From cfc815810386d107f9420c0c9eb004e8527b456c Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Thu, 2 Mar 2023 16:21:34 +0100 Subject: [PATCH 1/2] =?UTF-8?q?Ajout=20param=C3=A8tre=20pour=20d=C3=A9fini?= =?UTF-8?q?r=20l'acr=5Fvalue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- client.go | 6 ++++++ docker-compose.yml | 3 ++- internal/config/config.go | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/client.go b/client.go index f856c0b..2522672 100644 --- a/client.go +++ b/client.go @@ -6,6 +6,7 @@ import ( "net/url" "strings" + "forge.cadoles.com/wpetit/goweb-oidc/internal/config" "github.com/coreos/go-oidc" "github.com/dchest/uniuri" "github.com/pkg/errors" @@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider { func (c *Client) Login(w http.ResponseWriter, r *http.Request) { ctn := container.Must(r.Context()) + conf := config.Must(ctn) sess, err := session.Must(ctn).Get(w, r) if err != nil { @@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) { authCodeOptions := []oauth2.AuthCodeOption{} authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce)) + if conf.OIDC.AcrValues != "" { + authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues)) + } + authCodeURL := c.oauth2.AuthCodeURL( state, authCodeOptions..., diff --git a/docker-compose.yml b/docker-compose.yml index f4d3dd3..e16f643 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,9 +14,10 @@ services: - HTTP_ADDRESS=0.0.0.0:3002 - OIDC_CLIENT_ID=local-test - OIDC_CLIENT_SECRET=local-test - - OIDC_ISSUER_URL= + - OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/ - OIDC_REDIRECT_URL=http://localhost:3002 - OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002 + - OIDC_ACR_VALUES= ports: - 3002:3002 network_mode: host diff --git a/internal/config/config.go b/internal/config/config.go index 48f0a8c..400f5db 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -54,6 +54,7 @@ type OIDCConfig struct { RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"` PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"` InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` + AcrValues string `ymal:"acrValues" env:"OIDC_ACR_VALUES"` } type LogConfig struct { @@ -88,6 +89,7 @@ func NewDefault() *Config { RedirectURL: "http://localhost:3002/oauth2/callback", PostLogoutRedirectURL: "http://localhost:3002", InsecureSkipVerify: false, + AcrValues: "", }, } } -- 2.17.1 From fffd98d294afd8b7f9191cff44fbc5f26082b3ac Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Thu, 2 Mar 2023 16:32:23 +0100 Subject: [PATCH 2/2] typo --- internal/config/config.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 400f5db..3b7caae 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -53,8 +53,8 @@ type OIDCConfig struct { IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"` RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"` PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"` - InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` - AcrValues string `ymal:"acrValues" env:"OIDC_ACR_VALUES"` + InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` + AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"` } type LogConfig struct { -- 2.17.1