From 448cb50974efea776a76a5970e056c2d5fee0f75 Mon Sep 17 00:00:00 2001 From: "David J. Allen" Date: Mon, 26 Feb 2024 17:35:24 -0700 Subject: [PATCH] Formatted output and added audience to registering OAuth client --- internal/client.go | 7 ++++--- internal/login.go | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/internal/client.go b/internal/client.go index 238431a..024ad9f 100644 --- a/internal/client.go +++ b/internal/client.go @@ -208,7 +208,7 @@ func (client *Client) AddTrustedIssuer(remoteUrl string, idp *oidc.IdentityProvi return io.ReadAll(res.Body) } -func (client *Client) RegisterOAuthClient(registerUrl string) ([]byte, error) { +func (client *Client) RegisterOAuthClient(registerUrl string, audience string) ([]byte, error) { // hydra endpoint: POST /clients data := []byte(fmt.Sprintf(`{ "client_name": "%s", @@ -216,8 +216,9 @@ func (client *Client) RegisterOAuthClient(registerUrl string) ([]byte, error) { "token_endpoint_auth_method": "client_secret_post", "scope": "openid email profile", "grant_types": ["client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer"], - "response_types": ["token"] - }`, client.Id, client.Secret)) + "response_types": ["token"], + "audience": ["%s"] + }`, client.Id, client.Secret, audience)) req, err := http.NewRequest("POST", registerUrl, bytes.NewBuffer(data)) if err != nil { diff --git a/internal/login.go b/internal/login.go index 7e7f7b0..89f400b 100644 --- a/internal/login.go +++ b/internal/login.go @@ -73,7 +73,7 @@ func Login(config *Config) error { fmt.Printf("Waiting for authorization code redirect @%s/oidc/callback...\n", server.GetListenAddr()) code, err := server.WaitForAuthorizationCode(authorizationUrl) if errors.Is(err, http.ErrServerClosed) { - fmt.Printf("Server closed.\n") + fmt.Printf("\n=========================================\nServer closed.\n=========================================\n\n") } else if err != nil { return fmt.Errorf("failed to start server: %s", err) } @@ -137,6 +137,7 @@ func Login(config *Config) error { } } } + fmt.Println() } // extract the access token to get the scopes @@ -159,6 +160,7 @@ func Login(config *Config) error { } } } + fmt.Println() } // extract the scope from access token claims @@ -184,11 +186,12 @@ func Login(config *Config) error { if err != nil { return fmt.Errorf("failed to fetch identities: %v", err) } - fmt.Printf("Created new identity successfully.\n") + fmt.Printf("Created new identity successfully.\n\n") } // extract the subject from ID token claims var subject string + var audience string var idJsonPayload map[string]any var idJwtPayload []byte = idJwtSegments[1] if idJwtPayload != nil { @@ -197,6 +200,7 @@ func Login(config *Config) error { return fmt.Errorf("failed to unmarshal JWT: %v", err) } subject = idJsonPayload["sub"].(string) + audience = idJsonPayload["aud"].(string) } else { return fmt.Errorf("failed to extract subject from ID token claims") } @@ -207,6 +211,7 @@ func Login(config *Config) error { if err != nil { return fmt.Errorf("failed to fetch JWK: %v", err) } else { + fmt.Printf("Successfully retrieved JWK from authentication server.\n\n") fmt.Printf("Attempting to add issuer to authorization server...\n") res, err := client.AddTrustedIssuer(config.ActionUrls.TrustedIssuers, idp, subject, time.Duration(1000), config.Scope) if err != nil { @@ -216,7 +221,8 @@ func Login(config *Config) error { } // try and register a new client with authorization server - res, err := client.RegisterOAuthClient("http://127.0.0.1:4445/clients") + fmt.Printf("Registering new OAuth2 client with authorization server...\n") + res, err := client.RegisterOAuthClient("http://127.0.0.1:4445/clients", audience) if err != nil { return fmt.Errorf("failed to register client: %v", err) }