-
Notifications
You must be signed in to change notification settings - Fork 3
/
oidc.go
83 lines (69 loc) · 1.79 KB
/
oidc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package main
import (
"encoding/json"
"github.com/pkg/errors"
"io/ioutil"
"net/http"
"strings"
)
var oidcClient = http.DefaultClient
func oidcAction(input *albEventOidc) (*ActionProperty, error) {
ae := input.AuthorizationEndpoint
te := input.TokenEndpoint
uie := input.UserInfoEndpoint
if len(ae) == 0 || len(te) == 0 || len(uie) == 0 {
doc, err := discover(input.Issuer)
if err != nil {
return nil, err
}
if len(ae) == 0 {
ae = doc.AuthorizationEndpoint
}
if len(te) == 0 {
te = doc.TokenEndpoint
}
if len(uie) == 0 {
uie = doc.UserInfoEndpoint
}
}
return &ActionProperty{
Order: 1,
Type: "authenticate-oidc",
Oidc: &albEventOidc{
Issuer: input.Issuer,
ClientId: input.ClientId,
ClientSecret: input.ClientSecret,
AuthorizationEndpoint: ae,
TokenEndpoint: te,
UserInfoEndpoint: uie,
// optional
AuthenticationRequestExtraParams: nil,
OnUnauthenticatedRequest: "",
Scope: "",
SessionCookieName: "",
SessionTimeout: 0,
},
}, nil
}
type discoveryDocument struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserInfoEndpoint string `json:"userinfo_endpoint"`
}
func discover(issuer string) (*discoveryDocument, error) {
discoveryUrl := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration"
resp, err := oidcClient.Get(discoveryUrl)
if err != nil {
return nil, errors.WithStack(err)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, errors.WithStack(err)
}
doc := discoveryDocument{}
err = json.Unmarshal(body, &doc)
if err != nil {
return nil, errors.WithStack(err)
}
return &doc, nil
}