feat: add configurable acr/amr claims

2025-02-17 15:12:59 +01:00
parent 15a47179f4
commit 46b279a4f0
4 changed files with 33 additions and 13 deletions
--- a/internal/hydra/login.go
+++ b/internal/hydra/login.go
@ -16,11 +16,13 @@ type LoginReqDoer struct {
 	hydraURL           string
 	fakeTLSTermination bool
 	rememberFor        int
+	acr                string
+	amr                []string
 }

 // NewLoginReqDoer creates a LoginRequest.
-func NewLoginReqDoer(hydraURL string, fakeTLSTermination bool, rememberFor int) *LoginReqDoer {
-	return &LoginReqDoer{hydraURL: hydraURL, fakeTLSTermination: fakeTLSTermination, rememberFor: rememberFor}
+func NewLoginReqDoer(hydraURL string, fakeTLSTermination bool, rememberFor int, acr string, amr []string) *LoginReqDoer {
+	return &LoginReqDoer{hydraURL: hydraURL, fakeTLSTermination: fakeTLSTermination, rememberFor: rememberFor, acr: acr, amr: amr}
 }

 // InitiateRequest fetches information on the OAuth2 request.
@ -32,13 +34,17 @@ func (lrd *LoginReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
 // AcceptLoginRequest accepts the requested authentication process, and returns redirect URI.
 func (lrd *LoginReqDoer) AcceptLoginRequest(challenge string, remember bool, subject string) (string, error) {
 	data := struct {
-		Remember    bool   `json:"remember"`
-		RememberFor int    `json:"remember_for"`
-		Subject     string `json:"subject"`
+		Remember    bool     `json:"remember"`
+		RememberFor int      `json:"remember_for"`
+		Subject     string   `json:"subject"`
+		ACR         string   `json:"acr,omitempty"`
+		AMR         []string `json:"amr,omitempty"`
 	}{
 		Remember:    remember,
 		RememberFor: lrd.rememberFor,
 		Subject:     subject,
+		ACR:         lrd.acr,
+		AMR:         lrd.amr,
 	}
 	redirectURI, err := acceptRequest(login, lrd.hydraURL, lrd.fakeTLSTermination, challenge, data)
 	return redirectURI, errors.Wrap(err, "failed to accept login request")
--- a/internal/hydra/login_test.go
+++ b/internal/hydra/login_test.go
@ -60,7 +60,7 @@ func TestInitiateLoginRequest(t *testing.T) {
 			h := &testInitiateLoginHandler{reqInfo: tc.reqInfo, status: tc.status}
 			srv := httptest.NewServer(h)
 			defer srv.Close()
-			ldr := hydra.NewLoginReqDoer(srv.URL, false, 0)
+			ldr := hydra.NewLoginReqDoer(srv.URL, false, 0, "", nil)

 			reqInfo, err := ldr.InitiateRequest(tc.challenge)

@ -160,7 +160,7 @@ func TestAcceptLoginRequest(t *testing.T) {
 			h := &testAcceptLoginHandler{challenge: tc.challenge, status: tc.status, redirect: tc.redirect}
 			srv := httptest.NewServer(h)
 			defer srv.Close()
-			ldr := hydra.NewLoginReqDoer(srv.URL, false, tc.rememberFor)
+			ldr := hydra.NewLoginReqDoer(srv.URL, false, tc.rememberFor, "", nil)

 			redirect, err := ldr.AcceptLoginRequest(tc.challenge, tc.remember, tc.subject)