Merge pull request 'Ajout paramètre pour définir l'acr_value' (#3) from acr_values into master

Reviewed-on: wpetit/goweb-oidc#3
2023-03-02 16:33:06 +01:00 · 2023-03-02 16:33:06 +01:00 · 927fdbce47
parent 6c51a2b17f fffd98d294
commit 927fdbce47
3 changed files with 11 additions and 2 deletions
--- a/client.go
+++ b/client.go
@ -6,6 +6,7 @@ import (
 	"net/url"
 	"strings"

+	"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
 	"github.com/coreos/go-oidc"
 	"github.com/dchest/uniuri"
 	"github.com/pkg/errors"
@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider {

 func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
 	ctn := container.Must(r.Context())
+	conf := config.Must(ctn)

 	sess, err := session.Must(ctn).Get(w, r)
 	if err != nil {
@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) {

 	authCodeOptions := []oauth2.AuthCodeOption{}
 	authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
+	if conf.OIDC.AcrValues != "" {
+		authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues))
+	}
+
 	authCodeURL := c.oauth2.AuthCodeURL(
 		state,
 		authCodeOptions...,
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -14,9 +14,10 @@ services:
      - HTTP_ADDRESS=0.0.0.0:3002
      - OIDC_CLIENT_ID=local-test
      - OIDC_CLIENT_SECRET=local-test
-      - OIDC_ISSUER_URL=
+      - OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/
      - OIDC_REDIRECT_URL=http://localhost:3002
      - OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002
+      - OIDC_ACR_VALUES=
    ports:
      - 3002:3002
    network_mode: host
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -53,7 +53,8 @@ type OIDCConfig struct {
 	IssuerURL             string `yaml:"issuerUrl"  env:"OIDC_ISSUER_URL"`
 	RedirectURL           string `yaml:"redirectUrl"  env:"OIDC_REDIRECT_URL"`
 	PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL"  env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
-	InsecureSkipVerify    bool   `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
+	InsecureSkipVerify    bool   `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
+	AcrValues             string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
 }

 type LogConfig struct {
@ -88,6 +89,7 @@ func NewDefault() *Config {
 			RedirectURL:           "http://localhost:3002/oauth2/callback",
 			PostLogoutRedirectURL: "http://localhost:3002",
 			InsecureSkipVerify:    false,
+			AcrValues:             "",
 		},
 	}
 }