package oidc import ( "time" "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn" "forge.cadoles.com/cadoles/bouncer/internal/store" "github.com/pkg/errors" ) const defaultCookieName = "_bouncer_authn_oidc" type LayerOptions struct { authn.LayerOptions OIDC OIDCOptions `mapstructure:"oidc"` Cookie CookieOptions `mapstructure:"cookie"` } type OIDCOptions struct { ClientID string `mapstructure:"clientId"` ClientSecret string `mapstructure:"clientSecret"` LoginCallbackURL string `mapstructure:"loginCallbackURL"` MatchLoginCallbackURL string `mapstructure:"matchLoginCallbackURL"` LogoutURL string `mapstructure:"logoutURL"` MatchLogoutURL string `mapstructure:"matchLogoutURL"` IssuerURL string `mapstructure:"issuerURL"` SkipIssuerVerification bool `mapstructure:"skipIssuerVerification"` PostLogoutRedirectURL string `mapstructure:"postLogoutRedirectURL"` TLSInsecureSkipVerify bool `mapstructure:"tlsInsecureSkipVerify"` Scopes []string `mapstructure:"scopes"` AuthParams map[string]string `mapstructure:"authParams"` } type CookieOptions struct { Name string `mapstructure:"name"` Domain string `mapstructure:"domain"` Path string `mapstructure:"path"` SameSite string `mapstructure:"sameSite"` Secure bool `mapstructure:"secure"` HTTPOnly bool `mapstructure:"httpOnly"` MaxAge time.Duration `mapstructure:"maxAge"` } func fromStoreOptions(storeOptions store.LayerOptions, baseURL string) (*LayerOptions, error) { loginCallbackPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback" logoutPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout" layerOptions := LayerOptions{ LayerOptions: authn.DefaultLayerOptions(), OIDC: OIDCOptions{ LoginCallbackURL: baseURL + loginCallbackPath, MatchLoginCallbackURL: "*" + loginCallbackPath, LogoutURL: baseURL + logoutPath, MatchLogoutURL: "*" + logoutPath, Scopes: []string{"openid"}, }, Cookie: CookieOptions{ Name: defaultCookieName, Path: "/", HTTPOnly: true, MaxAge: time.Hour, }, } if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil { return nil, errors.WithStack(err) } return &layerOptions, nil }