Ajout paramètre pour définir l'acr_value
This commit is contained in:
parent
6c51a2b17f
commit
cfc8158103
@ -6,6 +6,7 @@ import (
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/dchest/uniuri"
|
||||
"github.com/pkg/errors"
|
||||
@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider {
|
||||
|
||||
func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
conf := config.Must(ctn)
|
||||
|
||||
sess, err := session.Must(ctn).Get(w, r)
|
||||
if err != nil {
|
||||
@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
authCodeOptions := []oauth2.AuthCodeOption{}
|
||||
authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
|
||||
if conf.OIDC.AcrValues != "" {
|
||||
authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues))
|
||||
}
|
||||
|
||||
authCodeURL := c.oauth2.AuthCodeURL(
|
||||
state,
|
||||
authCodeOptions...,
|
||||
|
@ -14,9 +14,10 @@ services:
|
||||
- HTTP_ADDRESS=0.0.0.0:3002
|
||||
- OIDC_CLIENT_ID=local-test
|
||||
- OIDC_CLIENT_SECRET=local-test
|
||||
- OIDC_ISSUER_URL=
|
||||
- OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/
|
||||
- OIDC_REDIRECT_URL=http://localhost:3002
|
||||
- OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002
|
||||
- OIDC_ACR_VALUES=
|
||||
ports:
|
||||
- 3002:3002
|
||||
network_mode: host
|
||||
|
@ -54,6 +54,7 @@ type OIDCConfig struct {
|
||||
RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"`
|
||||
PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
|
||||
InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
|
||||
AcrValues string `ymal:"acrValues" env:"OIDC_ACR_VALUES"`
|
||||
}
|
||||
|
||||
type LogConfig struct {
|
||||
@ -88,6 +89,7 @@ func NewDefault() *Config {
|
||||
RedirectURL: "http://localhost:3002/oauth2/callback",
|
||||
PostLogoutRedirectURL: "http://localhost:3002",
|
||||
InsecureSkipVerify: false,
|
||||
AcrValues: "",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user