/
oidcConfig.go
71 lines (61 loc) · 2.3 KB
/
oidcConfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package ssolib
import (
"encoding/json"
"net/http"
"reflect"
"sort"
"strings"
"github.com/RangelReale/osin"
"github.com/mijia/sweb/log"
"golang.org/x/net/context"
)
const (
OPENID_SCOPE = "openid"
ID_TOKEN = "id_token"
)
const (
TOKEN_IDTOKEN osin.AuthorizeRequestType = "token id_token"
)
// TODO 完整的 openid-configuration
type OIDC_Configuration struct {
Issuer string `json:"issuer"`
AuthEnd string `json:"authorization_endpoint"`
TokenEnd string `json:"token_endpoint"`
UserInfoEnd string `json:"userinfo_endpoint"`
JwksUri string `json:"jwks_uri"`
ResponseTypeSupported []osin.AuthorizeRequestType `json:"response_types_supported"`
ScopesSupported []string `json:"scopes_supported"`
ClaimsSupported []string `json:"claims_supported"`
}
func (s *Server) OidcConfig(ctx context.Context, w http.ResponseWriter, r *http.Request) context.Context {
log.Debug("openid connect config request")
ret := s.NewOidcConfig(ctx)
retjson, _ := json.Marshal(ret)
w.Header().Set("Access-Control-Allow-Origin", "*")
w.WriteHeader(http.StatusOK)
w.Write(retjson)
return ctx
}
func (s *Server) NewOidcConfig(ctx context.Context) *OIDC_Configuration {
mctx := getModelContext(ctx)
ssoname := mctx.SSOSiteURL.String()
ret := &OIDC_Configuration{}
ret.Issuer = ssoname
// TODO 去掉这些硬编码以及 server.go 里的
ret.AuthEnd = ssoname + "/oauth2/auth"
ret.TokenEnd = ssoname + "/oauth2/token"
ret.JwksUri = ssoname + "/oauth2/certs"
ret.UserInfoEnd = ssoname + "/oauth2/userinfo"
ret.ScopesSupported = []string{"profile", "email", "phone", "openid", "write:app", "read:app", "read:user", "write:user", "write:group", "read:group"}
//TODO amr
ret.ClaimsSupported = []string{"iss", "sub", "aud", "iat", "exp", "name", "email", "phone_number", "nonce", "at_hash"}
ret.ResponseTypeSupported = getOAuth2Provider(ctx).Config.AllowedAuthorizeTypes
return ret
}
func IsAuthorizeRequestTypeEqual(t1, t2 osin.AuthorizeRequestType) bool {
t1s := strings.Split(string(t1), " ")
sort.Strings(t1s)
t2s := strings.Split(string(t2), " ")
sort.Strings(t2s)
return reflect.DeepEqual(t1s, t2s)
}