From 716bdadcfdeeafb9a3bd86d11f384a8d7937a59e Mon Sep 17 00:00:00 2001 From: Ewan Harris Date: Wed, 13 Dec 2023 16:45:03 +0000 Subject: [PATCH] Check if ClientAssertionType is empty and add required check --- authentication/authentication.go | 8 ++++++-- authentication/mfa.go | 2 +- authentication/passwordless.go | 8 ++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/authentication/authentication.go b/authentication/authentication.go index b115a2e0..97087684 100644 --- a/authentication/authentication.go +++ b/authentication/authentication.go @@ -267,7 +267,7 @@ func (a *Authentication) addClientAuthenticationToURLValues(params oauth.ClientA body.Set("client_assertion", clientAssertion) body.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer") break - case params.ClientAssertion != "": + case params.ClientAssertion != "" && params.ClientAssertionType != "": body.Set("client_assertion", params.ClientAssertion) body.Set("client_assertion_type", params.ClientAssertionType) break @@ -284,7 +284,7 @@ func (a *Authentication) addClientAuthenticationToURLValues(params oauth.ClientA } // Helper for adding client authentication to an oauth.ClientAuthentication struct. -func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth.ClientAuthentication) error { +func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth.ClientAuthentication, required bool) error { if params.ClientID == "" { params.ClientID = a.clientID } @@ -306,6 +306,10 @@ func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth params.ClientSecret = a.clientSecret } + if required && (params.ClientSecret == "" && params.ClientAssertion == "") { + return errors.New("client_secret or client_assertion is required but not provided") + } + return nil } diff --git a/authentication/mfa.go b/authentication/mfa.go index 1e72bd77..1ab29c22 100644 --- a/authentication/mfa.go +++ b/authentication/mfa.go @@ -26,7 +26,7 @@ func (m *MFA) Challenge(ctx context.Context, body mfa.ChallengeRequest, opts ... return nil, fmt.Errorf("Missing required fields: %s", strings.Join(missing, ", ")) } - err = m.authentication.addClientAuthenticationToClientAuthStruct(&body.ClientAuthentication) + err = m.authentication.addClientAuthenticationToClientAuthStruct(&body.ClientAuthentication, false) if err != nil { return nil, err diff --git a/authentication/passwordless.go b/authentication/passwordless.go index bc7a4bfd..07937a55 100644 --- a/authentication/passwordless.go +++ b/authentication/passwordless.go @@ -18,7 +18,7 @@ type Passwordless manager // // See: https://auth0.com/docs/api/authentication?http#get-code-or-link func (p *Passwordless) SendEmail(ctx context.Context, params passwordless.SendEmailRequest, opts ...RequestOption) (r *passwordless.SendEmailResponse, err error) { - err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication) + err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication, false) if err != nil { return nil, err } @@ -33,7 +33,7 @@ func (p *Passwordless) SendEmail(ctx context.Context, params passwordless.SendEm // // See: https://auth0.com/docs/api/authentication?http#authenticate-user func (p *Passwordless) LoginWithEmail(ctx context.Context, params passwordless.LoginWithEmailRequest, validationOptions oauth.IDTokenValidationOptions, opts ...RequestOption) (t *oauth.TokenSet, err error) { - err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication) + err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication, false) if err != nil { return nil, err } @@ -64,7 +64,7 @@ func (p *Passwordless) LoginWithEmail(ctx context.Context, params passwordless.L // // See: https://auth0.com/docs/api/authentication?http#get-code-or-link func (p *Passwordless) SendSMS(ctx context.Context, params passwordless.SendSMSRequest, opts ...RequestOption) (r *passwordless.SendSMSResponse, err error) { - err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication) + err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication, false) if err != nil { return nil, err } @@ -79,7 +79,7 @@ func (p *Passwordless) SendSMS(ctx context.Context, params passwordless.SendSMSR // // See: https://auth0.com/docs/api/authentication?http#authenticate-user func (p *Passwordless) LoginWithSMS(ctx context.Context, params passwordless.LoginWithSMSRequest, validationOptions oauth.IDTokenValidationOptions, opts ...RequestOption) (t *oauth.TokenSet, err error) { - err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication) + err = p.authentication.addClientAuthenticationToClientAuthStruct(¶ms.ClientAuthentication, false) if err != nil { return nil, err