Add hints (#44)

mbilski · web-flow · commit 22b278a6829a · 2023-01-31T14:56:05.000+01:00
diff --git a/README.md b/README.md
@@ -73,7 +73,10 @@ The available flags are:
       --encryption-key string       path or url to encryption key in jwks format
       --grant-type string           grant type
   -h, --help                        help for oauthc
+      --id-token-hint string        id token hint
+      --idp-hint string             identity provider hint
       --insecure                    allow insecure connections
+      --login-hint string           user identifier hint
       --par                         enable pushed authorization requests (PAR)
       --password string             resource owner password credentials grant flow password
       --pkce                        enable proof key for code exchange (PKCE)
diff --git a/cmd/oauth2.go b/cmd/oauth2.go
@@ -66,6 +66,9 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().StringVar(&cconfig.SubjectTokenType, "subject-token-type", "", "third party token type")
 	cmd.PersistentFlags().StringVar(&cconfig.ActorToken, "actor-token", "", "acting party token")
 	cmd.PersistentFlags().StringVar(&cconfig.ActorTokenType, "actor-token-type", "", "acting party token type")
+	cmd.PersistentFlags().StringVar(&cconfig.IDTokenHint, "id-token-hint", "", "id token hint")
+	cmd.PersistentFlags().StringVar(&cconfig.LoginHint, "login-hint", "", "user identifier hint")
+	cmd.PersistentFlags().StringVar(&cconfig.IDPHint, "idp-hint", "", "identity provider hint")
 	cmd.PersistentFlags().StringVar(&cconfig.TLSCert, "tls-cert", "", "path to tls cert pem file")
 	cmd.PersistentFlags().StringVar(&cconfig.TLSKey, "tls-key", "", "path to tls key pem file")
 	cmd.PersistentFlags().StringVar(&cconfig.TLSRootCA, "tls-root-ca", "", "path to tls root ca pem file")
diff --git a/internal/oauth2/oauth2.go b/internal/oauth2/oauth2.go
@@ -77,6 +77,9 @@ type ClientConfig struct {
 	SubjectTokenType       string
 	ActorToken             string
 	ActorTokenType         string
+	IDTokenHint            string
+	LoginHint              string
+	IDPHint                string
 	TLSCert                string
 	TLSKey                 string
 	TLSRootCA              string
diff --git a/internal/oauth2/request.go b/internal/oauth2/request.go
@@ -50,6 +50,18 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 	}
 
+	if cconfig.IDTokenHint != "" {
+		r.Form.Set("id_token_hint", cconfig.IDTokenHint)
+	}
+
+	if cconfig.LoginHint != "" {
+		r.Form.Set("login_hint", cconfig.LoginHint)
+	}
+
+	if cconfig.IDPHint != "" {
+		r.Form.Set("idp_hint", cconfig.IDPHint)
+	}
+
 	if cconfig.PKCE {
 		codeVerifier = RandomString(CodeVerifierLength)
 
