diff --git a/client.go b/client.go index f856c0b..2522672 100644 --- a/client.go +++ b/client.go @@ -6,6 +6,7 @@ import ( "net/url" "strings" + "forge.cadoles.com/wpetit/goweb-oidc/internal/config" "github.com/coreos/go-oidc" "github.com/dchest/uniuri" "github.com/pkg/errors" @@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider { func (c *Client) Login(w http.ResponseWriter, r *http.Request) { ctn := container.Must(r.Context()) + conf := config.Must(ctn) sess, err := session.Must(ctn).Get(w, r) if err != nil { @@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) { authCodeOptions := []oauth2.AuthCodeOption{} authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce)) + if conf.OIDC.AcrValues != "" { + authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues)) + } + authCodeURL := c.oauth2.AuthCodeURL( state, authCodeOptions..., diff --git a/docker-compose.yml b/docker-compose.yml index f4d3dd3..e16f643 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,9 +14,10 @@ services: - HTTP_ADDRESS=0.0.0.0:3002 - OIDC_CLIENT_ID=local-test - OIDC_CLIENT_SECRET=local-test - - OIDC_ISSUER_URL= + - OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/ - OIDC_REDIRECT_URL=http://localhost:3002 - OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002 + - OIDC_ACR_VALUES= ports: - 3002:3002 network_mode: host diff --git a/internal/config/config.go b/internal/config/config.go index 48f0a8c..3b7caae 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -53,7 +53,8 @@ type OIDCConfig struct { IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"` RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"` PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"` - InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` + InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` + AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"` } type LogConfig struct { @@ -88,6 +89,7 @@ func NewDefault() *Config { RedirectURL: "http://localhost:3002/oauth2/callback", PostLogoutRedirectURL: "http://localhost:3002", InsecureSkipVerify: false, + AcrValues: "", }, } }