From 33a05f6cc65ac7d909c671ba79b0676faa6e3284 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 6 Apr 2022 15:02:38 -0600
Subject: link to different flows in spec

---
 src/oidc/bin/01_authz_code    |  6 ++++++
 src/oidc/bin/02_token_request | 10 ++++++++++
 src/oidc/bin/authz_code       |  6 ------
 src/oidc/bin/token_request    | 10 ----------
 src/oidc/main.go              | 26 ++++++++++++++++++--------
 5 files changed, 34 insertions(+), 24 deletions(-)
 create mode 100755 src/oidc/bin/01_authz_code
 create mode 100755 src/oidc/bin/02_token_request
 delete mode 100755 src/oidc/bin/authz_code
 delete mode 100755 src/oidc/bin/token_request

diff --git a/src/oidc/bin/01_authz_code b/src/oidc/bin/01_authz_code
new file mode 100755
index 0000000..fa96133
--- /dev/null
+++ b/src/oidc/bin/01_authz_code
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+cd "$(dirname "$0")/.."
+
+curl -v -s "http://localhost:8282/authorize?response_type=code&scope=openid&client_id=f00d&state=potatoe&redirect_uri=https://client.example.org/callback"
diff --git a/src/oidc/bin/02_token_request b/src/oidc/bin/02_token_request
new file mode 100755
index 0000000..48e49e8
--- /dev/null
+++ b/src/oidc/bin/02_token_request
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+cd "$(dirname "$0")/.."
+
+curl -s \
+  -u "client_id:client_secret" \
+  --basic \
+  -d "grant_type=authorization_code&code=example&redirect_uri=https://client.example.org/callback" \
+  "http://localhost:8282/token" | jq '.'
diff --git a/src/oidc/bin/authz_code b/src/oidc/bin/authz_code
deleted file mode 100755
index fa96133..0000000
--- a/src/oidc/bin/authz_code
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -e
-cd "$(dirname "$0")/.."
-
-curl -v -s "http://localhost:8282/authorize?response_type=code&scope=openid&client_id=f00d&state=potatoe&redirect_uri=https://client.example.org/callback"
diff --git a/src/oidc/bin/token_request b/src/oidc/bin/token_request
deleted file mode 100755
index 48e49e8..0000000
--- a/src/oidc/bin/token_request
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-set -e
-cd "$(dirname "$0")/.."
-
-curl -s \
-  -u "client_id:client_secret" \
-  --basic \
-  -d "grant_type=authorization_code&code=example&redirect_uri=https://client.example.org/callback" \
-  "http://localhost:8282/token" | jq '.'
diff --git a/src/oidc/main.go b/src/oidc/main.go
index c996e6a..5da4809 100644
--- a/src/oidc/main.go
+++ b/src/oidc/main.go
@@ -41,8 +41,15 @@ func handler(w http.ResponseWriter, r *http.Request) {
 			RedirectUri:  r.FormValue("redirect_uri"),
 		}
 		if ar.ResponseType == "code" {
+			// Authorization Code Flow https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
 			url := fmt.Sprintf("%s?code=example&state=%s", ar.RedirectUri, ar.State)
 			http.Redirect(w, r, url, 302)
+		} else if ar.ResponseType == "id_token token" || ar.ResponseType == "id_token" {
+			// Implicit Flow https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth
+			w.WriteHeader(http.StatusNotImplemented)
+		} else if ar.ResponseType == "code id_token" || ar.ResponseType == "code token" || ar.ResponseType == "code id_token token" {
+			// Hybrid Flow https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth
+			w.WriteHeader(http.StatusNotImplemented)
 		} else {
 			w.WriteHeader(http.StatusNotFound)
 			fmt.Fprintf(w, "Not Found\n")
@@ -53,16 +60,19 @@ func handler(w http.ResponseWriter, r *http.Request) {
 			Code:        r.FormValue("code"),
 			RedirectUri: r.FormValue("redirect_uri"),
 		}
-		r := &TokenResponse{
-			AccessToken:  "stateful_token",
-			TokenType:    "Bearer",
-			RefreshToken: "another_stateful_token",
-			ExpiresIn:    3600,
-			IdToken:      "JWT",
-		}
-
 		if tr.GrantType == "authorization_code" {
+			// Authorization Code Flow https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
+			r := &TokenResponse{
+				AccessToken:  "stateful_token",
+				TokenType:    "Bearer",
+				RefreshToken: "another_stateful_token",
+				ExpiresIn:    3600,
+				IdToken:      "JWT",
+			}
+
 			w.Header().Set("Content-Type", "application/json")
+			w.Header().Set("Cache-Control", "no-store")
+			w.Header().Set("Pragma", "no-cache")
 			fmt.Fprintf(w, `{"access_token": "%s","token_type": "%s","refresh_token": "%s","expires_in": %d,"id_token": "%s"}`, r.AccessToken, r.TokenType, r.RefreshToken, r.ExpiresIn, r.IdToken)
 		} else {
 			w.WriteHeader(http.StatusNotFound)
-- 
cgit v1.2.3