bouncer/internal/proxy/director/layer/authn/oidc/client_options.go

package oidc

import (
	"context"
	"net/http"

	"github.com/coreos/go-oidc/v3/oidc"
)

type ClientOptions struct {
	Provider        *oidc.Provider
	ClientID        string
	ClientSecret    string
	RedirectURL     string
	Scopes          []string
	AuthParams      map[string]string
	SkipIssuerCheck bool
	HTTPClient      *http.Client
}

type ClientOptionFunc func(*ClientOptions)

func WithRedirectURL(url string) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.RedirectURL = url
	}
}

func WithCredentials(clientID, clientSecret string) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.ClientID = clientID
		opt.ClientSecret = clientSecret
	}
}

func WithScopes(scopes ...string) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.Scopes = scopes
	}
}

func WithAuthParams(params map[string]string) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.AuthParams = params
	}
}

func WithSkipIssuerCheck(skip bool) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.SkipIssuerCheck = skip
	}
}

func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) {
	if skipIssuerVerification {
		ctx = oidc.InsecureIssuerURLContext(ctx, issuer)
	}

	return oidc.NewProvider(ctx, issuer)
}

func WithProvider(provider *oidc.Provider) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.Provider = provider
	}
}

func WithHTTPClient(client *http.Client) ClientOptionFunc {
	return func(opt *ClientOptions) {
		opt.HTTPClient = client
	}
}

func NewClientOptions(funcs ...ClientOptionFunc) *ClientOptions {
	opt := &ClientOptions{
		Scopes:     []string{oidc.ScopeOpenID, "profile"},
		HTTPClient: http.DefaultClient,
	}

	for _, f := range funcs {
		f(opt)
	}

	return opt
}