towk/opaal
1
0
Fork 0
mirror of https://github.com/davidallendj/opaal.git synced 2025-12-20 03:27:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed issue with scope not being added to token

Browse source
This commit is contained in:
David J. Allen 2024-03-19 15:01:47 -06:00
parent 6b2218efbd
commit fddcc8d6af
No known key found for this signature in database
GPG key ID: 717C593FF60A2ACC
3 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/login.go
View file

@ -38,6 +38,8 @@ func Login(config *Config, client *oauth.Client, provider *oidc.IdentityProvider
) )
var button = MakeButton(authorizationUrl, "Login with "+client.Name) var button = MakeButton(authorizationUrl, "Login with "+client.Name)
var jwtClient = oauth.NewClient()
jwtClient.Scope = config.Authorization.Token.Scope
// authorize oauth client and listen for callback from provider // authorize oauth client and listen for callback from provider
fmt.Printf("Waiting for authorization code redirect @%s/oidc/callback...\n", s.GetListenAddr()) fmt.Printf("Waiting for authorization code redirect @%s/oidc/callback...\n", s.GetListenAddr())
@ -56,17 +58,17 @@ func Login(config *Config, client *oauth.Client, provider *oidc.IdentityProvider
Register: config.Authorization.Endpoints.Register, Register: config.Authorization.Endpoints.Register,
}, },
JwtBearerParams: flows.JwtBearerFlowParams{ JwtBearerParams: flows.JwtBearerFlowParams{
Client: oauth.NewClient(), Client: jwtClient,
IdentityProvider: provider, IdentityProvider: provider,
TrustedIssuer: &oauth.TrustedIssuer{ TrustedIssuer: &oauth.TrustedIssuer{
AllowAnySubject: false, AllowAnySubject: false,
Issuer: s.Addr, Issuer: s.Addr,
Subject: "opaal", Subject: "opaal",
ExpiresAt: time.Now().Add(config.Authorization.TokenDuration), ExpiresAt: time.Now().Add(config.Authorization.Token.Duration),
Scope: []string{}, Scope: []string{},
}, },
Verbose: config.Options.Verbose, Verbose: config.Options.Verbose,
Refresh: config.Authorization.TokenRefresh, Refresh: config.Authorization.Token.Refresh,
}, },
} }
err = s.Login(button, provider, client, params) err = s.Login(button, provider, client, params)

3
internal/oauth/trusted.go
View file

@ -66,6 +66,9 @@ func (client *Client) AddTrustedIssuer(url string, ti *TrustedIssuer) ([]byte, e
return nil, fmt.Errorf("no valid trusted issuer provided") return nil, fmt.Errorf("no valid trusted issuer provided")
} }
// add the client's scope to trusted issuer
ti.Scope = append(ti.Scope, client.Scope...)
quotedScopes := make([]string, len(ti.Scope)) quotedScopes := make([]string, len(ti.Scope))
for i, s := range ti.Scope { for i, s := range ti.Scope {
quotedScopes[i] = fmt.Sprintf("\"%s\"", s) quotedScopes[i] = fmt.Sprintf("\"%s\"", s)

2
internal/server/server.go
View file

@ -122,7 +122,7 @@ func (s *Server) Login(buttons string, provider *oidc.IdentityProvider, client *
http.Redirect(w, r, "/error", http.StatusBadRequest) http.Redirect(w, r, "/error", http.StatusBadRequest)
return return
} }
_, err := client.PerformRefreshTokenGrant(provider.Endpoints.Token, refreshToken) _, err := params.JwtBearerParams.Client.PerformRefreshTokenGrant(provider.Endpoints.Token, refreshToken)
if err != nil { if err != nil {
fmt.Printf("failed to perform refresh token grant: %v\n", err) fmt.Printf("failed to perform refresh token grant: %v\n", err)
http.Redirect(w, r, "/error", http.StatusInternalServerError) http.Redirect(w, r, "/error", http.StatusInternalServerError)