/
oidc.go
73 lines (62 loc) · 1.79 KB
/
oidc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package config
import (
"golang.ngrok.com/ngrok/internal/pb"
"golang.ngrok.com/ngrok/internal/tunnel/proto"
)
type OIDCOption func(cfg *oidcOptions)
type oidcOptions struct {
IssuerURL string
ClientID string
ClientSecret proto.ObfuscatedString
AllowEmails []string
AllowDomains []string
Scopes []string
}
func (oidc *oidcOptions) toProtoConfig() *pb.MiddlewareConfiguration_OIDC {
if oidc == nil {
return nil
}
return &pb.MiddlewareConfiguration_OIDC{
IssuerUrl: oidc.IssuerURL,
ClientId: oidc.ClientID,
ClientSecret: oidc.ClientSecret.PlainText(),
AllowEmails: oidc.AllowEmails,
AllowDomains: oidc.AllowDomains,
Scopes: oidc.Scopes,
}
}
// WithOIDC configures this edge with the the given OIDC provider.
// Overwrites any previously-set OIDC configuration.
//
// https://ngrok.com/docs/http/openid-connect/
func WithOIDC(issuerURL string, clientID string, clientSecret string, opts ...OIDCOption) HTTPEndpointOption {
return httpOptionFunc(func(cfg *httpOptions) {
oidc := &oidcOptions{
IssuerURL: issuerURL,
ClientID: clientID,
ClientSecret: proto.ObfuscatedString(clientSecret),
}
for _, opt := range opts {
opt(oidc)
}
cfg.OIDC = oidc
})
}
// Append email addresses to the list of allowed emails.
func WithAllowOIDCEmail(addr ...string) OIDCOption {
return func(cfg *oidcOptions) {
cfg.AllowEmails = append(cfg.AllowEmails, addr...)
}
}
// Append email domains to the list of allowed domains.
func WithAllowOIDCDomain(domain ...string) OIDCOption {
return func(cfg *oidcOptions) {
cfg.AllowDomains = append(cfg.AllowDomains, domain...)
}
}
// Append scopes to the list of scopes to request.
func WithOIDCScope(scope ...string) OIDCOption {
return func(cfg *oidcOptions) {
cfg.Scopes = append(cfg.Scopes, scope...)
}
}