oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard

Published 20 hours ago verified publisher icon golang

custom exchange request attribute/header

Open lunicon opened this issue 3 years ago • 3 comments

Cant send extra attribute in password grant

config.PasswordCredentialsToken(ctx, username, password)

So, we have to use Echange to send client_ip

token, err = config.Exchange(ctx, "",
  oauth2.SetAuthURLParam("grant_type", "password"),
  oauth2.SetAuthURLParam("username", username),
  oauth2.SetAuthURLParam("password", password),
  oauth2.SetAuthURLParam("scope", strings.Join(config.Scopes, " ")),
  oauth2.SetAuthURLParam("client_ip", clientIP))

I made http middleware which convert basic authentication to openid token for temporary backward compatibility server extention read clientIP from attribute.

Server support forwarded request https://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/clustering/load-balancer.adoc But I have no idea how to set exchange request headers

req.Header.Set("X-Forwarded-Proto", "https"); req.Header.Set("X-Forwarded-For", clientIP);

lunicon avatar Dec 30 '21 09:12 lunicon

+1 for this request. Required for polestar api. Some similarity to https://github.com/golang/oauth2/issues/483

andig avatar Sep 23 '22 18:09 andig

The main point for doing this from my pov is that the oauth2.Token itself cannot be unmarshaled from a JSON structure since expires_in doesn't map to expiry. This forces every library to implement its own Token structure.

andig avatar Jul 17 '23 18:07 andig

+1 for this, auth0 requires the audience url value to be present or else returns malformed tokens

lrascao avatar Jan 25 '24 16:01 lrascao