clenaup

2021-02-12 07:02:10 +01:00 · 2021-02-12 07:02:10 +01:00 · 0c7b2605bd
commit 0c7b2605bd
parent 01ff740f4e
8 changed files with 51 additions and 65 deletions
--- a/example/client/service/service.go
+++ b/example/client/service/service.go
@ -21,24 +21,18 @@ var (
 )

 func main() {
-	//keyPath := os.Getenv("KEY_PATH")
+	keyPath := os.Getenv("KEY_PATH")
 	issuer := os.Getenv("ISSUER")
 	port := os.Getenv("PORT")
 	scopes := strings.Split(os.Getenv("SCOPES"), " ")
-	//testURL := os.Getenv("TEST_URL")

-	//if keyPath != "" {
-	//	ts, err := rp.NewJWTProfileTokenSourceFromFile(issuer, keyPath, scopes)
-	//	if err != nil {
-	//		logrus.Fatalf("error creating token source %s", err.Error())
-	//	}
-	//	//client = oauth2.NewClient(context.Background(), ts)
-	//	resp, err := callExampleEndpoint(client, testURL)
-	//	if err != nil {
-	//		logrus.Fatalf("error response from test url: %s", err.Error())
-	//	}
-	//	fmt.Println(resp)
-	//}
+	if keyPath != "" {
+		ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath, scopes)
+		if err != nil {
+			logrus.Fatalf("error creating token source %s", err.Error())
+		}
+		client = oauth2.NewClient(context.Background(), ts)
+	}

 	http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == "GET" {
@ -84,7 +78,7 @@ func main() {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
-			ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, key, scopes)
+			ts, err := profile.NewJWTProfileTokenSourceFromKeyFileData(issuer, key, scopes)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
@ -95,16 +89,6 @@ func main() {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
-			//assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer})
-			//if err != nil {
-			//	http.Error(w, err.Error(), http.StatusInternalServerError)
-			//	return
-			//}
-			//token, err := rp.JWTProfileAssertionExchange(ctx, assertion, scopes, provider)
-			//if err != nil {
-			//	http.Error(w, err.Error(), http.StatusInternalServerError)
-			//	return
-			//}
 			data, err := json.Marshal(token)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
--- a/example/internal/mock/storage.go
+++ b/example/internal/mock/storage.go
@ -210,23 +210,34 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st
 	return nil
 }

-func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _, _ string) (oidc.UserInfo, error) {
-	return s.GetUserinfoFromScopes(ctx, "", "", []string{})
+func (s *AuthStorage) SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, _, _, _ string) error {
+	return s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{})
 }
-func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _, _ string, _ []string) (oidc.UserInfo, error) {
-	userinfo := oidc.NewUserInfo()
+func (s *AuthStorage) SetUserinfoFromScopes(ctx context.Context, userinfo oidc.UserInfoSetter, _, _ string, _ []string) error {
 	userinfo.SetSubject(a.GetSubject())
 	userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", ""))
 	userinfo.SetEmail("test", true)
 	userinfo.SetPhone("0791234567", true)
 	userinfo.SetName("Test")
 	userinfo.AppendClaims("private_claim", "test")
-	return userinfo, nil
+	return nil
 }
 func (s *AuthStorage) GetPrivateClaimsFromScopes(_ context.Context, _, _ string, _ []string) (map[string]interface{}, error) {
 	return map[string]interface{}{"private_claim": "test"}, nil
 }

+func (s *AuthStorage) SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error {
+	if err := s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{}); err != nil {
+		return err
+	}
+	userinfo.SetClientID(a.ClientID)
+	return nil
+}
+
+func (s *AuthStorage) ValidateJWTProfileScopes(ctx context.Context, userID string, scope oidc.Scopes) (oidc.Scopes, error) {
+	return scope, nil
+}
+
 type ConfClient struct {
 	applicationType op.ApplicationType
 	authMethod      oidc.AuthMethod
--- a/pkg/client/profile/jwt_profile.go
+++ b/pkg/client/profile/jwt_profile.go
@ -23,7 +23,15 @@ type jwtProfileTokenSource struct {
 	tokenEndpoint string
 }

-func NewJWTProfileTokenSourceFromKeyFile(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
+func NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath string, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
+	keyData, err := client.ConfigFromKeyFile(keyPath)
+	if err != nil {
+		return nil, err
+	}
+	return NewJWTProfileTokenSource(issuer, keyData.UserID, keyData.KeyID, []byte(keyData.Key), scopes, options...)
+}
+
+func NewJWTProfileTokenSourceFromKeyFileData(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
 	keyData, err := client.ConfigFromKeyFileData(data)
 	if err != nil {
 		return nil, err
--- a/pkg/oidc/introspection.go
+++ b/pkg/oidc/introspection.go
@ -21,7 +21,7 @@ type IntrospectionResponse interface {
 	UserInfoSetter
 	SetActive(bool)
 	IsActive() bool
-	SetScopes(scopes Scope)
+	SetScopes(scopes Scopes)
 	SetClientID(id string)
 }

