Validate required fields

auth0 · Dec 8, 2023 · 65a3389 · 65a3389
1 parent 5083ec3
commit 65a3389
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/authentication/oauth.go b/authentication/oauth.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -212,6 +213,15 @@ func (o *OAuth) RevokeRefreshToken(ctx context.Context, body oauth.RevokeRefresh
 //
 // See: https://www.rfc-editor.org/rfc/rfc9126.html
 func (o *OAuth) PushedAuthorization(ctx context.Context, body oauth.PushedAuthorizationRequest, opts ...RequestOption) (p *oauth.PushedAuthorizationRequestResponse, err error) {
+	missing := []string{}
+	check(&missing, "ClientID", (body.ClientID != "" || o.authentication.clientID != ""))
+	check(&missing, "ResponseType", body.ResponseType != "")
+	check(&missing, "RedirectURI", body.RedirectURI != "")
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("Missing required fields: %s", strings.Join(missing, ", "))
+	}
+
 	data := url.Values{
 		"response_type": []string{body.ResponseType},
 		"redirect_uri":  []string{body.RedirectURI},
@@ -333,3 +343,9 @@ func addIfNotEmpty(key string, value string, qs url.Values) {
 		qs.Set(key, value)
 	}
 }
+
+func check(errors *[]string, key string, c bool) {
+	if !c {
+		*errors = append(*errors, key)
+	}
+}
diff --git a/authentication/oauth_test.go b/authentication/oauth_test.go
@@ -410,10 +410,23 @@ func TestOAuthWithIDTokenVerification(t *testing.T) {
 
 func TestPushedAuthorizationRequest(t *testing.T) {
 	t.Run("Should require a client secret", func(t *testing.T) {
-		_, err := authAPI.OAuth.PushedAuthorization(context.Background(), oauth.PushedAuthorizationRequest{})
+		_, err := authAPI.OAuth.PushedAuthorization(context.Background(), oauth.PushedAuthorizationRequest{
+			ResponseType: "code",
+			RedirectURI:  "http://localhost:3000/callback",
+		})
 		assert.ErrorContains(t, err, "client_secret or client_assertion is required but not provided")
 	})
 
+	t.Run("Should require a ClientID, ResponseType and RedirectURI", func(t *testing.T) {
+		auth, err := New(
+			context.Background(),
+			domain,
+		)
+		require.NoError(t, err)
+		_, err = auth.OAuth.PushedAuthorization(context.Background(), oauth.PushedAuthorizationRequest{})
+		assert.ErrorContains(t, err, "Missing required fields: ClientID, ResponseType, RedirectURI")
+	})
+
 	t.Run("Should make a PAR request", func(t *testing.T) {
 		skipE2E(t)
 		configureHTTPTestRecordings(t, authAPI)