towk/opaal
1
0
Fork 0
mirror of https://github.com/davidallendj/opaal.git synced 2025-12-20 03:27:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Minor changes and update

Browse source
This commit is contained in:
David J. Allen 2024-02-26 14:08:10 -07:00
parent 1859a3c58e
commit 038ca3c84a
No known key found for this signature in database
GPG key ID: 717C593FF60A2ACC
3 changed files with 40 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

19
internal/client.go
View file

@ -44,7 +44,8 @@ func (client *Client) BuildAuthorizationUrl(authEndpoint string, state string, r
"&redirect_uri=" + util.URLEscape(strings.Join(client.RedirectUris, ",")) + "&redirect_uri=" + util.URLEscape(strings.Join(client.RedirectUris, ",")) +
"&response_type=" + responseType + "&response_type=" + responseType +
"&state=" + state + "&state=" + state +
"&scope=" + strings.Join(scope, "+") "&scope=" + strings.Join(scope, "+") +
"&audience=http://127.0.0.1:4444/oauth2/token"
} }
func (client *Client) InitiateLoginFlow(loginUrl string) error { func (client *Client) InitiateLoginFlow(loginUrl string) error {
@ -181,14 +182,14 @@ func (client *Client) AddTrustedIssuer(remoteUrl string, idp *oidc.IdentityProvi
quotedScopes[i] = fmt.Sprintf("\"%s\"", s) quotedScopes[i] = fmt.Sprintf("\"%s\"", s)
} }
// NOTE: Can also include "jwks_uri" instead // NOTE: Can also include "jwks_uri" instead
data := []byte(fmt.Sprintf(`{ data := []byte(fmt.Sprintf("{"+
"allow_any_subject": false, "\"allow_any_subject\": false,"+
"issuer": "%s", "\"issuer\": \"%s\","+
"subject": "%s", "\"subject\": \"%s\","+
"expires_at": "%v", "\"expires_at\": \"%v\","+
"jwk": %v, "\"jwk\": %v,"+
"scope": [ %s ] "\"scope\": [ %s ]"+
}`, idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ","))) "}", idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ",")))
fmt.Printf("%v\n", string(data)) fmt.Printf("%v\n", string(data))
req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer(data)) req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer(data))

47
internal/login.go
View file

@ -101,7 +101,7 @@ func Login(config *Config) error {
}() }()
// use code from response and exchange for bearer token (with ID token) // use code from response and exchange for bearer token (with ID token)
tokenString, err := client.FetchTokenFromAuthenticationServer( bearerToken, err := client.FetchTokenFromAuthenticationServer(
code, code,
idp.Endpoints.Token, idp.Endpoints.Token,
config.State, config.State,
@ -112,7 +112,7 @@ func Login(config *Config) error {
// unmarshal data to get id_token and access_token // unmarshal data to get id_token and access_token
var data map[string]any var data map[string]any
err = json.Unmarshal([]byte(tokenString), &data) err = json.Unmarshal([]byte(bearerToken), &data)
if err != nil || data == nil { if err != nil || data == nil {
return fmt.Errorf("failed to unmarshal token: %v", err) return fmt.Errorf("failed to unmarshal token: %v", err)
} }
@ -123,30 +123,43 @@ func Login(config *Config) error {
if err != nil { if err != nil {
fmt.Printf("failed to parse ID token: %v\n", err) fmt.Printf("failed to parse ID token: %v\n", err)
} else { } else {
fmt.Printf("token: %v\n", idToken) fmt.Printf("id_token: %v\n", idToken)
if config.DecodeIdToken { if config.DecodeIdToken {
if err != nil { if err != nil {
fmt.Printf("failed to decode JWT: %v\n", err) fmt.Printf("failed to decode JWT: %v\n", err)
} else { } else {
fmt.Printf("id_token.header: %s\nid_token.payload: %s\n", string(idJwtSegments[0]), string(idJwtSegments[1])) for i, segment := range idJwtSegments {
// don't print last segment (signatures)
if i == len(idJwtSegments)-1 {
break
}
fmt.Printf("%s\n", string(segment))
}
} }
} }
} }
// extract the access token to get the scopes // extract the access token to get the scopes
// accessToken := data["access_token"].(string) accessToken := data["access_token"].(string)
// accessJwtSegments, err := util.DecodeJwt(accessToken) accessJwtSegments, err := util.DecodeJwt(accessToken)
// if err != nil || len(accessJwtSegments) <= { if err != nil || len(accessJwtSegments) <= 0 {
// fmt.Printf("failed to parse access token: %v\n", err) fmt.Printf("failed to parse access token: %v\n", err)
// } else { } else {
// if config.DecodeIdToken { fmt.Printf("access_token: %v\n", accessToken)
// if err != nil { if config.DecodeIdToken {
// fmt.Printf("failed to decode JWT: %v\n", err) if err != nil {
// } else { fmt.Printf("failed to decode JWT: %v\n", err)
// fmt.Printf("access_token.header: %s\naccess_token.payload: %s\n", string(accessJwtSegments[0]), string(accessJwtSegments[1])) } else {
// } for i, segment := range accessJwtSegments {
// } // don't print last segment (signatures)
// } if i == len(accessJwtSegments)-1 {
break
}
fmt.Printf("%s\n", string(segment))
}
}
}
}
// extract the scope from access token claims // extract the scope from access token claims
// var scope []string // var scope []string

15
internal/oauth/oauth.go
View file

@ -1,15 +0,0 @@
package oauth
type Client struct {
Id string `yaml:"id"`
Secret string `yaml:"secret"`
RedirectUris []string `yaml:"redirect-uris"`
}
func NewClient() *Client {
return &Client{
Id: "",
Secret: "",
RedirectUris: []string{""},
}
}