Merge pull request #488 from spanglerco/authtype

mod_auth_openidc.c: set r->ap_auth_type when handling auth
OpenIDC · Sep 21, 2020 · 198eea3 · 198eea3
2 parents 386a3ec + cf73b9b
commit 198eea3
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+09/21/2020
+- populate AUTH_TYPE when performing authentication; thanks @spanglerco
+
 09/19/2020
 - enable authentication of sub-requests when the main request doesn't require
   authentication; thanks @spanglerco

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -3979,10 +3979,14 @@ static int oidc_check_mixed_userid_oauth(request_rec *r, oidc_cfg *c) {
 
 	/* get the bearer access token from the Authorization header */
 	const char *access_token = NULL;
-	if (oidc_oauth_get_bearer_token(r, &access_token) == TRUE)
+	if (oidc_oauth_get_bearer_token(r, &access_token) == TRUE) {
+
+		r->ap_auth_type = apr_pstrdup(r->pool, OIDC_AUTH_TYPE_OPENID_OAUTH20);
 		return oidc_oauth_check_userid(r, c, access_token);
+	}
 
 	/* no bearer token found: then treat this as a regular OIDC browser request */
+	r->ap_auth_type = apr_pstrdup(r->pool, OIDC_AUTH_TYPE_OPENID_CONNECT);
 	return oidc_check_userid_openidc(r, c);
 }
 
@@ -3999,22 +4003,26 @@ int oidc_check_user_id(request_rec *r) {
 			r->parsed_uri.path, r->args, ap_is_initial_req(r));
 
 	/* see if any authentication has been defined at all */
-	if (ap_auth_type(r) == NULL)
+	const char *current_auth = ap_auth_type(r);
+	if (current_auth == NULL)
 		return DECLINED;
 
 	/* see if we've configured OpenID Connect user authentication for this request */
-	if (apr_strnatcasecmp((const char *) ap_auth_type(r),
-			OIDC_AUTH_TYPE_OPENID_CONNECT) == 0)
+	if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_CONNECT) == 0) {
+
+		r->ap_auth_type = (char *)current_auth;
 		return oidc_check_userid_openidc(r, c);
+	}
 
 	/* see if we've configured OAuth 2.0 access control for this request */
-	if (apr_strnatcasecmp((const char *) ap_auth_type(r),
-			OIDC_AUTH_TYPE_OPENID_OAUTH20) == 0)
+	if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_OAUTH20) == 0) {
+
+		r->ap_auth_type = (char *)current_auth;
 		return oidc_oauth_check_userid(r, c, NULL);
+	}
 
 	/* see if we've configured "mixed mode" for this request */
-	if (apr_strnatcasecmp((const char *) ap_auth_type(r),
-			OIDC_AUTH_TYPE_OPENID_BOTH) == 0)
+	if (strcasecmp(current_auth, OIDC_AUTH_TYPE_OPENID_BOTH) == 0)
 		return oidc_check_mixed_userid_oauth(r, c);
 
 	/* this is not for us but for some other handler */