@@ -765,6 +765,8 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) {
765765 s .withClientFromStorage (w , r , s .handleRefreshToken )
766766 case grantTypePassword :
767767 s .withClientFromStorage (w , r , s .handlePasswordGrant )
768+ case grantTypeClientCredentials :
769+ s .withClientFromStorage (w , r , s .handleClientCredentialsGrant )
768770 default :
769771 s .tokenErrHelper (w , errUnsupportedGrantType , "" , http .StatusBadRequest )
770772 }
@@ -1015,6 +1017,29 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
10151017 w .Write (claims )
10161018}
10171019
1020+ func (s * Server ) handleClientCredentialsGrant (w http.ResponseWriter , r * http.Request , client storage.Client ) {
1021+ if err := r .ParseForm (); err != nil {
1022+ s .tokenErrHelper (w , errInvalidRequest , "Couldn't parse data" , http .StatusBadRequest )
1023+ return
1024+ }
1025+ q := r .Form
1026+
1027+ nonce := q .Get ("nonce" )
1028+ scopes := strings .Fields (q .Get ("scope" ))
1029+
1030+ claims := storage.Claims {UserID : client .ID }
1031+
1032+ accessToken := storage .NewID ()
1033+ idToken , expiry , err := s .newIDToken (client .ID , claims , scopes , nonce , accessToken , "" , "client" )
1034+ if err != nil {
1035+ s .tokenErrHelper (w , errServerError , fmt .Sprintf ("failed to create ID token: %v" , err ), http .StatusInternalServerError )
1036+ return
1037+ }
1038+
1039+ resp := s .toAccessTokenResponse (idToken , accessToken , "" , expiry )
1040+ s .writeAccessToken (w , resp )
1041+ }
1042+
10181043func (s * Server ) handlePasswordGrant (w http.ResponseWriter , r * http.Request , client storage.Client ) {
10191044 // Parse the fields
10201045 if err := r .ParseForm (); err != nil {
0 commit comments