+static void
+token_cont(struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ //TODO static strings
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode cache_key;
+ char *authorization, *cache_authorization, *jwt;
+ char delimiter[]=" ";
+ json_t *cache_object;
+ json_error_t error;
+ char *grant_type, *code, *expected_jwt, *redirect_uri, *expected_redirect_uri;
+
+ handle->oidc->post_object = json_loads (handle->rest_handle->data, 0, &error);
+ //Check Authorization Header
+ GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
+ &cache_key);
+ if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
+ &cache_key) )
+ {
+ //error
+ }
+ authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
+ //split JWT in "Base" and [content]
+ cache_authorization = GNUNET_strdup (authorization);
+ jwt = strtok(cache_authorization,delimiter);
+ if( NULL != jwt)
+ {
+ jwt = strtok(jwt, delimiter);
+ GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", jwt);
+ }
+
+ cache_object = json_object_get (handle->oidc->post_object, "grant_type");
+ if ( NULL == cache_object || !json_is_string(cache_object) )
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter grant_type");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ grant_type = json_string_value (cache_object);
+
+ //Check parameter grant_type == "authorization_code"
+ if (0 != strcmp("authorization_code", grant_type))
+ {
+ //error
+ }
+
+ cache_object = json_object_get (handle->oidc->post_object, "code");
+ if ( NULL == cache_object || !json_is_string(cache_object) )
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter code");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ code = json_string_value (cache_object);
+
+ // lookup code in grants_hashmap and check if [content] is same
+ GNUNET_CRYPTO_hash(code, strlen(code), &cache_key);
+ if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_grants, &cache_key) )
+ {
+ //error
+ }
+ expected_jwt = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_grants, &cache_key);
+
+ if (0 != strcmp(expected_jwt,jwt))
+ {
+ //error
+ }
+
+ cache_object = json_object_get (handle->oidc->post_object, "redirect_uri");
+ if ( NULL == cache_object || !json_is_string(cache_object) )
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter code");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ redirect_uri = json_string_value (cache_object);
+
+ // check redirect_uri
+ // jwt breakdown to iss or sub
+
+// GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", iss);
+// // verify the redirect uri matches https://<client_id>.zkey[/xyz]
+// if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) )
+// {
+// handle->emsg=GNUNET_strdup("invalid_request");
+// handle->edesc=GNUNET_strdup("Invalid redirect_uri");
+// GNUNET_SCHEDULER_add_now (&do_error, handle);
+// GNUNET_free(expected_redirect_uri);
+// return;
+// }
+// handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri);
+// GNUNET_free(expected_redirect_uri);
+
+
+ //do we need the client_id?
+
+ GNUNET_free(cache_authorization);
+ decref(handle->oidc->post_object);
+}
+