in pkg/sts/sts.go [507:549]
func (s *STS) validateStsRequest(req *http.Request) (StsRequestParameters, error) {
reqParam := StsRequestParameters{}
if req == nil {
return reqParam, errors.New("request is nil")
}
//if stsServerLog.DebugEnabled() {
// reqDump, _ := httputil.DumpRequest(req, true)
// stsServerLog.Debugf("Received STS request: %s", string(reqDump))
//}
if req.Method != "POST" {
return reqParam, fmt.Errorf("request method is invalid, should be POST but get %s", req.Method)
}
if req.Header.Get("Content-Type") != URLEncodedForm {
return reqParam, fmt.Errorf("request content type is invalid, should be %s but get %s", URLEncodedForm,
req.Header.Get("Content-type"))
}
if parseErr := req.ParseForm(); parseErr != nil {
return reqParam, fmt.Errorf("failed to parse query from STS request: %v", parseErr)
}
if req.PostForm.Get("grant_type") != TokenExchangeGrantType {
return reqParam, fmt.Errorf("request query grant_type is invalid, should be %s but get %s",
TokenExchangeGrantType, req.PostForm.Get("grant_type"))
}
// Only a JWT token is accepted.
if req.PostForm.Get("subject_token") == "" {
return reqParam, errors.New("subject_token is empty")
}
if req.PostForm.Get("subject_token_type") != SubjectTokenType {
return reqParam, fmt.Errorf("subject_token_type is invalid, should be %s but get %s",
SubjectTokenType, req.PostForm.Get("subject_token_type"))
}
reqParam.GrantType = req.PostForm.Get("grant_type")
reqParam.Resource = req.PostForm.Get("resource")
reqParam.Audience = req.PostForm.Get("audience")
reqParam.Scope = req.PostForm.Get("scope")
reqParam.RequestedTokenType = req.PostForm.Get("requested_token_type")
reqParam.SubjectToken = req.PostForm.Get("subject_token")
reqParam.SubjectTokenType = req.PostForm.Get("subject_token_type")
reqParam.ActorToken = req.PostForm.Get("actor_token")
reqParam.ActorTokenType = req.PostForm.Get("actor_token_type")
return reqParam, nil
}