Skip to content

Commit 2ec7a94

Browse files
hperlhperl
committed
feat: allow setting access token type in client
The access token type (`jwt` or `opaque`) can now be set in the client configuration. The value set here will overwrite the global value for all flows concerning that client.
1 parent f8d6542 commit 2ec7a94

File tree

61 files changed

+2459
-1574
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

61 files changed

+2459
-1574
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
.bin/
22
.idea/
3+
.vscode/
34
node_modules/
45
*.iml
56
*.exe

Makefile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,10 @@ quicktest:
9494
quicktest-hsm:
9595
docker build --progress=plain -f .docker/Dockerfile-hsm --target test-hsm .
9696

97+
.PHONY: refresh
98+
refresh:
99+
UPDATE_SNAPSHOTS=true go test -failfast -short -tags sqlite,json1 ./...
100+
97101
authors: # updates the AUTHORS file
98102
curl https://raw.githubusercontent.com/ory/ci/master/authors/authors.sh | env PRODUCT="Ory Hydra" bash
99103

client/.snapshots/TestHandler-common-case=create_clients-case=1-description=basic_dynamic_client_registration.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"error": "The request was malformed or contained invalid parameters",
3+
"error_description": "It is not allowed to choose your own OAuth2 Client secret."
4+
}

client/.snapshots/TestHandler-common-case=create_clients-case=10-description=empty_ID_succeeds.json

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"client_name": "",
3+
"client_secret": "averylongsecret",
4+
"redirect_uris": [
5+
"http://localhost:3000/cb"
6+
],
7+
"grant_types": null,
8+
"response_types": null,
9+
"scope": "offline_access offline openid",
10+
"audience": [],
11+
"owner": "",
12+
"policy_uri": "",
13+
"allowed_cors_origins": [],
14+
"tos_uri": "",
15+
"client_uri": "",
16+
"logo_uri": "",
17+
"contacts": null,
18+
"client_secret_expires_at": 0,
19+
"subject_type": "public",
20+
"jwks": {},
21+
"token_endpoint_auth_method": "client_secret_basic",
22+
"userinfo_signed_response_alg": "none",
23+
"metadata": {},
24+
"skip_consent": false,
25+
"authorization_code_grant_access_token_lifespan": null,
26+
"authorization_code_grant_id_token_lifespan": null,
27+
"authorization_code_grant_refresh_token_lifespan": null,
28+
"client_credentials_grant_access_token_lifespan": null,
29+
"implicit_grant_access_token_lifespan": null,
30+
"implicit_grant_id_token_lifespan": null,
31+
"jwt_bearer_grant_access_token_lifespan": null,
32+
"refresh_token_grant_id_token_lifespan": null,
33+
"refresh_token_grant_access_token_lifespan": null,
34+
"refresh_token_grant_refresh_token_lifespan": null
35+
}

client/.snapshots/TestHandler-common-case=create_clients-case=2-description=empty_ID_succeeds.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"client_name": "",
3+
"client_secret": "averylongsecret",
4+
"redirect_uris": [
5+
"http://localhost:3000/cb"
6+
],
7+
"grant_types": null,
8+
"response_types": null,
9+
"scope": "offline_access offline openid",
10+
"audience": [],
11+
"owner": "",
12+
"policy_uri": "",
13+
"allowed_cors_origins": [],
14+
"tos_uri": "",
15+
"client_uri": "",
16+
"logo_uri": "",
17+
"contacts": null,
18+
"client_secret_expires_at": 0,
19+
"subject_type": "public",
20+
"jwks": {},
21+
"token_endpoint_auth_method": "client_secret_basic",
22+
"userinfo_signed_response_alg": "none",
23+
"metadata": {},
24+
"authorization_code_grant_access_token_lifespan": null,
25+
"authorization_code_grant_id_token_lifespan": null,
26+
"authorization_code_grant_refresh_token_lifespan": null,
27+
"client_credentials_grant_access_token_lifespan": null,
28+
"implicit_grant_access_token_lifespan": null,
29+
"implicit_grant_id_token_lifespan": null,
30+
"jwt_bearer_grant_access_token_lifespan": null,
31+
"refresh_token_grant_id_token_lifespan": null,
32+
"refresh_token_grant_access_token_lifespan": null,
33+
"refresh_token_grant_refresh_token_lifespan": null
34+
}

