Ajout paramètre pour définir l'acr_value #3

Merged
wpetit merged 2 commits from acr_values into master 2023-03-02 16:33:07 +01:00
3 changed files with 11 additions and 2 deletions

View File

@ -6,6 +6,7 @@ import (
"net/url" "net/url"
"strings" "strings"
"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
"github.com/coreos/go-oidc" "github.com/coreos/go-oidc"
"github.com/dchest/uniuri" "github.com/dchest/uniuri"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -30,6 +31,7 @@ func (c *Client) Provider() *oidc.Provider {
func (c *Client) Login(w http.ResponseWriter, r *http.Request) { func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
ctn := container.Must(r.Context()) ctn := container.Must(r.Context())
conf := config.Must(ctn)
sess, err := session.Must(ctn).Get(w, r) sess, err := session.Must(ctn).Get(w, r)
if err != nil { if err != nil {
@ -48,6 +50,10 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
authCodeOptions := []oauth2.AuthCodeOption{} authCodeOptions := []oauth2.AuthCodeOption{}
authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce)) authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
if conf.OIDC.AcrValues != "" {
authCodeOptions = append(authCodeOptions, oauth2.SetAuthURLParam("acr_values", conf.OIDC.AcrValues))
}
authCodeURL := c.oauth2.AuthCodeURL( authCodeURL := c.oauth2.AuthCodeURL(
state, state,
authCodeOptions..., authCodeOptions...,

View File

@ -14,9 +14,10 @@ services:
- HTTP_ADDRESS=0.0.0.0:3002 - HTTP_ADDRESS=0.0.0.0:3002
- OIDC_CLIENT_ID=local-test - OIDC_CLIENT_ID=local-test
- OIDC_CLIENT_SECRET=local-test - OIDC_CLIENT_SECRET=local-test
- OIDC_ISSUER_URL= - OIDC_ISSUER_URL=https://msedev.crous-toulouse.fr/auth/
- OIDC_REDIRECT_URL=http://localhost:3002 - OIDC_REDIRECT_URL=http://localhost:3002
- OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002 - OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:3002
- OIDC_ACR_VALUES=
ports: ports:
- 3002:3002 - 3002:3002
network_mode: host network_mode: host

View File

@ -53,7 +53,8 @@ type OIDCConfig struct {
IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"` IssuerURL string `yaml:"issuerUrl" env:"OIDC_ISSUER_URL"`
RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"` RedirectURL string `yaml:"redirectUrl" env:"OIDC_REDIRECT_URL"`
PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"` PostLogoutRedirectURL string `yaml:"postLogoutRedirectURL" env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
InsecureSkipVerify bool `ymal:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"` InsecureSkipVerify bool `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
AcrValues string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
} }
type LogConfig struct { type LogConfig struct {
@ -88,6 +89,7 @@ func NewDefault() *Config {
RedirectURL: "http://localhost:3002/oauth2/callback", RedirectURL: "http://localhost:3002/oauth2/callback",
PostLogoutRedirectURL: "http://localhost:3002", PostLogoutRedirectURL: "http://localhost:3002",
InsecureSkipVerify: false, InsecureSkipVerify: false,
AcrValues: "",
}, },
} }
} }