From 191b069cbee51064d6d65f4ca7fbb18d7a7cee3f Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Fri, 7 Jun 2024 22:08:31 +0200 Subject: [PATCH] add a nonce parameter to the DPoP API Signed-off-by: Hans Zandbelt --- src/handle/dpop.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/handle/dpop.c b/src/handle/dpop.c index 9c103399..c1a837c7 100644 --- a/src/handle/dpop.c +++ b/src/handle/dpop.c @@ -46,12 +46,14 @@ #include "util.h" #define OIDC_DPOP_PARAM_URL "url" +#define OIDC_DPOP_PARAM_NONCE "nonce" #define OIDC_DPOP_PARAM_METHOD "method" int oidc_dpop_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) { int rc = HTTP_BAD_REQUEST; char *s_url = NULL; char *s_access_token = NULL; + char *s_nonce = NULL; const char *session_access_token = NULL; char *s_method = NULL; char *s_dpop = NULL; @@ -87,6 +89,9 @@ int oidc_dpop_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) { goto end; } + /* retrieve the optional nonce parameter */ + oidc_util_request_parameter_get(r, OIDC_DPOP_PARAM_NONCE, &s_nonce); + /* parse the optional HTTP method parameter */ oidc_util_request_parameter_get(r, OIDC_DPOP_PARAM_METHOD, &s_method); if (_oidc_strnatcasecmp(s_method, "post") == 0) @@ -114,7 +119,7 @@ int oidc_dpop_request(request_rec *r, oidc_cfg_t *c, oidc_session_t *session) { } /* create the DPoP header value */ - s_dpop = oidc_proto_dpop_create(r, c, s_url, s_method, s_access_token, NULL); + s_dpop = oidc_proto_dpop_create(r, c, s_url, s_method, s_access_token, s_nonce); if (s_dpop == NULL) { oidc_error(r, "creating the DPoP proof value failed"); rc = HTTP_INTERNAL_SERVER_ERROR;