Cadoles
/
goweb-oidc
10
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

feat: configurable scopes and issuer check skipping

This commit is contained in:
wpetit 2023-11-06 15:57:27 +01:00
parent 000b7c8cf4
commit e16b905bca
4 changed files with 33 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client.go
View File

@ -190,6 +190,7 @@ func NewClient(opts ...OptionFunc) *Client {
verifier := opt.Provider.Verifier(&oidc.Config{ verifier := opt.Provider.Verifier(&oidc.Config{
ClientID: opt.ClientID, ClientID: opt.ClientID,
SkipIssuerCheck: opt.SkipIssuerCheck,
}) })
return &Client{oauth2, opt.Provider, verifier, opt.AcrValues} return &Client{oauth2, opt.Provider, verifier, opt.AcrValues}

3
cmd/server/container.go
View File

@ -92,8 +92,9 @@ func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Con
ctn.Provide(oidc.ServiceName, oidc.ServiceProvider( ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret), oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
oidc.WithProvider(provider), oidc.WithProvider(provider),
oidc.WithScopes("email", "openid"), oidc.WithScopes(conf.OIDC.Scopes...),
oidc.WithAcrValues(conf.OIDC.AcrValues), oidc.WithAcrValues(conf.OIDC.AcrValues),
oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),
)) ))
return ctn, nil return ctn, nil

3
internal/config/config.go
View File

@ -56,6 +56,7 @@ type OIDCConfig struct {
InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"` AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
SkipIssuerVerification bool `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"` SkipIssuerVerification bool `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"`
Scopes []string `yaml:"scopes" env:"OIDC_SCOPES"`
} }
type LogConfig struct { type LogConfig struct {
@ -90,7 +91,9 @@ func NewDefault() *Config {
RedirectURL: "http://localhost:3002/oauth2/callback", RedirectURL: "http://localhost:3002/oauth2/callback",
PostLogoutRedirectURL: "http://localhost:3002", PostLogoutRedirectURL: "http://localhost:3002",
InsecureSkipVerify: false, InsecureSkipVerify: false,
SkipIssuerVerification: false,
AcrValues: "", AcrValues: "",
Scopes: []string{"openid", "email"},
}, },
} }
} }

7
option.go
View File

@ -15,6 +15,7 @@ type Option struct {
RedirectURL string RedirectURL string
Scopes []string Scopes []string
AcrValues string AcrValues string
SkipIssuerCheck bool
} }
func WithRedirectURL(url string) OptionFunc { func WithRedirectURL(url string) OptionFunc {
@ -42,6 +43,12 @@ func WithAcrValues(acrValues string) OptionFunc {
} }
} }
func WithSkipIssuerCheck(skip bool) OptionFunc {
return func(opt *Option) {
opt.SkipIssuerCheck = skip
}
}
func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) { func NewProvider(ctx context.Context, issuer string, skipIssuerVerification bool) (*oidc.Provider, error) {
if skipIssuerVerification { if skipIssuerVerification {
ctx = oidc.InsecureIssuerURLContext(ctx, issuer) ctx = oidc.InsecureIssuerURLContext(ctx, issuer)