bouncer/internal/proxy/director/layer/authn/oidc/layer_options.go

71 lines
2.5 KiB
Go
Raw Normal View History

package oidc
import (
"time"
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
"forge.cadoles.com/cadoles/bouncer/internal/store"
"github.com/pkg/errors"
)
const defaultCookieName = "_bouncer_authn_oidc"
type LayerOptions struct {
authn.LayerOptions
OIDC OIDCOptions `mapstructure:"oidc"`
Cookie CookieOptions `mapstructure:"cookie"`
}
type OIDCOptions struct {
ClientID string `mapstructure:"clientId"`
ClientSecret string `mapstructure:"clientSecret"`
LoginCallbackURL string `mapstructure:"loginCallbackURL"`
MatchLoginCallbackURL string `mapstructure:"matchLoginCallbackURL"`
LogoutURL string `mapstructure:"logoutURL"`
MatchLogoutURL string `mapstructure:"matchLogoutURL"`
IssuerURL string `mapstructure:"issuerURL"`
SkipIssuerVerification bool `mapstructure:"skipIssuerVerification"`
PostLogoutRedirectURL string `mapstructure:"postLogoutRedirectURL"`
TLSInsecureSkipVerify bool `mapstructure:"tlsInsecureSkipVerify"`
Scopes []string `mapstructure:"scopes"`
AuthParams map[string]string `mapstructure:"authParams"`
}
type CookieOptions struct {
Name string `mapstructure:"name"`
Domain string `mapstructure:"domain"`
Path string `mapstructure:"path"`
SameSite string `mapstructure:"sameSite"`
Secure bool `mapstructure:"secure"`
HTTPOnly bool `mapstructure:"httpOnly"`
MaxAge time.Duration `mapstructure:"maxAge"`
}
func fromStoreOptions(storeOptions store.LayerOptions, baseURL string) (*LayerOptions, error) {
loginCallbackPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback"
logoutPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout"
layerOptions := LayerOptions{
LayerOptions: authn.DefaultLayerOptions(),
OIDC: OIDCOptions{
LoginCallbackURL: baseURL + loginCallbackPath,
MatchLoginCallbackURL: "*" + loginCallbackPath,
LogoutURL: baseURL + logoutPath,
MatchLogoutURL: "*" + logoutPath,
Scopes: []string{"openid"},
},
Cookie: CookieOptions{
Name: defaultCookieName,
Path: "/",
HTTPOnly: true,
MaxAge: time.Hour,
},
}
if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil {
return nil, errors.WithStack(err)
}
return &layerOptions, nil
}