Added ability to get authorization code

2025-12-20 03:27:02 -07:00 · 2024-02-21 20:26:25 -07:00 · 2024-02-21 20:26:25 -07:00 · 5bae300daa
commit 5bae300daa
parent bfcbca9cf1
9 changed files with 174 additions and 48 deletions
--- a/internal/oidc/oidc-auth
+++ b/internal/oidc/oidc-auth
--- a/internal/oidc/oidc.go
+++ b/internal/oidc/oidc.go
@ -1,7 +1,10 @@
 package oidc

+import "fmt"
+
 type OpenIDConnectProvider struct {
 	Host              string
+	Port              int
 	AuthorizeEndpoint string
 	TokenEndpoint     string
 	ConfigEndpoint    string
@ -9,17 +12,24 @@ type OpenIDConnectProvider struct {

 func NewOIDCProvider() *OpenIDConnectProvider {
 	return &OpenIDConnectProvider{
-		Host:              "https://gitlab.newmexicoconsortium.org",
+		Host:              "127.0.0.1",
+		Port:              80,
 		AuthorizeEndpoint: "/oauth/authorize",
 		TokenEndpoint:     "/oauth/token",
 	}
 }

 func (oidc *OpenIDConnectProvider) GetAuthorizeUrl() string {
+	if oidc.Port != 80 {
+		return fmt.Sprintf("%s:%d", oidc.Host, oidc.Port) + oidc.AuthorizeEndpoint
+	}
 	return oidc.Host + oidc.AuthorizeEndpoint
 }

 func (oidc *OpenIDConnectProvider) GetTokenUrl() string {
+	if oidc.Port != 80 {
+		return fmt.Sprintf("%s:%d", oidc.Host, oidc.Port) + oidc.TokenEndpoint
+	}
 	return oidc.Host + oidc.TokenEndpoint
 }

--- a/internal/server/server.go
+++ b/internal/server/server.go
@ -1,16 +1,48 @@
 package server

 import (
+	"davidallendj/oidc-auth/internal/util"
 	"fmt"
 	"net/http"
+	"net/url"
+	"os"
+	"strings"
 )

-func Start(host string, port int) error {
-	http.HandleFunc("/oauth/callback", getAuthorizationCode)
-	err := http.ListenAndServe(host+":"+fmt.Sprintf("%d", port), nil)
-	return err
+func WaitForAuthorizationCode(host string, port int) (string, error) {
+	var code string
+	s := &http.Server{
+		Addr: fmt.Sprintf("%s:%d", host, port),
+	}
+	http.HandleFunc("/oauth/callback", func(w http.ResponseWriter, r *http.Request) {
+		// get the code from the OIDC provider
+		if r != nil {
+			code = r.URL.Query().Get("code")
+			fmt.Printf("Authorization Code: %v\n", code)
+		}
+		s.Close()
+
+	})
+	return code, s.ListenAndServe()
 }

-func getAuthorizationCode(w http.ResponseWriter, r *http.Request) {
-	fmt.Printf("response from OIDC provider: %v\n", r)
+func FetchToken(code string, remoteUrl string, clientId string, clientSecret string, state string, redirectUri []string) (string, error) {
+	var token string
+	data := url.Values{
+		"grant_type":    {"authorization_code"},
+		"code":          {code},
+		"client_id":     {clientId},
+		"client_secret": {clientSecret},
+		"state":         {state},
+		"redirect_uri":  {util.EncodeURL(strings.Join(redirectUri, ","))},
+	}
+	res, err := http.PostForm(remoteUrl, data)
+	if err != nil {
+		fmt.Printf("failed to get token: %s\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("request URL: %s\n", remoteUrl)
+	fmt.Printf("token response: %v\n", res)
+	return token, nil
 }
--- a/internal/util/util.go
+++ b/internal/util/util.go
@ -1,18 +1,19 @@
 package util

 import (
+	"encoding/base64"
 	"math/rand"
+	"net/url"
 	"strings"
 )

-const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
-const (
-	letterIdxBits = 6                    // 6 bits to represent a letter index
-	letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
-	letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
-)
-
 func RandomString(n int) string {
+	const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	const (
+		letterIdxBits = 6                    // 6 bits to represent a letter index
+		letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
+		letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
+	)
 	b := make([]byte, n)
 	// A rand.Int63() generates 63 random bits, enough for letterIdxMax letters!
 	for i, cache, remain := n-1, rand.Int63(), letterIdxMax; i >= 0; {
@ -31,9 +32,17 @@ func RandomString(n int) string {
 }

 func BuildAuthorizationUrl(authEndpoint string, clientId string, redirectUri []string, state string, responseType string, scope []string) string {
-	return authEndpoint + "?" + "cilent_id=" + clientId +
-		"&redirect_url=" + strings.Join(redirectUri, ",") +
+	return authEndpoint + "?" + "client_id=" + clientId +
+		"&redirect_uri=" + EncodeURL(strings.Join(redirectUri, ",")) +
 		"&response_type=" + responseType +
 		"&state=" + state +
 		"&scope=" + strings.Join(scope, "+")
 }
+
+func EncodeURL(s string) string {
+	return url.QueryEscape(s)
+}
+
+func EncodeBase64(s string) string {
+	return base64.StdEncoding.EncodeToString([]byte(s))
+}