mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-20 03:27:02 -07:00
Refactored and reorganized code
This commit is contained in:
parent
86f8784c19
commit
fdb0db389c
8 changed files with 384 additions and 127 deletions
|
|
@ -2,40 +2,65 @@ package api
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"davidallendj/opal/internal/oauth"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func WaitForAuthorizationCode(host string, port int) (string, error) {
|
||||
func WaitForAuthorizationCode(serverAddr string, loginUrl string) (string, error) {
|
||||
var code string
|
||||
s := &http.Server{
|
||||
Addr: fmt.Sprintf("%s:%d", host, port),
|
||||
}
|
||||
s := &http.Server{Addr: serverAddr}
|
||||
http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {
|
||||
// redirect directly to identity provider with this endpoint
|
||||
http.Redirect(w, r, loginUrl, http.StatusSeeOther)
|
||||
})
|
||||
http.HandleFunc("/oidc/callback", func(w http.ResponseWriter, r *http.Request) {
|
||||
// get the code from the OIDC provider
|
||||
if r != nil {
|
||||
code = r.URL.Query().Get("code")
|
||||
fmt.Printf("authorization code: %v\n", code)
|
||||
fmt.Printf("Authorization code: %v\n", code)
|
||||
}
|
||||
s.Close()
|
||||
|
||||
})
|
||||
fmt.Printf("listening for authorization code at %s/oidc/callback\n", s.Addr)
|
||||
return code, s.ListenAndServe()
|
||||
}
|
||||
|
||||
func FetchToken(code string, remoteUrl string, clientId string, clientSecret string, state string, redirectUri []string) (string, error) {
|
||||
func FetchIssuerToken(code string, remoteUrl string, client oauth.Client, state string) (string, error) {
|
||||
var token string
|
||||
data := url.Values{
|
||||
"grant_type": {"authorization_code"},
|
||||
"code": {code},
|
||||
"client_id": {clientId},
|
||||
"client_secret": {clientSecret},
|
||||
"client_id": {client.Id},
|
||||
"client_secret": {client.Secret},
|
||||
"state": {state},
|
||||
"redirect_uri": {strings.Join(redirectUri, ",")},
|
||||
"redirect_uri": {strings.Join(client.RedirectUris, ",")},
|
||||
}
|
||||
res, err := http.PostForm(remoteUrl, data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get ID token: %s", err)
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
b, err := io.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to read response body: %v", err)
|
||||
}
|
||||
token = string(b)
|
||||
|
||||
fmt.Printf("%v\n", token)
|
||||
return token, nil
|
||||
}
|
||||
|
||||
func FetchAccessToken(remoteUrl string, clientId string, jwt string, scopes []string) (string, error) {
|
||||
// hydra endpoint: /oauth/token
|
||||
var token string
|
||||
data := url.Values{
|
||||
"grant_type": {"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"},
|
||||
"assertion": {jwt},
|
||||
}
|
||||
res, err := http.PostForm(remoteUrl, data)
|
||||
if err != nil {
|
||||
|
|
@ -53,31 +78,34 @@ func FetchToken(code string, remoteUrl string, clientId string, clientSecret str
|
|||
return token, nil
|
||||
}
|
||||
|
||||
func FetchAccessToken(remoteUrl string, clientId string, jwt string) (string, error) {
|
||||
var token string
|
||||
data := url.Values{
|
||||
"grant_type": {"client_credentials"},
|
||||
"client_id": {clientId},
|
||||
"client_assertion_type": {"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"},
|
||||
"client_assertion": {jwt},
|
||||
}
|
||||
res, err := http.PostForm(remoteUrl, data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to get token: %s", err)
|
||||
}
|
||||
defer res.Body.Close()
|
||||
func AddTrustedIssuer(remoteUrl string, issuer string, subject string, duration time.Duration, jwk string, scope []string) error {
|
||||
// hydra endpoint: /admin/trust/grants/jwt-bearer/issuers
|
||||
data := []byte(fmt.Sprintf(`{
|
||||
"allow_any_subject": false,
|
||||
"issuer": "%s",
|
||||
"subject": "%s"
|
||||
"expires_at": "%v"
|
||||
"jwk": %v,
|
||||
"scope": [ j%s ],
|
||||
}`, issuer, subject, time.Now().Add(duration), jwk, strings.Join(scope, ",")))
|
||||
|
||||
b, err := io.ReadAll(res.Body)
|
||||
req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer(data))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to read response body: %v", err)
|
||||
return fmt.Errorf("failed to create a new request: %v", err)
|
||||
}
|
||||
token = string(b)
|
||||
|
||||
fmt.Printf("%v\n", token)
|
||||
return token, nil
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
// req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", idToken))
|
||||
client := &http.Client{}
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to do request: %v", err)
|
||||
}
|
||||
fmt.Printf("%d\n", res.StatusCode)
|
||||
return nil
|
||||
}
|
||||
|
||||
func CreateIdentity(remoteUrl string, idToken string) error {
|
||||
// kratos endpoint: /admin/identities
|
||||
data := []byte(`{
|
||||
"schema_id": "preset://email",
|
||||
"traits": {
|
||||
|
|
@ -114,3 +142,7 @@ func FetchIdentities(remoteUrl string) error {
|
|||
fmt.Printf("%v\n", res)
|
||||
return nil
|
||||
}
|
||||
|
||||
func RedirectSuccess() {
|
||||
// show a success page with the user's access token
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue