v3.4.0: add support for client credentials grant type

depend on liboauth2 >= 1.6.0

Signed-off-by: Hans Zandbelt <[email protected]>

ChangeLog

@@ -1,3 +1,7 @@
+12/06/2023
+- add support for the client credentials grant type
+- depend on liboauth >= 1.6.0
+
 03/08/2023
 - move repo to OpenIDC github organization
 

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([liboauth2-sts],[3.3.0],[[email protected]])
+AC_INIT([liboauth2-sts],[3.4.0],[[email protected]])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -13,7 +13,7 @@ PKG_CHECK_MODULES(XML, libxml-2.0 >= 2.4)
 AC_SUBST(XML_CFLAGS)
 AC_SUBST(XML_LIBS)
 
-PKG_CHECK_MODULES(OAUTH2, liboauth2 >= 1.4.5.2)
+PKG_CHECK_MODULES(OAUTH2, liboauth2 >= 1.6.0)
 AC_SUBST(OAUTH2_CFLAGS)
 AC_SUBST(OAUTH2_LIBS)
 

include/oauth2/sts.h

@@ -49,6 +49,7 @@
 #define STS_TYPE_WSTRUST 1
 #define STS_TYPE_ROPC 2
 #define STS_TYPE_OTX 3
+#define STS_TYPE_CC 4
 
 OAUTH2_CFG_TYPE_DECLARE(sts, cfg)
 

src/Makefile.am

@@ -8,6 +8,7 @@ liboauth2_sts_la_SOURCES = \
 	sts.c \
 	wstrust.c \
 	ropc.c \
+	cc.c \
 	otx.c
 
 liboauth2_sts_la_LIBADD =  @XML_LIBS@ @OAUTH2_LIBS@ $(CODE_COVERAGE_LIBS)

src/cc.c

@@ -0,0 +1,51 @@
+/***************************************************************************
+ *
+ * Copyright (C) 2018-2023 - ZmartZone Holding BV - www.zmartzone.eu
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @Author: Hans Zandbelt - [email protected]
+ *
+ **************************************************************************/
+
+#include <oauth2/http.h>
+#include <oauth2/oauth2.h>
+#include <oauth2/proto.h>
+#include <oauth2/sts.h>
+
+#include "sts_int.h"
+
+const char *sts_cfg_set_cc(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
+			   const char *url, const char *options)
+{
+	char *rv = NULL;
+
+	cfg->cc = oauth2_cfg_cc_init(log);
+	if (cfg->cc == NULL) {
+		rv = oauth2_strdup("oauth2_cfg_cc_init failed");
+		goto end;
+	}
+
+	rv = oauth2_cfg_set_cc(log, cfg->cc, url, options);
+
+end:
+
+	return rv;
+}
+
+bool sts_cc_exec(oauth2_log_t *log, oauth2_cfg_sts_t *cfg, char **rtoken,
+		 oauth2_uint_t *status_code)
+{
+	return oauth2_cc_exec(log, cfg->cc, rtoken, status_code);
+}

src/sts.c

@@ -37,6 +37,7 @@
 #define STS_TYPE_DISABLED_STR "disabled"
 #define STS_TYPE_WSTRUST_STR "wstrust"
 #define STS_TYPE_ROPC_STR "ropc"
+#define STS_TYPE_CC_STR "cc"
 #define STS_TYPE_OTX_STR "otx"
 
 #define STS_CFG_DEFAULT_TYPE STS_TYPE_DISABLED
@@ -64,6 +65,7 @@ oauth2_sts_cfg_t *oauth2_sts_cfg_create(oauth2_log_t *log, const char *path)
 	c->wstrust_value_type = NULL;
 
 	c->ropc = NULL;
+	c->cc = NULL;
 
 	c->otx_endpoint = NULL;
 	c->otx_client_id = NULL;
@@ -103,6 +105,8 @@ void oauth2_sts_cfg_merge(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
 
 	cfg->ropc = add->ropc ? oauth2_cfg_ropc_clone(log, add->ropc)
 			      : oauth2_cfg_ropc_clone(log, base->ropc);
+	cfg->cc = add->cc ? oauth2_cfg_cc_clone(log, add->cc)
+			  : oauth2_cfg_cc_clone(log, base->cc);
 
