Update struc name

consent/strategy.go

@@ -24,7 +24,7 @@ type Strategy interface {
  ctx context.Context,
  w http.ResponseWriter,
  r *http.Request,
- req fosite.DeviceAuthorizeRequester,
+ req fosite.DeviceUserRequester,
  ) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
  HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
  HandleHeadlessLogout(ctx context.Context, w http.ResponseWriter, r *http.Request, sid string) error

consent/strategy_default.go

@@ -216,7 +216,7 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht
 
  // Generate the request URL
  iu := s.c.OAuth2AuthURL(ctx)
- if _, ok := req.(fosite.DeviceAuthorizeRequester); ok {
+ if _, ok := req.(fosite.DeviceUserRequester); ok {
  iu = s.c.OAuth2DeviceAuthorisationURL(ctx)
  }
  iu.RawQuery = r.URL.RawQuery
@@ -426,8 +426,8 @@ func (s *DefaultStrategy) verifyAuthentication(
  },
  },
  }
- } else if _, ok := req.(fosite.DeviceAuthorizeRequester); ok {
- cleanReq = &fosite.DeviceAuthorizeRequest{
+ } else if _, ok := req.(fosite.DeviceUserRequester); ok {
+ cleanReq = &fosite.DeviceUserRequest{
  Request: fosite.Request{
  ID: req.GetID(),
  RequestedAt: req.GetRequestedAt(),
@@ -1261,7 +1261,7 @@ func (s *DefaultStrategy) forwardDeviceRequest(ctx context.Context, w http.Respo
  return errorsx.WithStack(ErrAbortOAuth2Request)
 }
 
-func (s *DefaultStrategy) verifyDevice(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceAuthorizeRequester, verifier string) (*flow.DeviceGrantRequest, error) {
+func (s *DefaultStrategy) verifyDevice(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceUserRequester, verifier string) (*flow.DeviceGrantRequest, error) {
  session, err := s.r.ConsentManager().GetDeviceGrantRequestByVerifier(ctx, verifier)
  if errors.Is(err, sqlcon.ErrNoRows) {
  return nil, errorsx.WithStack(fosite.ErrAccessDenied.WithHint("The device verifier has already been used, has not been granted, or is invalid."))
@@ -1289,7 +1289,7 @@ func (s *DefaultStrategy) verifyDevice(ctx context.Context, w http.ResponseWrite
  return session, nil
 }
 
-func (s *DefaultStrategy) invalidateDeviceRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceAuthorizeRequester, verifier string) (*flow.DeviceGrantRequest, error) {
+func (s *DefaultStrategy) invalidateDeviceRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceUserRequester, verifier string) (*flow.DeviceGrantRequest, error) {
  session, err := s.r.ConsentManager().VerifyAndInvalidateDeviceGrantRequest(ctx, verifier)
  if errors.Is(err, sqlcon.ErrNoRows) {
  return nil, errorsx.WithStack(fosite.ErrAccessDenied.WithHint("The device verifier has already been used, has not been granted, or is invalid."))
@@ -1304,7 +1304,7 @@ func (s *DefaultStrategy) HandleOAuth2DeviceAuthorizationRequest(
  ctx context.Context,
  w http.ResponseWriter,
  r *http.Request,
- req fosite.DeviceAuthorizeRequester,
+ req fosite.DeviceUserRequester,
 ) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error) {
  loginVerifier := strings.TrimSpace(req.GetRequestForm().Get("login_verifier"))
  consentVerifier := strings.TrimSpace(req.GetRequestForm().Get("consent_verifier"))

fositex/config.go

@@ -37,12 +37,12 @@ type Factory func(config fosite.Configurator, storage interface{}, strategy inte
 type Config struct {
  deps configDependencies
 
- authorizeEndpointHandlers  fosite.AuthorizeEndpointHandlers
- tokenEndpointHandlers  fosite.TokenEndpointHandlers
- tokenIntrospectionHandlers  fosite.TokenIntrospectionHandlers
- revocationHandlers  fosite.RevocationHandlers
- deviceEndpointHandlers  fosite.DeviceEndpointHandlers
- deviceAuthorizeEndpointHandlers fosite.DeviceAuthorizeEndpointHandlers
+ authorizeEndpointHandlers fosite.AuthorizeEndpointHandlers
+ tokenEndpointHandlers fosite.TokenEndpointHandlers
+ tokenIntrospectionHandlers fosite.TokenIntrospectionHandlers
+ revocationHandlers fosite.RevocationHandlers
+ deviceEndpointHandlers fosite.DeviceEndpointHandlers
+ deviceUserEndpointHandlers fosite.DeviceUserEndpointHandlers
 
