package oidc import ( "time" "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn" "forge.cadoles.com/cadoles/bouncer/internal/store" "github.com/pkg/errors" ) const defaultCookieName = "_bouncer_authn_oidc" type LayerOptions struct { authn.LayerOptions OIDC OIDCOptions `mapstructure:"oidc"` Cookie CookieOptions `mapstructure:"cookie"` } type OIDCOptions struct { ClientID string `mapstructure:"clientId"` ClientSecret string `mapstructure:"clientSecret"` LoginCallbackPath string `mapstructure:"loginCallbackPath"` LogoutPath string `mapstructure:"logoutPath"` IssuerURL string `mapstructure:"issuerURL"` SkipIssuerVerification bool `mapstructure:"skipIssuerVerification"` PostLogoutRedirectURL string `mapstructure:"postLogoutRedirectURL"` Scopes []string `mapstructure:"scopes"` AuthParams map[string]string `mapstructure:"authParams"` } type CookieOptions struct { Name string `mapstructure:"name"` Domain string `mapstructure:"domain"` Path string `mapstructure:"path"` SameSite string `mapstructure:"sameSite"` Secure bool `mapstructure:"secure"` HTTPOnly bool `mapstructure:"httpOnly"` MaxAge time.Duration `mapstructure:"maxAge"` } func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) { layerOptions := LayerOptions{ LayerOptions: authn.DefaultLayerOptions(), OIDC: OIDCOptions{ LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback", LogoutPath: "/.bouncer/authn/oidc/%s/logout", Scopes: []string{"openid"}, }, Cookie: CookieOptions{ Name: defaultCookieName, Path: "/", HTTPOnly: true, MaxAge: time.Hour, }, } if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil { return nil, errors.WithStack(err) } return &layerOptions, nil }