 	cfg->otx_endpoint = oauth2_cfg_endpoint_clone(
 	    NULL, add->otx_endpoint ? add->otx_endpoint : base->otx_endpoint);
@@ -183,6 +187,8 @@ void oauth2_sts_cfg_free(oauth2_log_t *log, oauth2_sts_cfg_t *cfg)
 
 	if (cfg->ropc)
 		oauth2_cfg_ropc_free(log, cfg->ropc);
+	if (cfg->cc)
+		oauth2_cfg_cc_free(log, cfg->cc);
 
 	if (cfg->otx_endpoint)
 		oauth2_cfg_endpoint_free(log, cfg->otx_endpoint);
@@ -218,14 +224,17 @@ static const char *sts_cfg_set_type(oauth2_sts_cfg_t *cfg, const char *value)
 		cfg->type = STS_TYPE_WSTRUST;
 	} else if (strcmp(value, STS_TYPE_ROPC_STR) == 0) {
 		cfg->type = STS_TYPE_ROPC;
+	} else if (strcmp(value, STS_TYPE_CC_STR) == 0) {
+		cfg->type = STS_TYPE_CC;
 	} else if (strcmp(value, STS_TYPE_OTX_STR) == 0) {
 		cfg->type = STS_TYPE_OTX;
 	} else if (strcmp(value, STS_TYPE_DISABLED_STR) == 0) {
 		cfg->type = STS_TYPE_DISABLED;
 	} else {
 		rv = "Invalid value: must be \"" STS_TYPE_WSTRUST_STR
-		     "\", \"" STS_TYPE_ROPC_STR "\", \"" STS_TYPE_OTX_STR
-		     "\"or \"" STS_TYPE_DISABLED_STR "\"";
+		     "\", \"" STS_TYPE_ROPC_STR "\", \"" STS_TYPE_CC_STR
+		     "\", \"" STS_TYPE_OTX_STR "\"or \"" STS_TYPE_DISABLED_STR
+		     "\"";
 	}
 	return rv;
 }
@@ -302,6 +311,9 @@ const char *sts_cfg_set_exchange(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
 	case STS_TYPE_ROPC:
 		rv = sts_cfg_set_ropc(log, cfg, url, options);
 		break;
+	case STS_TYPE_CC:
+		rv = sts_cfg_set_cc(log, cfg, url, options);
+		break;
 	case STS_TYPE_OTX:
 		rv = sts_cfg_set_otx(log, cfg, url, params);
 		break;
@@ -669,6 +681,9 @@ static bool sts_token_exchange_exec(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
 	case STS_TYPE_ROPC:
 		rc = sts_ropc_exec(log, cfg, token, user, rtoken, status_code);
 		break;
+	case STS_TYPE_CC:
+		rc = sts_cc_exec(log, cfg, rtoken, status_code);
+		break;
 	case STS_TYPE_OTX:
 		rc = sts_otx_exec(log, cfg, token, rtoken, status_code);
 		break;

src/sts_int.h

@@ -41,6 +41,7 @@ typedef struct oauth2_sts_cfg_t {
 	char *wstrust_value_type;
 
 	oauth2_cfg_ropc_t *ropc;
+	oauth2_cfg_cc_t *cc;
 
 	oauth2_cfg_endpoint_t *otx_endpoint;
 	char *otx_client_id;
@@ -81,6 +82,11 @@ const char *sts_cfg_set_ropc(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
 bool sts_ropc_exec(oauth2_log_t *log, oauth2_cfg_sts_t *cfg, const char *token,
 		   const char *user, char **rtoken, oauth2_uint_t *status_code);
 
+const char *sts_cfg_set_cc(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
+			   const char *url, const char *options);
+bool sts_cc_exec(oauth2_log_t *log, oauth2_cfg_sts_t *cfg, char **rtoken,
+		 oauth2_uint_t *status_code);
+
 const char *sts_cfg_set_otx(oauth2_log_t *log, oauth2_sts_cfg_t *cfg,
 			    const char *url, const oauth2_nv_list_t *params);
 bool sts_otx_exec(oauth2_log_t *log, oauth2_cfg_sts_t *cfg, const char *token,