Cadoles
/
goweb-oidc
10
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

feat: configurable scopes and issuer check skipping

This commit is contained in:
wpetit 2023-11-06 15:57:27 +01:00
parent 000b7c8cf4
commit e16b905bca
4 changed files with 33 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
client.go
View File

@ -189,7 +189,8 @@ func NewClient(opts ...OptionFunc) *Client {
}
verifier := opt.Provider.Verifier(&oidc.Config{
ClientID: opt.ClientID,
ClientID: opt.ClientID,
SkipIssuerCheck: opt.SkipIssuerCheck,
})
return &Client{oauth2, opt.Provider, verifier, opt.AcrValues}

3
cmd/server/container.go
View File

@ -92,8 +92,9 @@ func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Con
ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
oidc.WithProvider(provider),
oidc.WithScopes("email", "openid"),
oidc.WithScopes(conf.OIDC.Scopes...),
oidc.WithAcrValues(conf.OIDC.AcrValues),
oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),
))
return ctn, nil

29
internal/config/config.go
View File

@ -48,14 +48,15 @@ type HTTPConfig struct {
}
type OIDCConfig struct {
ClientID string `yaml:"clientId" env:"OIDC_CLIENT_ID"`
ClientSecret string `yaml:"clientSecret" env:"OIDC_CLIENT_SECRET"`
IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"`
RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"`
PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
SkipIssuerVerification bool `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"`
ClientID string `yaml:"clientId" env:"OIDC_CLIENT_ID"`
ClientSecret string `yaml:"clientSecret" env:"OIDC_CLIENT_SECRET"`
IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"`
RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"`
PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
SkipIssuerVerification bool `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"`
Scopes []string `yaml:"scopes" env:"OIDC_SCOPES"`
}
type LogConfig struct {
@ -86,11 +87,13 @@ func NewDefault() *Config {
PublicDir: "public",
},
OIDC: OIDCConfig{
IssuerURL: "http://localhost:4444/",
RedirectURL: "http://localhost:3002/oauth2/callback",
PostLogoutRedirectURL: "http://localhost:3002",
InsecureSkipVerify: false,
AcrValues: "",
IssuerURL: "http://localhost:4444/",
RedirectURL: "http://localhost:3002/oauth2/callback",
PostLogoutRedirectURL: "http://localhost:3002",
InsecureSkipVerify: false,
SkipIssuerVerification: false,
AcrValues: "",
Scopes: []string{"openid", "email"},
},
}
}

19
option.go
View File

@ -9,12 +9,13 @@ import (
type OptionFunc func(*Option)
type Option struct {
Provider *oidc.Provider
ClientID string
ClientSecret string
RedirectURL string
Scopes []string
AcrValues string
Provider *oidc.Provider
ClientID string
ClientSecret string
RedirectURL string
Scopes []string
AcrValues string
SkipIssuerCheck bool
}
func WithRedirectURL(url string) OptionFunc {
@ -42,6 +43,12 @@ func WithAcrValues(acrValues string) OptionFunc {
}
}
func WithSkipIssuerCheck(skip bool) OptionFunc {
return func(opt *Option) {
opt.SkipIssuerCheck = skip
}
}
func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) {
if skipIssuerVerification {
ctx = oidc.InsecureIssuerURLContext(ctx, issuer)