Merge pull request #2265 from ariary/master

Add parametrization of grant type supported in discovery endpoint
dexidp · Oct 6, 2021 · 67ba7a1 · 67ba7a1
2 parents ff6e7c7 + 7bc9662
commit 67ba7a1
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/server/handlers.go b/server/handlers.go
@@ -94,7 +94,6 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
 		UserInfo:          s.absURL("/userinfo"),
 		DeviceEndpoint:    s.absURL("/device/code"),
 		Subjects:          []string{"public"},
-		GrantTypes:        []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode},
 		IDTokenAlgs:       []string{string(jose.RS256)},
 		CodeChallengeAlgs: []string{codeChallengeMethodS256, codeChallengeMethodPlain},
 		Scopes:            []string{"openid", "email", "groups", "profile", "offline_access"},
@@ -110,6 +109,8 @@ func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
 	}
 	sort.Strings(d.ResponseTypes)
 
+	d.GrantTypes = s.supportedGrantTypes
+
 	data, err := json.MarshalIndent(d, "", "  ")
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal discovery data: %v", err)

diff --git a/server/server.go b/server/server.go
@@ -11,6 +11,7 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"sort"
 	"strconv"
 	"strings"
 	"sync"
@@ -169,6 +170,8 @@ type Server struct {
 
 	supportedResponseTypes map[string]bool
 
+	supportedGrantTypes []string
+
 	now func() time.Time
 
 	idTokensValidFor       time.Duration
@@ -209,15 +212,21 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		c.SupportedResponseTypes = []string{responseTypeCode}
 	}
 
-	supported := make(map[string]bool)
+	supportedRes := make(map[string]bool)
 	for _, respType := range c.SupportedResponseTypes {
 		switch respType {
 		case responseTypeCode, responseTypeIDToken, responseTypeToken:
 		default:
 			return nil, fmt.Errorf("unsupported response_type %q", respType)
 		}
-		supported[respType] = true
+		supportedRes[respType] = true
+	}
+
+	supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default
+	if c.PasswordConnector != "" {
+		supportedGrant = append(supportedGrant, grantTypePassword)
 	}
+	sort.Strings(supportedGrant)
 
 	webFS := web.FS()
 	if c.Web.Dir != "" {
@@ -249,7 +258,8 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		issuerURL:              *issuerURL,
 		connectors:             make(map[string]Connector),
 		storage:                newKeyCacher(c.Storage, now),
-		supportedResponseTypes: supported,
+		supportedResponseTypes: supportedRes,
+		supportedGrantTypes:    supportedGrant,
 		idTokensValidFor:       value(c.IDTokensValidFor, 24*time.Hour),
 		authRequestsValidFor:   value(c.AuthRequestsValidFor, 24*time.Hour),
 		deviceRequestsValidFor: value(c.DeviceRequestsValidFor, 5*time.Minute),