Merge pull request 'Ajout paramètre pour définir l'acr_value' (#3) from acr_values into master

Reviewed-on: wpetit/goweb-oidc#3
This commit is contained in:
wpetit 2023-03-02 16:33:06 +01:00
commit 927fdbce47
3 changed files with 11 additions and 2 deletions

View File

@ -6,6 +6,7 @@ import (
"net/url"
"strings"
"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
"github.com/coreos/go-oidc"
"github.com/dchest/uniuri"
"github.com/pkg/errors"
@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider {
func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
ctn := container.Must(r.Context())
conf := config.Must(ctn)
sess, err := session.Must(ctn).Get(w, r)
if err != nil {
@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
authCodeOptions := []oauth2.AuthCodeOption{}
authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
if conf.OIDC.AcrValues != "" {
authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues))
}
authCodeURL := c.oauth2.AuthCodeURL(
state,
authCodeOptions...,

View File

@ -14,9 +14,10 @@ services:
- HTTP_ADDRESS=0.0.0.0:3002
- OIDC_CLIENT_ID=local-test
- OIDC_CLIENT_SECRET=local-test
- OIDC_ISSUER_URL=
- OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/
- OIDC_REDIRECT_URL=http://localhost:3002
- OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002
- OIDC_ACR_VALUES=
ports:
- 3002:3002
network_mode: host

View File

@ -53,7 +53,8 @@ type OIDCConfig struct {
IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"`
RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"`
PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
}
type LogConfig struct {
@ -88,6 +89,7 @@ func NewDefault() *Config {
RedirectURL: "http://localhost:3002/oauth2/callback",
PostLogoutRedirectURL: "http://localhost:3002",
InsecureSkipVerify: false,
AcrValues: "",
},
}
}