIT([ngx_sts_module],[3.4.0],[hans.zandbelt@openidc.com])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -25,11 +25,11 @@ AM_CONDITIONAL(HAVE_NGINX, [test x"$have_nginx" = "xyes"])
 AC_SUBST(NGINX_CFLAGS)
 AC_SUBST(NGINX_LIBS)
 
-PKG_CHECK_MODULES(OAUTH2, [liboauth2 >= 1.4.5.2])
+PKG_CHECK_MODULES(OAUTH2, [liboauth2 >= 1.6.0])
 AC_SUBST(OAUTH2_CFLAGS)
 AC_SUBST(OAUTH2_LIBS)
 
-PKG_CHECK_MODULES(OAUTH2_NGINX, [liboauth2_nginx >= 1.4.5.2])
+PKG_CHECK_MODULES(OAUTH2_NGINX, [liboauth2_nginx >= 1.6.0])
 AC_SUBST(OAUTH2_NGINX_CFLAGS)
 AC_SUBST(OAUTH2_NGINX_LIBS)
 
diff --git a/src/liboauth2-sts b/src/liboauth2-sts
@@ -1 +1 @@
-Subproject commit 74c96b99b9bf77f3439704ca4a542d7398314197
+Subproject commit cb68435f7235f24ebe8a992d12d7a8a0bb1072b6