  *config.DefaultProvider
 }
@@ -83,8 +83,8 @@ func (c *Config) LoadDefaultHandlers(strategy interface{}) {
  if dh, ok := res.(fosite.DeviceEndpointHandler); ok {
  c.deviceEndpointHandlers.Append(dh)
  }
- if dah, ok := res.(fosite.DeviceAuthorizeEndpointHandler); ok {
- c.deviceAuthorizeEndpointHandlers.Append(dah)
+ if duh, ok := res.(fosite.DeviceUserEndpointHandler); ok {
+ c.deviceUserEndpointHandlers.Append(duh)
  }
  if ah, ok := res.(fosite.AuthorizeEndpointHandler); ok {
  c.authorizeEndpointHandlers.Append(ah)
@@ -129,8 +129,8 @@ func (c *Config) GetDeviceEndpointHandlers(ctx context.Context) fosite.DeviceEnd
  return c.deviceEndpointHandlers
 }
 
-func (c *Config) GetDeviceAuthorizeEndpointHandlers(ctx context.Context) fosite.DeviceAuthorizeEndpointHandlers {
- return c.deviceAuthorizeEndpointHandlers
+func (c *Config) GetDeviceUserEndpointHandlers(ctx context.Context) fosite.DeviceUserEndpointHandlers {
+ return c.deviceUserEndpointHandlers
 }
 
 func (c *Config) GetGrantTypeJWTBearerCanSkipClientAuth(context.Context) bool {

fositex/token_strategy.go

@@ -88,27 +88,3 @@ func genericSignature(token string) string {
  return ""
  }
 }
-
-func (t TokenStrategy) DeviceCodeSignature(ctx context.Context, token string) (signature string, err error) {
- return t.devHmac.DeviceCodeSignature(ctx, token)
-}
-
-func (t *TokenStrategy) GenerateDeviceCode(ctx context.Context) (token string, signature string, err error) {
- return t.devHmac.GenerateDeviceCode(ctx)
-}
-
-func (t *TokenStrategy) ValidateDeviceCode(ctx context.Context, r fosite.Requester, code string) (err error) {
- return t.devHmac.ValidateDeviceCode(ctx, r, code)
-}
-
-func (t TokenStrategy) UserCodeSignature(ctx context.Context, token string) (signature string, err error) {
- return t.devHmac.UserCodeSignature(ctx, token)
-}
-
-func (t *TokenStrategy) GenerateUserCode(ctx context.Context) (token string, signature string, err error) {
- return t.devHmac.GenerateUserCode(ctx)
-}
-
-func (t *TokenStrategy) ValidateUserCode(context context.Context, r fosite.Requester, code string) (err error) {
- return t.devHmac.ValidateUserCode(context, r, code)
-}

go.mod

@@ -12,7 +12,7 @@ replace (
 
 replace github.com/ory/hydra-client-go/v2 => ./internal/httpclient
 
-replace github.com/ory/fosite => github.com/BuzzBumbleBee/fosite v0.0.0-20231124164728-b1fbd361a56b
+replace github.com/ory/fosite => ../fosite
 
