63 lines
2.0 KiB
Go
63 lines
2.0 KiB
Go
package oidc
|
|
|
|
import (
|
|
"time"
|
|
|
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
|
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
const defaultCookieName = "_bouncer_authn_oidc"
|
|
|
|
type LayerOptions struct {
|
|
authn.LayerOptions
|
|
OIDC OIDCOptions `mapstructure:"oidc"`
|
|
Cookie CookieOptions `mapstructure:"cookie"`
|
|
}
|
|
|
|
type OIDCOptions struct {
|
|
ClientID string `mapstructure:"clientId"`
|
|
ClientSecret string `mapstructure:"clientSecret"`
|
|
LoginCallbackPath string `mapstructure:"loginCallbackPath"`
|
|
LogoutPath string `mapstructure:"logoutPath"`
|
|
IssuerURL string `mapstructure:"issuerURL"`
|
|
SkipIssuerVerification bool `mapstructure:"skipIssuerVerification"`
|
|
PostLogoutRedirectURL string `mapstructure:"postLogoutRedirectURL"`
|
|
Scopes []string `mapstructure:"scopes"`
|
|
AuthParams map[string]string `mapstructure:"authParams"`
|
|
}
|
|
|
|
type CookieOptions struct {
|
|
Name string `mapstructure:"name"`
|
|
Domain string `mapstructure:"domain"`
|
|
Path string `mapstructure:"path"`
|
|
SameSite string `mapstructure:"sameSite"`
|
|
Secure bool `mapstructure:"secure"`
|
|
HTTPOnly bool `mapstructure:"httpOnly"`
|
|
MaxAge time.Duration `mapstructure:"maxAge"`
|
|
}
|
|
|
|
func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
|
|
layerOptions := LayerOptions{
|
|
LayerOptions: authn.DefaultLayerOptions(),
|
|
OIDC: OIDCOptions{
|
|
LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
|
|
LogoutPath: "/.bouncer/authn/oidc/%s/logout",
|
|
Scopes: []string{"openid"},
|
|
},
|
|
Cookie: CookieOptions{
|
|
Name: defaultCookieName,
|
|
Path: "/",
|
|
HTTPOnly: true,
|
|
MaxAge: time.Hour,
|
|
},
|
|
}
|
|
|
|
if err := authn.FromStoreOptions(storeOptions, &layerOptions); err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return &layerOptions, nil
|
|
}
|