Claims support (#54)

ikawalec · web-flow · commit a6f11eb89714 · 2023-05-08T11:15:40.000+02:00
diff --git a/cmd/oauth2.go b/cmd/oauth2.go
@@ -72,6 +72,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().BoolVar(&cconfig.Insecure, "insecure", false, "allow insecure connections")
 	cmd.PersistentFlags().BoolVarP(&silent, "silent", "s", false, "silent mode")
 	cmd.PersistentFlags().BoolVar(&cconfig.DPoP, "dpop", false, "use DPoP")
+	cmd.PersistentFlags().StringVar(&cconfig.Claims, "claims", "", "claims parameter")
 
 	return cmd
 }
diff --git a/docs/examples.md b/docs/examples.md
@@ -23,7 +23,8 @@ oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
   --response-mode query \
   --grant-type authorization_code \
   --auth-method client_secret_basic \
-  --scopes openid,email,offline_access
+  --scopes openid,offline_access \
+  --claims '{"id_token":{"email": {"essential": true}}}'
 ```
 </details>
 
diff --git a/internal/oauth2/oauth2.go b/internal/oauth2/oauth2.go
@@ -85,6 +85,7 @@ type ClientConfig struct {
 	TLSKey                 string
 	TLSRootCA              string
 	DPoP                   bool
+	Claims                 string
 }
 
 func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error) {
diff --git a/internal/oauth2/request.go b/internal/oauth2/request.go
@@ -76,6 +76,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("code_challenge_method", "S256")
 	}
 
+	if cconfig.Claims != "" {
+		r.Form.Set("claims", cconfig.Claims)
+	}
+
 	if cconfig.RequestObject || cconfig.EncryptedRequestObject {
 		claims := RequestObjectClaims(r.Form, sconfig, cconfig)
 

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {`
`72`	`72`	`cmd.PersistentFlags().BoolVar(&cconfig.Insecure, "insecure", false, "allow insecure connections")`
`73`	`73`	`cmd.PersistentFlags().BoolVarP(&silent, "silent", "s", false, "silent mode")`
`74`	`74`	`cmd.PersistentFlags().BoolVar(&cconfig.DPoP, "dpop", false, "use DPoP")`
	`75`	`+ cmd.PersistentFlags().StringVar(&cconfig.Claims, "claims", "", "claims parameter")`
`75`	`76`
`76`	`77`	`return cmd`
`77`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,7 @@ type ClientConfig struct {`
`85`	`85`	`TLSKey string`
`86`	`86`	`TLSRootCA string`
`87`	`87`	`DPoP bool`
	`88`	`+ Claims string`
`88`	`89`	`}`
`89`	`90`
`90`	`91`	`func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error) {`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,10 @@ func (r *Request) AuthorizeRequest(`
`76`	`76`	`r.Form.Set("code_challenge_method", "S256")`
`77`	`77`	`}`
`78`	`78`
	`79`	`+ if cconfig.Claims != "" {`
	`80`	`+ r.Form.Set("claims", cconfig.Claims)`
	`81`	`+ }`
	`82`	`+`
`79`	`83`	`if cconfig.RequestObject \|\| cconfig.EncryptedRequestObject {`
`80`	`84`	`claims := RequestObjectClaims(r.Form, sconfig, cconfig)`
`81`	`85`