Start implementation of individual claim handling
This commit is contained in:
parent
e9c34a2337
commit
744440ee54
6 changed files with 243 additions and 12 deletions
4
common/services/godoc.go
Normal file
4
common/services/godoc.go
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
/*
|
||||
The package services provides services shared by the idp and the app.
|
||||
*/
|
||||
package services
|
||||
|
|
@ -10,23 +10,20 @@ import (
|
|||
"github.com/lestrrat-go/jwx/jwk"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"git.cacert.org/oidc_login/common/models"
|
||||
)
|
||||
|
||||
type oidcContextKey int
|
||||
|
||||
// context keys
|
||||
const (
|
||||
ctxOidcConfig oidcContextKey = iota
|
||||
ctxOAuth2Config
|
||||
ctxOidcJwks
|
||||
)
|
||||
|
||||
type OpenIDConfiguration struct {
|
||||
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
||||
TokenEndpoint string `json:"token_endpoint"`
|
||||
JwksUri string `json:"jwks_uri"`
|
||||
EndSessionEndpoint string `json:"end_session_endpoint"`
|
||||
}
|
||||
|
||||
// Parameters for DiscoverOIDC
|
||||
type OidcParams struct {
|
||||
OidcServer string
|
||||
OidcClientId string
|
||||
|
|
@ -34,6 +31,16 @@ type OidcParams struct {
|
|||
APIClient *http.Client
|
||||
}
|
||||
|
||||
// Discover OpenID Connect parameters from the discovery endpoint and the
|
||||
// JSON Web Key Set from the discovered jwksUri.
|
||||
//
|
||||
// The subset of values specified by models.OpenIDConfiguration is stored in
|
||||
// the given context and can be retrieved from the context by GetOidcConfig.
|
||||
//
|
||||
// OAuth2 specific values are stored in another context object and can be
|
||||
// retrieved by GetOAuth2Config.
|
||||
//
|
||||
// The JSON Web Key Set can be retrieved by GetJwkSet.
|
||||
func DiscoverOIDC(ctx context.Context, logger *log.Logger, params *OidcParams) (context.Context, error) {
|
||||
var discoveryUrl *url.URL
|
||||
|
||||
|
|
@ -60,7 +67,7 @@ func DiscoverOIDC(ctx context.Context, logger *log.Logger, params *OidcParams) (
|
|||
}
|
||||
|
||||
dec := json.NewDecoder(resp.Body)
|
||||
discoveryResponse := &OpenIDConfiguration{}
|
||||
discoveryResponse := &models.OpenIDConfiguration{}
|
||||
err = dec.Decode(discoveryResponse)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -87,14 +94,23 @@ func DiscoverOIDC(ctx context.Context, logger *log.Logger, params *OidcParams) (
|
|||
return ctx, nil
|
||||
}
|
||||
|
||||
func GetOidcConfig(ctx context.Context) *OpenIDConfiguration {
|
||||
return ctx.Value(ctxOidcConfig).(*OpenIDConfiguration)
|
||||
// Get the OpenID configuration from the context.
|
||||
//
|
||||
// DiscoverOIDC needs to be called before this is available.
|
||||
func GetOidcConfig(ctx context.Context) *models.OpenIDConfiguration {
|
||||
return ctx.Value(ctxOidcConfig).(*models.OpenIDConfiguration)
|
||||
}
|
||||
|
||||
// Get the OAuth 2 configuration configuration from the context.
|
||||
//
|
||||
// DiscoverOIDC needs to be called before this is available.
|
||||
func GetOAuth2Config(ctx context.Context) *oauth2.Config {
|
||||
return ctx.Value(ctxOAuth2Config).(*oauth2.Config)
|
||||
}
|
||||
|
||||
// Get the JSON Web Key set from the context.
|
||||
//
|
||||
// DiscoverOIDC needs to be called before this is available.
|
||||
func GetJwkSet(ctx context.Context) *jwk.Set {
|
||||
return ctx.Value(ctxOidcJwks).(*jwk.Set)
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue