94 lines
3.3 KiB
Go
94 lines
3.3 KiB
Go
// Copyright © 2023 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package hydra
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"k8s.io/utils/ptr"
|
|
|
|
hydrav1alpha1 "github.com/ory/hydra-maester/api/v1alpha1"
|
|
)
|
|
|
|
// OAuth2ClientJSON represents an OAuth2 client digestible by ORY Hydra
|
|
type OAuth2ClientJSON struct {
|
|
ClientName string `json:"client_name,omitempty"`
|
|
ClientID *string `json:"client_id,omitempty"`
|
|
Secret *string `json:"client_secret,omitempty"`
|
|
GrantTypes []string `json:"grant_types"`
|
|
RedirectURIs []string `json:"redirect_uris,omitempty"`
|
|
PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"`
|
|
AllowedCorsOrigins []string `json:"allowed_cors_origins,omitempty"`
|
|
ResponseTypes []string `json:"response_types,omitempty"`
|
|
Audience []string `json:"audience,omitempty"`
|
|
Scope string `json:"scope"`
|
|
SkipConsent bool `json:"skip_consent,omitempty"`
|
|
Owner string `json:"owner"`
|
|
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
|
|
Metadata json.RawMessage `json:"metadata,omitempty"`
|
|
}
|
|
|
|
// Oauth2ClientCredentials represents client ID and password fetched from a
|
|
// Kubernetes secret
|
|
type Oauth2ClientCredentials struct {
|
|
ID []byte
|
|
Password []byte
|
|
}
|
|
|
|
func (oj *OAuth2ClientJSON) WithCredentials(credentials *Oauth2ClientCredentials) *OAuth2ClientJSON {
|
|
oj.ClientID = ptr.To(string(credentials.ID))
|
|
if credentials.Password != nil {
|
|
oj.Secret = ptr.To(string(credentials.Password))
|
|
}
|
|
return oj
|
|
}
|
|
|
|
// FromOAuth2Client converts an OAuth2Client into a OAuth2ClientJSON object that represents an OAuth2 InternalClient digestible by ORY Hydra
|
|
func FromOAuth2Client(c *hydrav1alpha1.OAuth2Client) (*OAuth2ClientJSON, error) {
|
|
meta, err := json.Marshal(c.Spec.Metadata)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to encode `metadata` property value to json: %w", err)
|
|
}
|
|
|
|
return &OAuth2ClientJSON{
|
|
ClientName: c.Spec.ClientName,
|
|
GrantTypes: grantToStringSlice(c.Spec.GrantTypes),
|
|
ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes),
|
|
RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs),
|
|
PostLogoutRedirectURIs: redirectToStringSlice(c.Spec.PostLogoutRedirectURIs),
|
|
AllowedCorsOrigins: redirectToStringSlice(c.Spec.AllowedCorsOrigins),
|
|
Audience: c.Spec.Audience,
|
|
Scope: c.Spec.Scope,
|
|
SkipConsent: c.Spec.SkipConsent,
|
|
Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace),
|
|
TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod),
|
|
Metadata: meta,
|
|
}, nil
|
|
}
|
|
|
|
func responseToStringSlice(rt []hydrav1alpha1.ResponseType) []string {
|
|
var output = make([]string, len(rt))
|
|
for i, elem := range rt {
|
|
output[i] = string(elem)
|
|
}
|
|
return output
|
|
}
|
|
|
|
func grantToStringSlice(gt []hydrav1alpha1.GrantType) []string {
|
|
var output = make([]string, len(gt))
|
|
for i, elem := range gt {
|
|
output[i] = string(elem)
|
|
}
|
|
return output
|
|
}
|
|
|
|
func redirectToStringSlice(ru []hydrav1alpha1.RedirectURI) []string {
|
|
var output = make([]string, len(ru))
|
|
for i, elem := range ru {
|
|
output[i] = string(elem)
|
|
}
|
|
return output
|
|
}
|