1 files changed, 30 insertions, 20 deletions

diff --git a/src/oidc/main.go b/src/oidc/main.go
index 6e59b08..6a93b36 100644
--- a/src/oidc/main.go
+++ b/src/oidc/main.go
@@ -34,6 +34,29 @@ type TokenResponse struct {
 	IdToken      string
 }
 
+var (
+	tokens = map[string]string{}
+)
+
+func createIdToken(clientId string) string {
+	now := time.Now()
+	expiresAt := now.Add(time.Hour * time.Duration(1))
+	idToken := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
+		Issuer:    "https://example.com",
+		Subject:   "1",
+		Audience:  clientId,
+		ExpiresAt: expiresAt.Unix(),
+		NotBefore: now.Unix(),
+		IssuedAt:  now.Unix(),
+		Id:        uuid.NewString(),
+	})
+
+	keyData, _ := ioutil.ReadFile("insecure.pem")
+	key, _ := jwt.ParseRSAPrivateKeyFromPEM(keyData)
+	signedIdToken, _ := idToken.SignedString(key)
+	return signedIdToken
+}
+
 func handler(w http.ResponseWriter, r *http.Request) {
 	if r.URL.Path == "/" && r.Method == "GET" {
 		w.WriteHeader(http.StatusOK)
@@ -49,7 +72,9 @@ func handler(w http.ResponseWriter, r *http.Request) {
 				State:        r.FormValue("state"),
 				RedirectUri:  r.FormValue("redirect_uri"),
 			}
-			url := fmt.Sprintf("%s?code=example&state=%s", ar.RedirectUri, ar.State)
+			code := uuid.NewString()
+			tokens[code] = uuid.NewString()
+			url := fmt.Sprintf("%s?code=%s&state=%s", ar.RedirectUri, code, ar.State)
 			http.Redirect(w, r, url, 302)
 		} else if responseType == "id_token token" || responseType == "id_token" {
 			// Implicit Flow https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth
@@ -58,7 +83,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
 				RedirectUri:  r.FormValue("redirect_uri"),
 				Nonce:        r.FormValue("nonce"),
 			}
-			idToken := "jwt"
+			idToken := createIdToken(r.FormValue("client_id")
 			url := fmt.Sprintf("%s?access_token=example&token_type=bearer&id_token=%s&expires_in=3600&state=%s", ar.RedirectUri, idToken, ar.State)
 			http.Redirect(w, r, url, 302)
 		} else if responseType == "code id_token" || responseType == "code token" || responseType == "code id_token token" {
@@ -76,27 +101,12 @@ func handler(w http.ResponseWriter, r *http.Request) {
 		}
 		if tr.GrantType == "authorization_code" {
 			// Authorization Code Flow https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
-			now := time.Now()
-			expiresAt := now.Add(time.Hour * time.Duration(1))
-			token := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
-				Issuer:    "https://example.com",
-				Subject:   "1",
-				Audience:  r.FormValue("client_id"),
-				ExpiresAt: expiresAt.Unix(),
-				NotBefore: now.Unix(),
-				IssuedAt:  now.Unix(),
-				Id:        uuid.NewString(),
-			})
-
-			keyData, _ := ioutil.ReadFile("insecure.pem")
-			key, _ := jwt.ParseRSAPrivateKeyFromPEM(keyData)
-			signed, _ := token.SignedString(key)
 			r := &TokenResponse{
-				AccessToken:  "stateful_token",
+				AccessToken:  tokens[tr.Code],
 				TokenType:    "Bearer",
-				RefreshToken: "another_stateful_token",
+				RefreshToken: "TODO::",
 				ExpiresIn:    3600,
-				IdToken:      signed,
+				IdToken:      createIdToken(r.FormValue("client_id")),
 			}
 
 			w.Header().Set("Content-Type", "application/json")