-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
79 lines (68 loc) · 2.81 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
// Copyright (C) 2021 Mya Pitzeruse
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package oidcauth
import (
"context"
"net"
"net/http"
"time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/urfave/cli/v2"
"github.com/mjpitz/myago/livetls"
)
// Issuer defines data needed to establish a connection to an issuer.
type Issuer struct {
ServerURL string `json:"server_url" usage:"the address of the server where user authentication is performed"`
CertificateAuthority string `json:"certificate_authority" usage:"path pointing to a file containing the certificate authority data for the server"`
}
func (i Issuer) Provider(ctx context.Context) (*oidc.Provider, error) {
tlsConfig, err := livetls.New(ctx, livetls.Config{
Enable: len(i.CertificateAuthority) > 0,
CAFile: i.CertificateAuthority,
})
if err != nil {
return nil, err
}
if tlsConfig != nil {
ctx = oidc.ClientContext(ctx, &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
TLSClientConfig: tlsConfig,
},
})
}
return oidc.NewProvider(ctx, i.ServerURL)
}
// Config defines the information needed for an application to obtain an identity token from a provider.
type Config struct {
Issuer Issuer `json:"issuer"`
ClientID string `json:"client_id" usage:"the client_id associated with this service"`
ClientSecret string `json:"client_secret" usage:"the client_secret associated with this service"`
RedirectURL string `json:"redirect_url" usage:"the redirect_url used by this service to obtain a token"`
Scopes *cli.StringSlice `json:"scopes" usage:"specify the scopes that this authorization requires" default:"openid,profile,email"`
}
// ClientConfig encapsulates the information needed to establish a client connection to an identity provider.
type ClientConfig struct {
Issuer Issuer `json:"issuer"`
}