client/.snapshots/TestHandler-common-case=create_clients-case=6-description=setting_access_token_strategy_fails.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"error": "The request was malformed or contained invalid parameters",
3+
"error_description": "It is not allowed to choose your own access token strategy."
4+
}

client/.snapshots/TestHandler-common-case=create_clients-case=7-description=basic_dynamic_client_registration.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"error": "The request was malformed or contained invalid parameters",
3+
"error_description": "It is not allowed to choose your own OAuth2 Client secret."
4+
}

client/.snapshots/TestHandler-common-case=create_clients-case=7-description=setting_skip_consent_fails_for_dynamic_registration.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"error": "invalid_request",
3+
"error_description": "'skip_consent' cannot be set for dynamic client registration"
4+
}

client/.snapshots/TestHandler-common-case=create_clients-case=8-description=empty_ID_succeeds.json

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
{
2+
"client_name": "",
3+
"client_secret": "averylongsecret",
4+
"redirect_uris": [
5+
"http://localhost:3000/cb"
6+
],
7+
"grant_types": null,
8+
"response_types": null,
9+
"scope": "offline_access offline openid",
10+
"audience": [],
11+
"owner": "",
12+
"policy_uri": "",
13+
"allowed_cors_origins": [],
14+
"tos_uri": "",
15+
"client_uri": "",
16+
"logo_uri": "",
17+
"contacts": null,
18+
"client_secret_expires_at": 0,
19+
"subject_type": "public",
20+
"jwks": {},
21+
"token_endpoint_auth_method": "client_secret_basic",
22+
"userinfo_signed_response_alg": "none",
23+
"metadata": {},
24+
"authorization_code_grant_access_token_lifespan": null,
25+
"authorization_code_grant_id_token_lifespan": null,
26+
"authorization_code_grant_refresh_token_lifespan": null,
27+
"client_credentials_grant_access_token_lifespan": null,
28+
"implicit_grant_access_token_lifespan": null,
29+
"implicit_grant_id_token_lifespan": null,
30+
"jwt_bearer_grant_access_token_lifespan": null,
31+
"refresh_token_grant_id_token_lifespan": null,
32+
"refresh_token_grant_access_token_lifespan": null,
33+
"refresh_token_grant_refresh_token_lifespan": null
34+
}

client/.snapshots/TestHandler-common-case=create_clients-case=8-description=setting_skip_consent_suceeds_for_admin_registration.json

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"client_name": "",
3+
"client_secret": "2SKZkBf2P5g4toAXXnCrr~_sDM",
4+
"redirect_uris": [
5+
"http://localhost:3000/cb"
6+
],
7+
"grant_types": null,
8+
"response_types": null,
9+
"scope": "offline_access offline openid",
10+
"audience": [],
11+
"owner": "",
12+
"policy_uri": "",
13+
"allowed_cors_origins": [],
14+
"tos_uri": "",
15+
"client_uri": "",
16+
"logo_uri": "",
17+
"contacts": null,
18+
"client_secret_expires_at": 0,
19+
"subject_type": "public",
20+
"jwks": {},
21+
"token_endpoint_auth_method": "client_secret_basic",
22+
"userinfo_signed_response_alg": "none",
23+
"metadata": {},
24+
"skip_consent": true,
25+
"authorization_code_grant_access_token_lifespan": null,
26+
"authorization_code_grant_id_token_lifespan": null,
27+
"authorization_code_grant_refresh_token_lifespan": null,
28+
"client_credentials_grant_access_token_lifespan": null,
29+
"implicit_grant_access_token_lifespan": null,
30+
"implicit_grant_id_token_lifespan": null,
31+
"jwt_bearer_grant_access_token_lifespan": null,
32+
"refresh_token_grant_id_token_lifespan": null,
33+
"refresh_token_grant_access_token_lifespan": null,
34+
"refresh_token_grant_refresh_token_lifespan": null
35+
}

0 commit comments

Comments
 (0)