 require (
  github.com/ThalesIgnite/crypto11 v1.2.5
@@ -46,7 +46,7 @@ require (
  github.com/ory/hydra-client-go/v2 v2.1.1
  github.com/ory/jsonschema/v3 v3.0.8
  github.com/ory/kratos-client-go v0.13.1
- github.com/ory/x v0.0.604
+ github.com/ory/x v0.0.609
  github.com/pborman/uuid v1.2.1
  github.com/pkg/errors v0.9.1
  github.com/prometheus/client_golang v1.16.0
@@ -62,11 +62,11 @@ require (
  github.com/toqueteos/webbrowser v1.2.0
  github.com/twmb/murmur3 v1.1.8
  github.com/urfave/negroni v1.0.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0
- go.opentelemetry.io/otel v1.19.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0
- go.opentelemetry.io/otel/sdk v1.19.0
- go.opentelemetry.io/otel/trace v1.19.0
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1
+ go.opentelemetry.io/otel v1.21.0
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0
+ go.opentelemetry.io/otel/sdk v1.21.0
+ go.opentelemetry.io/otel/trace v1.21.0
  go.uber.org/automaxprocs v1.5.3
  golang.org/x/crypto v0.15.0
  golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
@@ -199,6 +199,7 @@ require (
  github.com/openzipkin/zipkin-go v0.4.2 // indirect
  github.com/ory/dockertest/v3 v3.10.0 // indirect
  github.com/ory/go-convenience v0.1.0 // indirect
+ github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
  github.com/pelletier/go-toml v1.9.5 // indirect
  github.com/pelletier/go-toml/v2 v2.0.9 // indirect
  github.com/pkg/profile v1.7.0 // indirect
@@ -226,19 +227,20 @@ require (
  github.com/xeipuuv/gojsonschema v1.2.0 // indirect
  github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
  go.mongodb.org/mongo-driver v1.12.1 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.45.0 // indirect
- go.opentelemetry.io/contrib/propagators/b3 v1.20.0 // indirect
- go.opentelemetry.io/contrib/propagators/jaeger v1.20.0 // indirect
- go.opentelemetry.io/contrib/samplers/jaegerremote v0.14.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 // indirect
+ go.opentelemetry.io/contrib/propagators/b3 v1.21.0 // indirect
+ go.opentelemetry.io/contrib/propagators/jaeger v1.21.1 // indirect
+ go.opentelemetry.io/contrib/samplers/jaegerremote v0.15.1 // indirect
  go.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
- go.opentelemetry.io/otel/exporters/zipkin v1.19.0 // indirect
- go.opentelemetry.io/otel/metric v1.19.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+ go.opentelemetry.io/otel/exporters/zipkin v1.21.0 // indirect
+ go.opentelemetry.io/otel/metric v1.21.0 // indirect
  go.opentelemetry.io/proto/otlp v1.0.0 // indirect
  golang.org/x/mod v0.14.0 // indirect
  golang.org/x/net v0.18.0 // indirect
  golang.org/x/sys v0.14.0 // indirect
  golang.org/x/text v0.14.0 // indirect
+ golang.org/x/time v0.4.0 // indirect
  golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
  google.golang.org/appengine v1.6.8 // indirect
  google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect

oauth2/handler.go

@@ -128,7 +128,7 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx.
 func (h *Handler) performOAuth2DeviceAuthorizationFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
  var ctx = r.Context()
 
- authorizeRequest, err := h.r.OAuth2Provider().NewDeviceAuthorizeRequest(ctx, r)
+ authorizeRequest, err := h.r.OAuth2Provider().NewDeviceUserRequest(ctx, r)
  if err != nil {
  x.LogError(r, err, h.r.Logger())
  return
@@ -208,7 +208,7 @@ func (h *Handler) performOAuth2DeviceAuthorizationFlow(w http.ResponseWriter, r
  claims.Add("sid", session.ConsentRequest.LoginSessionID)
 
  // done
- response, err := h.r.OAuth2Provider().NewDeviceAuthorizeResponse(ctx, authorizeRequest, &Session{
+ response, err := h.r.OAuth2Provider().NewDeviceUserResponse(ctx, authorizeRequest, &Session{
  DefaultSession: &openid.DefaultSession{
  Claims: claims,
  Headers: &jwt.Headers{Extra: map[string]interface{}{
@@ -237,7 +237,7 @@ func (h *Handler) performOAuth2DeviceAuthorizationFlow(w http.ResponseWriter, r
  h.r.Writer().WriteError(w, r, err)
  }
 
- h.r.OAuth2Provider().WriteDeviceAuthorizeResponse(ctx, r, w, authorizeRequest, response)
+ h.r.OAuth2Provider().WriteDeviceUserResponse(ctx, r, w, authorizeRequest, response)
 }
 
 // OAuth2 Device Flow

oauth2/oauth2_helper_test.go

@@ -54,7 +54,7 @@ func (c *consentMock) HandleHeadlessLogout(ctx context.Context, w http.ResponseW
  panic("not implemented")
 }
 
-func (c *consentMock) HandleOAuth2DeviceAuthorizationRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceAuthorizeRequester) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error) {
+func (c *consentMock) HandleOAuth2DeviceAuthorizationRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.DeviceUserRequester) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error) {
  if c.deny {
  return nil, nil, fosite.ErrRequestForbidden
  }