Add audience flag (#60)

Author: mbilski

README.md

@@ -76,7 +76,9 @@ The available flags are:
       --actor-token string          acting party token
       --actor-token-type string     acting party token type
       --assertion string            claims for jwt bearer assertion
+      --audience strings            requested audience
       --auth-method string          token endpoint authentication method
+      --claims string               claims parameter
       --client-id string            client identifier
       --client-secret string        client secret
       --dpop                        use DPoP

cmd/log.go

@@ -92,6 +92,7 @@ func LogInputData(cc oauth2.ClientConfig) {
 		{"Grant type", cc.GrantType},
 		{"Auth method", cc.AuthMethod},
 		{"Scopes", strings.Join(cc.Scopes, ", ")},
+		{"Audience", strings.Join(cc.Audience, ", ")},
 		{"Response types", strings.Join(cc.ResponseType, ", ")},
 		{"Response mode", cc.ResponseMode},
 		{"PKCE", strconv.FormatBool(cc.PKCE)},

cmd/oauth2.go

@@ -52,6 +52,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().StringSliceVar(&cconfig.ResponseType, "response-types", []string{""}, "response type")
 	cmd.PersistentFlags().StringVar(&cconfig.ResponseMode, "response-mode", "", "response mode")
 	cmd.PersistentFlags().StringSliceVar(&cconfig.Scopes, "scopes", []string{}, "requested scopes")
+	cmd.PersistentFlags().StringSliceVar(&cconfig.Audience, "audience", []string{}, "requested audience")
 	cmd.PersistentFlags().BoolVar(&cconfig.PKCE, "pkce", false, "enable proof key for code exchange (PKCE)")
 	cmd.PersistentFlags().BoolVar(&cconfig.PAR, "par", false, "enable pushed authorization requests (PAR)")
 	cmd.PersistentFlags().BoolVar(&cconfig.RequestObject, "request-object", false, "pass request parameters as jwt")

internal/oauth2/oauth2.go

@@ -60,6 +60,7 @@ type ClientConfig struct {
 	ClientID               string
 	ClientSecret           string
 	Scopes                 []string
+	Audience               []string
 	AuthMethod             string
 	PKCE                   bool
 	PAR                    bool
@@ -359,8 +360,14 @@ func RequestToken(
 	}
 
 	switch cconfig.GrantType {
-	case ClientCredentialsGrantType, PasswordGrantType, RefreshTokenGrantType, JWTBearerGrantType:
-		request.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
+	case ClientCredentialsGrantType, PasswordGrantType, RefreshTokenGrantType, JWTBearerGrantType, TokenExchangeGrantType:
+		if len(cconfig.Scopes) > 0 {
+			request.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
+		}
+
+		if len(cconfig.Audience) > 0 {
+			request.Form.Set("audience", strings.Join(cconfig.Audience, " "))
+		}
 	}
 
 	switch cconfig.GrantType {

internal/oauth2/oauth2_device.go

@@ -32,6 +32,10 @@ func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconf
 		request.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 	}
 
+	if len(cconfig.Audience) > 0 {
+		request.Form.Set("audience", strings.Join(cconfig.Audience, " "))
+	}
+
 	if req, err = http.NewRequestWithContext(
 		ctx,
 		http.MethodPost,

internal/oauth2/request.go

@@ -49,6 +49,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 	}
 
+	if len(cconfig.Audience) > 0 {
+		r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
+	}
+
 	if cconfig.IDTokenHint != "" {
 		r.Form.Set("id_token_hint", cconfig.IDTokenHint)
 	}
@@ -112,6 +116,10 @@ func (r *Request) AuthorizeRequest(
 		if len(cconfig.Scopes) > 0 {
 			r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 		}
+
+		if len(cconfig.Audience) > 0 {
+			r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
+		}
 	}
 
 	if cconfig.DPoP {