mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-20 03:27:02 -07:00
Minor changes and update
This commit is contained in:
David J. Allen
parent
1859a3c58e
commit
038ca3c84a
3 changed files with 40 additions and 41 deletions
|
|
@ -44,7 +44,8 @@ func (client *Client) BuildAuthorizationUrl(authEndpoint string, state string, r
|
|||
"&redirect_uri=" + util.URLEscape(strings.Join(client.RedirectUris, ",")) +
|
||||
"&response_type=" + responseType +
|
||||
"&state=" + state +
|
||||
"&scope=" + strings.Join(scope, "+")
|
||||
"&scope=" + strings.Join(scope, "+") +
|
||||
"&audience=http://127.0.0.1:4444/oauth2/token"
|
||||
}
|
||||
|
||||
func (client *Client) InitiateLoginFlow(loginUrl string) error {
|
||||
|
|
@ -181,14 +182,14 @@ func (client *Client) AddTrustedIssuer(remoteUrl string, idp *oidc.IdentityProvi
|
|||
quotedScopes[i] = fmt.Sprintf("\"%s\"", s)
|
||||
}
|
||||
// NOTE: Can also include "jwks_uri" instead
|
||||
data := []byte(fmt.Sprintf(`{
|
||||
"allow_any_subject": false,
|
||||
"issuer": "%s",
|
||||
"subject": "%s",
|
||||
"expires_at": "%v",
|
||||
"jwk": %v,
|
||||
"scope": [ %s ]
|
||||
}`, idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ",")))
|
||||
data := []byte(fmt.Sprintf("{"+
|
||||
"\"allow_any_subject\": false,"+
|
||||
"\"issuer\": \"%s\","+
|
||||
"\"subject\": \"%s\","+
|
||||
"\"expires_at\": \"%v\","+
|
||||
"\"jwk\": %v,"+
|
||||
"\"scope\": [ %s ]"+
|
||||
"}", idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ",")))
|
||||
fmt.Printf("%v\n", string(data))
|
||||
|
||||
req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer(data))
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ func Login(config *Config) error {
|
|||
}()
|
||||
|
||||
// use code from response and exchange for bearer token (with ID token)
|
||||
tokenString, err := client.FetchTokenFromAuthenticationServer(
|
||||
bearerToken, err := client.FetchTokenFromAuthenticationServer(
|
||||
code,
|
||||
idp.Endpoints.Token,
|
||||
config.State,
|
||||
|
|
@ -112,7 +112,7 @@ func Login(config *Config) error {
|
|||
|
||||
// unmarshal data to get id_token and access_token
|
||||
var data map[string]any
|
||||
err = json.Unmarshal([]byte(tokenString), &data)
|
||||
err = json.Unmarshal([]byte(bearerToken), &data)
|
||||
if err != nil || data == nil {
|
||||
return fmt.Errorf("failed to unmarshal token: %v", err)
|
||||
}
|
||||
|
|
@ -123,30 +123,43 @@ func Login(config *Config) error {
|
|||
if err != nil {
|
||||
fmt.Printf("failed to parse ID token: %v\n", err)
|
||||
} else {
|
||||
fmt.Printf("token: %v\n", idToken)
|
||||
fmt.Printf("id_token: %v\n", idToken)
|
||||
if config.DecodeIdToken {
|
||||
if err != nil {
|
||||
fmt.Printf("failed to decode JWT: %v\n", err)
|
||||
} else {
|
||||
fmt.Printf("id_token.header: %s\nid_token.payload: %s\n", string(idJwtSegments[0]), string(idJwtSegments[1]))
|
||||
for i, segment := range idJwtSegments {
|
||||
// don't print last segment (signatures)
|
||||
if i == len(idJwtSegments)-1 {
|
||||
break
|
||||
}
|
||||
fmt.Printf("%s\n", string(segment))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// extract the access token to get the scopes
|
||||
// accessToken := data["access_token"].(string)
|
||||
// accessJwtSegments, err := util.DecodeJwt(accessToken)
|
||||
// if err != nil || len(accessJwtSegments) <= {
|
||||
// fmt.Printf("failed to parse access token: %v\n", err)
|
||||
// } else {
|
||||
// if config.DecodeIdToken {
|
||||
// if err != nil {
|
||||
// fmt.Printf("failed to decode JWT: %v\n", err)
|
||||
// } else {
|
||||
// fmt.Printf("access_token.header: %s\naccess_token.payload: %s\n", string(accessJwtSegments[0]), string(accessJwtSegments[1]))
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
accessToken := data["access_token"].(string)
|
||||
accessJwtSegments, err := util.DecodeJwt(accessToken)
|
||||
if err != nil || len(accessJwtSegments) <= 0 {
|
||||
fmt.Printf("failed to parse access token: %v\n", err)
|
||||
} else {
|
||||
fmt.Printf("access_token: %v\n", accessToken)
|
||||
if config.DecodeIdToken {
|
||||
if err != nil {
|
||||
fmt.Printf("failed to decode JWT: %v\n", err)
|
||||
} else {
|
||||
for i, segment := range accessJwtSegments {
|
||||
// don't print last segment (signatures)
|
||||
if i == len(accessJwtSegments)-1 {
|
||||
break
|
||||
}
|
||||
fmt.Printf("%s\n", string(segment))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// extract the scope from access token claims
|
||||
// var scope []string
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
package oauth
|
||||
|
||||
type Client struct {
|
||||
Id string `yaml:"id"`
|
||||
Secret string `yaml:"secret"`
|
||||
RedirectUris []string `yaml:"redirect-uris"`
|
||||
}
|
||||
|
||||
func NewClient() *Client {
|
||||
return &Client{
|
||||
Id: "",
|
||||
Secret: "",
|
||||
RedirectUris: []string{""},
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue