From 3b958bc30c5ccb6ea3143c08d1ca65dc0bf4b9bc Mon Sep 17 00:00:00 2001 From: Dave Arter Date: Wed, 13 May 2020 16:38:09 +0100 Subject: Rename O::L::C::W::Azure to O::L::C::W::AuthCodeFlow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turns out there’s nothing strictly Azure-specific about it. --- perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm | 42 ++++++++++++++++++++++ perllib/OIDC/Lite/Client/WebServer/Azure.pm | 39 -------------------- 2 files changed, 42 insertions(+), 39 deletions(-) create mode 100644 perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm delete mode 100644 perllib/OIDC/Lite/Client/WebServer/Azure.pm (limited to 'perllib/OIDC/Lite/Client/WebServer') diff --git a/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm new file mode 100644 index 000000000..33a9a788f --- /dev/null +++ b/perllib/OIDC/Lite/Client/WebServer/AuthCodeFlow.pm @@ -0,0 +1,42 @@ +package OIDC::Lite::Client::WebServer::AuthCodeFlow; + +use strict; +use warnings; +use parent 'OIDC::Lite::Client::WebServer'; + +use OIDC::Lite::Client::IDTokenResponseParser; + +=head1 NAME + +OIDC::Lite::Client::WebServer::AuthCodeFlow - extension to auth against an +identity provider using the authorization code flow, such as Azure AD B2C or +Google OAuth 2.0. +More info: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps + +OIDC::Lite doesn't appear to support the authorisation code flow to get an +ID token - only an access token. This flow returns all its claims in the id_token +(and may not support a UserInfo endpoint e.g. Azure AD B2C), so this extension +adds support for parsing the id_token when calling get_access_token. + +=cut + +=head2 new + +Overrides response_parser so that get_access_token returns a +L object. + +NB this does not perform any verification of the id_token. It's assumed to be +safe as it's come directly from the OpenID IdP and not an untrusted user's +browser. + +=cut + +sub new { + my $self = shift->next::method(@_); + + $self->{response_parser} = OIDC::Lite::Client::IDTokenResponseParser->new; + + return $self; +} + +1; diff --git a/perllib/OIDC/Lite/Client/WebServer/Azure.pm b/perllib/OIDC/Lite/Client/WebServer/Azure.pm deleted file mode 100644 index b19dce90e..000000000 --- a/perllib/OIDC/Lite/Client/WebServer/Azure.pm +++ /dev/null @@ -1,39 +0,0 @@ -package OIDC::Lite::Client::WebServer::Azure; - -use strict; -use warnings; -use parent 'OIDC::Lite::Client::WebServer'; - -use OIDC::Lite::Client::IDTokenResponseParser; - -=head1 NAME - -OIDC::Lite::Client::WebServer::Azure - extension to auth against Azure AD B2C - -OIDC::Lite doesn't appear to support the authorisation code flow to get an -ID token - only an access token. Azure returns all its claims in the id_token -and doesn't support a UserInfo endpoint, so this extension adds support for -parsing the id_token when calling get_access_token. - -=cut - -=head2 new - -Overrides response_parser so that get_access_token returns a -L object. - -NB this does not perform any verification of the id_token. It's assumed to be -safe as it's come directly from the OpenID IdP and not an untrusted user's -browser. - -=cut - -sub new { - my $self = shift->next::method(@_); - - $self->{response_parser} = OIDC::Lite::Client::IDTokenResponseParser->new; - - return $self; -} - -1; -- cgit v1.2.3