Request acr_values for authorization flow (#73)

ikawalec · mbilski · web-flow · commit f0e3ec8b1014 · 2023-09-15T12:47:15.000+02:00
Co-authored-by: Mateusz Bilski &lt;mateusz.bilski@gmail.com&gt;
diff --git a/cmd/log.go b/cmd/log.go
@@ -92,6 +92,7 @@ func LogInputData(cc oauth2.ClientConfig) {
 		{"Grant type", cc.GrantType},
 		{"Auth method", cc.AuthMethod},
 		{"Scopes", strings.Join(cc.Scopes, ", ")},
+		{"ACR Values", strings.Join(cc.ACRValues, ", ")},
 		{"Audience", strings.Join(cc.Audience, ", ")},
 		{"Response types", strings.Join(cc.ResponseType, ", ")},
 		{"Response mode", cc.ResponseMode},
diff --git a/cmd/oauth2.go b/cmd/oauth2.go
@@ -77,6 +77,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().BoolVar(&cconfig.DPoP, "dpop", false, "use DPoP")
 	cmd.PersistentFlags().StringVar(&cconfig.Claims, "claims", "", "use claims")
 	cmd.PersistentFlags().StringVar(&cconfig.RAR, "rar", "", "use rich authorization request (RAR)")
+	cmd.PersistentFlags().StringSliceVar(&cconfig.ACRValues, "acr-values", []string{}, "ACR values")
 
 	return cmd
 }
diff --git a/internal/oauth2/oauth2.go b/internal/oauth2/oauth2.go
@@ -60,6 +60,7 @@ type ClientConfig struct {
 	ClientID               string
 	ClientSecret           string
 	Scopes                 []string
+	ACRValues              []string
 	Audience               []string
 	AuthMethod             string
 	PKCE                   bool
diff --git a/internal/oauth2/request.go b/internal/oauth2/request.go
@@ -49,6 +49,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 	}
 
+	if len(cconfig.ACRValues) > 0 {
+		r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))
+	}
+
 	if len(cconfig.Audience) > 0 {
 		r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
 	}
@@ -121,6 +125,10 @@ func (r *Request) AuthorizeRequest(
 			r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 		}
 
+		if len(cconfig.ACRValues) > 0 {
+			r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))
+		}
+
 		if len(cconfig.Audience) > 0 {
 			r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
 		}

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {`
`77`	`77`	`cmd.PersistentFlags().BoolVar(&cconfig.DPoP, "dpop", false, "use DPoP")`
`78`	`78`	`cmd.PersistentFlags().StringVar(&cconfig.Claims, "claims", "", "use claims")`
`79`	`79`	`cmd.PersistentFlags().StringVar(&cconfig.RAR, "rar", "", "use rich authorization request (RAR)")`
	`80`	`+ cmd.PersistentFlags().StringSliceVar(&cconfig.ACRValues, "acr-values", []string{}, "ACR values")`
`80`	`81`
`81`	`82`	`return cmd`
`82`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,10 @@ func (r *Request) AuthorizeRequest(`
`49`	`49`	`r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))`
`50`	`50`	`}`
`51`	`51`
	`52`	`+ if len(cconfig.ACRValues) > 0 {`
	`53`	`+ r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))`
	`54`	`+ }`
	`55`	`+`
`52`	`56`	`if len(cconfig.Audience) > 0 {`
`53`	`57`	`r.Form.Set("audience", strings.Join(cconfig.Audience, " "))`
`54`	`58`	`}`
`@@ -121,6 +125,10 @@ func (r *Request) AuthorizeRequest(`
`121`	`125`	`r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))`
`122`	`126`	`}`
`123`	`127`
	`128`	`+ if len(cconfig.ACRValues) > 0 {`
	`129`	`+ r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))`
	`130`	`+ }`
	`131`	`+`
`124`	`132`	`if len(cconfig.Audience) > 0 {`
`125`	`133`	`r.Form.Set("audience", strings.Join(cconfig.Audience, " "))`
`126`	`134`	`}`