Merge pull request #117 from cloudentity/feature/authentication-code

Add authentication_code param for passwordless authentication
cloudentity · Nov 21, 2024 · 9a0b6fe · 9a0b6fe
2 parents 5768bf0 + 65acf39
commit 9a0b6fe
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -89,6 +89,7 @@ The available flags are:
       --assertion string                                    claims for jwt bearer assertion
       --audience strings                                    requested audience
       --auth-method string                                  token endpoint authentication method
+      --authentication-code string                          authentication code used for passwordless authentication
       --authorization-endpoint string                       server's authorization endpoint
       --browser-timeout duration                            browser timeout (default 10m0s)
       --callback-tls-cert string                            path to callback tls cert pem file

diff --git a/cmd/oauth2.go b/cmd/oauth2.go
@@ -89,6 +89,7 @@ func NewOAuth2Cmd(version, commit, date string) (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().StringVar(&cconfig.Purpose, "purpose", "", "string describing the purpose for obtaining End-User authorization")
 	cmd.PersistentFlags().StringSliceVar(&cconfig.Prompt, "prompt", []string{}, "end-user authorization purpose")
 	cmd.PersistentFlags().StringVar(&cconfig.MaxAge, "max-age", "", "maximum authentication age in seconds")
+	cmd.PersistentFlags().StringVar(&cconfig.AuthenticationCode, "authentication-code", "", "authentication code used for passwordless authentication")
 
 	cmd.PersistentFlags().StringVar(&sconfig.TokenEndpoint, "token-endpoint", "", "server's token endpoint")
 	cmd.PersistentFlags().StringVar(&sconfig.AuthorizationEndpoint, "authorization-endpoint", "", "server's authorization endpoint")

diff --git a/internal/oauth2/oauth2.go b/internal/oauth2/oauth2.go
@@ -94,6 +94,7 @@ type ClientConfig struct {
 	Purpose                string
 	Prompt                 []string
 	MaxAge                 string
+	AuthenticationCode     string
 }
 
 func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error) {

diff --git a/internal/oauth2/request.go b/internal/oauth2/request.go
@@ -69,6 +69,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("max_age", cconfig.MaxAge)
 	}
 
+	if len(cconfig.AuthenticationCode) > 0 {
+		r.Form.Set("authentication_code", cconfig.AuthenticationCode)
+	}
+
 	if cconfig.IDTokenHint != "" {
 		r.Form.Set("id_token_hint", cconfig.IDTokenHint)
 	}
@@ -156,6 +160,10 @@ func (r *Request) AuthorizeRequest(
 		if len(cconfig.MaxAge) > 0 {
 			r.Form.Set("max_age", cconfig.MaxAge)
 		}
+
+		if len(cconfig.AuthenticationCode) > 0 {
+			r.Form.Set("authentication_code", cconfig.AuthenticationCode)
+		}
 	}
 
 	if cconfig.DPoP {