@ -31,7 +31,7 @@ func NewIntrospectionResponse() IntrospectionResponse {

 type introspectionResponse struct {
 	Active   bool   `json:"active"`
-	Scope    Scope  `json:"scope,omitempty"`
+	Scope    Scopes `json:"scope,omitempty"`
 	ClientID string `json:"client_id,omitempty"`
 	Subject  string `json:"sub,omitempty"`
 	userInfoProfile
@ -46,7 +46,7 @@ func (u *introspectionResponse) IsActive() bool {
 	return u.Active
 }

-func (u *introspectionResponse) SetScopes(scope Scope) {
+func (u *introspectionResponse) SetScopes(scope Scopes) {
 	u.Scope = scope
 }

@ -252,10 +252,6 @@ func (i *introspectionResponse) MarshalJSON() ([]byte, error) {
 	}

 	return json.Marshal(i.claims)
-	//if err != nil {
-	//	return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims)
-	//}
-	//return utils.ConcatenateJSON(b, claims)
 }

 func (i *introspectionResponse) UnmarshalJSON(data []byte) error {
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -59,7 +59,6 @@ type Prompt string
 type ResponseType string

 type Scopes []string
-type Scope []string //TODO: hurst?

 func (s Scopes) Encode() string {
 	return strings.Join(s, " ")
@ -74,16 +73,16 @@ func (s *Scopes) MarshalText() ([]byte, error) {
 	return []byte(s.Encode()), nil
 }

-func (s *Scope) MarshalJSON() ([]byte, error) {
-	return json.Marshal(Scopes(*s).Encode())
+func (s *Scopes) MarshalJSON() ([]byte, error) {
+	return json.Marshal((*s).Encode())
 }

-func (s *Scope) UnmarshalJSON(data []byte) error {
+func (s *Scopes) UnmarshalJSON(data []byte) error {
 	var str string
 	if err := json.Unmarshal(data, &str); err != nil {
 		return err
 	}
-	*s = Scope(strings.Split(str, " "))
+	*s = strings.Split(str, " ")
 	return nil
 }

--- a/pkg/oidc/userinfo.go
+++ b/pkg/oidc/userinfo.go
@ -355,11 +355,6 @@ func (i *userinfo) MarshalJSON() ([]byte, error) {
 	}

 	return json.Marshal(i.claims)
-	//claims, err := json.Marshal(i.claims)
-	//if err != nil {
-	//	return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims)
-	//}
-	//return utils.ConcatenateJSON(b, claims)
 }

 func (i *userinfo) UnmarshalJSON(data []byte) error {
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -21,20 +21,16 @@ func Discover(w http.ResponseWriter, config *oidc.DiscoveryConfiguration) {

 func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfiguration {
 	return &oidc.DiscoveryConfiguration{
-		Issuer:                c.Issuer(),
-		AuthorizationEndpoint: c.AuthorizationEndpoint().Absolute(c.Issuer()),
-		TokenEndpoint:         c.TokenEndpoint().Absolute(c.Issuer()),
-		IntrospectionEndpoint: c.IntrospectionEndpoint().Absolute(c.Issuer()),
-		UserinfoEndpoint:      c.UserinfoEndpoint().Absolute(c.Issuer()),
-		//RevocationEndpoint:  c.RevocationEndpoint().Absolute(c.Issuer()),
-		EndSessionEndpoint: c.EndSessionEndpoint().Absolute(c.Issuer()),
-		// CheckSessionIframe: c.TokenEndpoint().Absolute(c.Issuer())(c.CheckSessionIframe),
-		JwksURI:                c.KeysEndpoint().Absolute(c.Issuer()),
-		ScopesSupported:        Scopes(c),
-		ResponseTypesSupported: ResponseTypes(c),
-		//ResponseModesSupported:
-		GrantTypesSupported: GrantTypes(c),
-		//ACRValuesSupported:                ACRValues(c),
+		Issuer:                                    c.Issuer(),
+		AuthorizationEndpoint:                     c.AuthorizationEndpoint().Absolute(c.Issuer()),
+		TokenEndpoint:                             c.TokenEndpoint().Absolute(c.Issuer()),
+		IntrospectionEndpoint:                     c.IntrospectionEndpoint().Absolute(c.Issuer()),
+		UserinfoEndpoint:                          c.UserinfoEndpoint().Absolute(c.Issuer()),
+		EndSessionEndpoint:                        c.EndSessionEndpoint().Absolute(c.Issuer()),
+		JwksURI:                                   c.KeysEndpoint().Absolute(c.Issuer()),
+		ScopesSupported:                           Scopes(c),
+		ResponseTypesSupported:                    ResponseTypes(c),
+		GrantTypesSupported:                       GrantTypes(c),
 		SubjectTypesSupported:                     SubjectTypes(c),
 		IDTokenSigningAlgValuesSupported:          SigAlgorithms(s),
 		TokenEndpointAuthMethodsSupported:         AuthMethodsTokenEndpoint(c),
--- a/pkg/utils/http.go
+++ b/pkg/utils/http.go
@ -42,9 +42,6 @@ func FormRequest(endpoint string, request interface{}, encoder Encoder, authFn i
 	if fn, ok := authFn.(FormAuthorization); ok {
 		fn(form)
 	}
-	if fn, ok := authFn.(func(url.Values)); ok {
-		fn(form)
-	}
 	body := strings.NewReader(form.Encode())
 	req, err := http.NewRequest("POST", endpoint, body)
 	if err != nil {