Made it possible to override certain example IDP endpoints

2025-12-20 03:27:02 -07:00 · 2024-04-29 18:45:30 -06:00 · 2024-04-29 18:45:30 -06:00 · 73e4e50d44
commit 73e4e50d44
parent f10a771db6
4 changed files with 57 additions and 18 deletions
--- a/internal/oidc/oidc.go
+++ b/internal/oidc/oidc.go
@ -164,3 +164,25 @@ func (p *IdentityProvider) FetchJwks() error {

 	return nil
 }
+
+func (p *IdentityProvider) UpdateEndpoints(other *IdentityProvider) {
+	UpdateEndpoints(&p.Endpoints, &other.Endpoints)
+}
+
+func UpdateEndpoints(eps *Endpoints, other *Endpoints) {
+	// only update endpoints that are not empty
+	var UpdateIf = func(ep *string, s string) {
+		if ep != nil {
+			if *ep != "" {
+				*ep = s
+			}
+		}
+	}
+	UpdateIf(&eps.Config, other.Config)
+	UpdateIf(&eps.Authorization, other.Authorization)
+	UpdateIf(&eps.Token, other.Token)
+	UpdateIf(&eps.Revocation, other.Revocation)
+	UpdateIf(&eps.Introspection, other.Introspection)
+	UpdateIf(&eps.UserInfo, other.UserInfo)
+	UpdateIf(&eps.JwksUri, other.JwksUri)
+}
--- a/internal/server/idp.go
+++ b/internal/server/idp.go
@ -22,7 +22,7 @@ import (
 	"github.com/lestrrat-go/jwx/v2/jwt"
 )

-func (s *Server) StartIdentityProvider() error {
+func (s *Server) StartIdentityProvider(eps oidc.Endpoints) error {
 	// NOTE: this example does NOT implement CSRF tokens nor use them

 	// create an example identity provider
@ -38,6 +38,14 @@ func (s *Server) StartIdentityProvider() error {
 		callback = "/oidc/callback"
 	}

+	// update endpoints that have values set
+	defaultEps := oidc.Endpoints{
+		Authorization: "http://" + s.Addr + "/oauth/authorize",
+		Token:         "http://" + s.Addr + "/oauth/token",
+		JwksUri:       "http://" + s.Addr + "/.well-known/jwks.json",
+	}
+	oidc.UpdateEndpoints(&eps, &defaultEps)
+
 	// generate key pair used to sign JWKS and create JWTs
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
@ -72,14 +80,13 @@ func (s *Server) StartIdentityProvider() error {
 		w.Write(b)
 	})

-	// TODO: create .well-known openid configuration
 	r.HandleFunc("/.well-known/openid-configuration", func(w http.ResponseWriter, r *http.Request) {
 		// create config JSON to serve with GET request
 		config := map[string]any{
 			"issuer":                 "http://" + s.Addr,
-			"authorization_endpoint": "http://" + s.Addr + "/oauth/authorize",
-			"token_endpoint":         "http://" + s.Addr + "/oauth/token",
-			"jwks_uri":               "http://" + s.Addr + "/.well-known/jwks.json",
+			"authorization_endpoint": eps.Authorization,
+			"token_endpoint":         eps.Token,
+			"jwks_uri":               eps.JwksUri,
 			"scopes_supported": []string{
 				"openid",
 				"profile",
--- a/internal/server/server.go
+++ b/internal/server/server.go
@ -18,16 +18,17 @@ import (

 type Server struct {
 	*http.Server
-	Host     string `yaml:"host"`
-	Port     int    `yaml:"port"`
-	Callback string `yaml:"callback"`
-	State    string `yaml:"state"`
-	Issuer   Issuer `yaml:"issuer"`
+	Host     string                 `yaml:"host"`
+	Port     int                    `yaml:"port"`
+	Callback string                 `yaml:"callback"`
+	State    string                 `yaml:"state"`
+	Issuer   IdentityProviderServer `yaml:"issuer"`
 }

-type Issuer struct {
-	Host string `yaml:"host"`
-	Port int    `yaml:"port"`
+type IdentityProviderServer struct {
+	Host      string         `yaml:"host"`
+	Port      int            `yaml:"port"`
+	Endpoints oidc.Endpoints `yaml:"endpoints"`
 }

 type ServerParams struct {