/
oidc.go
64 lines (53 loc) · 1.63 KB
/
oidc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package config
import (
"strings"
"github.com/coreos/go-oidc"
"github.com/oidc-proxy-ecosystem/proxy-server/utils"
"golang.org/x/oauth2"
)
type OidcConfig struct {
Scopes []string `yaml:"scopes"`
Provider string `yaml:"provider"`
ClientId string `yaml:"client_id"`
ClientSecret string `yaml:"client_secret"`
CallbackUrl string `yaml:"callback_url"`
Logout string `yaml:"logout"`
Audiences []string `yaml:"audiences"`
}
// Audience
type Audience string
func (a Audience) String() string {
return string(a)
}
type Audiences []string
func (a Audiences) SetValue() oauth2.AuthCodeOption {
return oauth2.SetAuthURLParam("audience", a.String())
}
func (a Audiences) String() string {
s := make([]string, len(a))
for idx, audience := range a {
s[idx] = audience
}
return strings.Join(s, " ")
}
type Authenticator struct {
Provider *oidc.Provider
Config oauth2.Config
OidcConfig OidcConfig
}
func (auth *Authenticator) SetValues() []oauth2.AuthCodeOption {
audiences := Audiences(auth.OidcConfig.Audiences)
return []oauth2.AuthCodeOption{audiences.SetValue()}
}
func NewOidcConfig(filename string) OidcConfig {
var oidcConfig OidcConfig
utils.MustReadYamlExpand(filename, &oidcConfig)
if len(oidcConfig.Scopes) == 0 {
oidcConfig.Scopes = []string{"email", "openid", "offline_access", "profile"}
}
utils.Assert(oidcConfig.Provider == "", "provider is required")
utils.Assert(oidcConfig.ClientId == "", "client_id is required")
utils.Assert(oidcConfig.ClientSecret == "", "client_secret is required")
utils.Assert(oidcConfig.CallbackUrl == "", "callback_url is required")
return oidcConfig
}