From 5c1f4a3a5f09bdb9d56e4750eaea3a312d7f4184 Mon Sep 17 00:00:00 2001 From: msroz Date: Mon, 5 Aug 2024 08:37:24 +0900 Subject: [PATCH] feat: support prompt=create --- consent/strategy_default.go | 2 +- oauth2/handler.go | 6 ++++++ oauth2/oauth2_auth_code_test.go | 21 +++++++++++++++++++++ spec/config.json | 2 +- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 117fba92548..be2c0cf659f 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -280,7 +280,7 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht } var baseURL *url.URL - if stringslice.Has(prompt, "registration") { + if stringslice.Has(prompt, "registration") || stringslice.Has(prompt, "create") { baseURL = s.c.RegistrationURL(ctx) } else { baseURL = s.c.LoginURL(ctx) diff --git a/oauth2/handler.go b/oauth2/handler.go index abbae730d9a..9b275701182 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -427,6 +427,11 @@ type oidcConfiguration struct { // // JSON array containing a list of the Verifiable Credentials supported by this authorization server. CredentialsSupportedDraft00 []CredentialSupportedDraft00 `json:"credentials_supported_draft_00"` + + // Initiating User Registration via OpenID Connect 1.0 + // + // JSON array containing the list of prompt values that this OP supports. + PromptValuesSupported []string `json:"prompt_values_supported"` } // Verifiable Credentials Metadata (Draft 00) @@ -521,6 +526,7 @@ func (h *Handler) discoverOidcConfiguration(w http.ResponseWriter, r *http.Reque "EdDSA", }, }}, + PromptValuesSupported: []string{"none", "login", "consent", "select_account", "create"}, }) } diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index aa6934062ed..bf434bdc779 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -648,6 +648,27 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { assertIDToken(t, token, conf, subject, nonce, time.Now().Add(reg.Config().GetIDTokenLifespan(ctx))) }) + t.Run("case=perform flow with prompt=create", func(t *testing.T) { + c, conf := newOAuth2Client(t, reg, testhelpers.NewCallbackURL(t, "callback", testhelpers.HTTPServerNotImplementedHandler)) + + regUI := httptest.NewServer(acceptLoginHandler(t, c, subject, nil)) + t.Cleanup(regUI.Close) + reg.Config().MustSet(ctx, config.KeyRegistrationURL, regUI.URL) + + testhelpers.NewLoginConsentUI(t, reg.Config(), + nil, + acceptConsentHandler(t, c, subject, nil)) + + code, _ := getAuthorizeCode(t, conf, nil, + oauth2.SetAuthURLParam("prompt", "create"), + oauth2.SetAuthURLParam("nonce", nonce)) + require.NotEmpty(t, code) + + token, err := conf.Exchange(context.Background(), code) + require.NoError(t, err) + + assertIDToken(t, token, conf, subject, nonce, time.Now().Add(reg.Config().GetIDTokenLifespan(ctx))) + }) t.Run("case=perform flow with audience", func(t *testing.T) { expectAud := "https://api.ory.sh/" diff --git a/spec/config.json b/spec/config.json index 9899db71df0..0a8052ccea7 100644 --- a/spec/config.json +++ b/spec/config.json @@ -778,7 +778,7 @@ }, "registration": { "type": "string", - "description": "Sets the OAuth2 Registration Endpoint URL of the OAuth2 User Login & Consent flow. Defaults to the same value as `login`. The registration URL is used if the authorization request was started with the `prompt=registration` parameter.", + "description": "Sets the OAuth2 Registration Endpoint URL of the OAuth2 User Login & Consent flow. Defaults to the same value as `login`. The registration URL is used if the authorization request was started with the `prompt=registration` or `prompt=create` parameter.", "format": "uri-reference", "examples": [ "https://my-login.app/registration",