feat: new openid connect authentication layer

2024-04-12 16:41:11 +02:00
parent bb5796ab8c
commit de70fa89f7
42 changed files with 2155 additions and 62 deletions
--- a/internal/proxy/director/layer/authn/oidc/client_options.go
+++ b/internal/proxy/director/layer/authn/oidc/client_options.go
@ -0,0 +1,76 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+)
+
+type ClientOptions struct {
+	Provider        *oidc.Provider
+	ClientID        string
+	ClientSecret    string
+	RedirectURL     string
+	Scopes          []string
+	AuthParams      map[string]string
+	SkipIssuerCheck bool
+}
+
+type ClientOptionFunc func(*ClientOptions)
+
+func WithRedirectURL(url string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.RedirectURL = url
+	}
+}
+
+func WithCredentials(clientID, clientSecret string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.ClientID = clientID
+		opt.ClientSecret = clientSecret
+	}
+}
+
+func WithScopes(scopes ...string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.Scopes = scopes
+	}
+}
+
+func WithAuthParams(params map[string]string) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.AuthParams = params
+	}
+}
+
+func WithSkipIssuerCheck(skip bool) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.SkipIssuerCheck = skip
+	}
+}
+
+func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) {
+	if skipIssuerVerification {
+		ctx = oidc.InsecureIssuerURLContext(ctx, issuer)
+	}
+
+	return oidc.NewProvider(ctx, issuer)
+}
+
+func WithProvider(provider *oidc.Provider) ClientOptionFunc {
+	return func(opt *ClientOptions) {
+		opt.Provider = provider
+	}
+}
+
+func NewClientOptions(funcs ...ClientOptionFunc) *ClientOptions {
+	opt := &ClientOptions{
+		Scopes: []string{oidc.ScopeOpenID, "profile"},
+	}
+
+	for _, f := range funcs {
+		f(opt)
+	}
+
+	return opt
+}