From 0c7b2605bdc5ccdb96a2305f15c396fb3f4a3a8a Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Fri, 12 Feb 2021 07:02:10 +0100 Subject: [PATCH] clenaup --- example/client/service/service.go | 34 ++++++++----------------------- example/internal/mock/storage.go | 21 ++++++++++++++----- pkg/client/profile/jwt_profile.go | 10 ++++++++- pkg/oidc/introspection.go | 10 +++------ pkg/oidc/types.go | 9 ++++---- pkg/oidc/userinfo.go | 5 ----- pkg/op/discovery.go | 24 +++++++++------------- pkg/utils/http.go | 3 --- 8 files changed, 51 insertions(+), 65 deletions(-) diff --git a/example/client/service/service.go b/example/client/service/service.go index 95227d0..34d959d 100644 --- a/example/client/service/service.go +++ b/example/client/service/service.go @@ -21,24 +21,18 @@ var ( ) func main() { - //keyPath := os.Getenv("KEY_PATH") + keyPath := os.Getenv("KEY_PATH") issuer := os.Getenv("ISSUER") port := os.Getenv("PORT") scopes := strings.Split(os.Getenv("SCOPES"), " ") - //testURL := os.Getenv("TEST_URL") - //if keyPath != "" { - // ts, err := rp.NewJWTProfileTokenSourceFromFile(issuer, keyPath, scopes) - // if err != nil { - // logrus.Fatalf("error creating token source %s", err.Error()) - // } - // //client = oauth2.NewClient(context.Background(), ts) - // resp, err := callExampleEndpoint(client, testURL) - // if err != nil { - // logrus.Fatalf("error response from test url: %s", err.Error()) - // } - // fmt.Println(resp) - //} + if keyPath != "" { + ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath, scopes) + if err != nil { + logrus.Fatalf("error creating token source %s", err.Error()) + } + client = oauth2.NewClient(context.Background(), ts) + } http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { @@ -84,7 +78,7 @@ func main() { http.Error(w, err.Error(), http.StatusInternalServerError) return } - ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, key, scopes) + ts, err := profile.NewJWTProfileTokenSourceFromKeyFileData(issuer, key, scopes) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -95,16 +89,6 @@ func main() { http.Error(w, err.Error(), http.StatusInternalServerError) return } - //assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer}) - //if err != nil { - // http.Error(w, err.Error(), http.StatusInternalServerError) - // return - //} - //token, err := rp.JWTProfileAssertionExchange(ctx, assertion, scopes, provider) - //if err != nil { - // http.Error(w, err.Error(), http.StatusInternalServerError) - // return - //} data, err := json.Marshal(token) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/example/internal/mock/storage.go b/example/internal/mock/storage.go index 40a1f86..e04c045 100644 --- a/example/internal/mock/storage.go +++ b/example/internal/mock/storage.go @@ -210,23 +210,34 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st return nil } -func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _, _ string) (oidc.UserInfo, error) { - return s.GetUserinfoFromScopes(ctx, "", "", []string{}) +func (s *AuthStorage) SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, _, _, _ string) error { + return s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{}) } -func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _, _ string, _ []string) (oidc.UserInfo, error) { - userinfo := oidc.NewUserInfo() +func (s *AuthStorage) SetUserinfoFromScopes(ctx context.Context, userinfo oidc.UserInfoSetter, _, _ string, _ []string) error { userinfo.SetSubject(a.GetSubject()) userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", "")) userinfo.SetEmail("test", true) userinfo.SetPhone("0791234567", true) userinfo.SetName("Test") userinfo.AppendClaims("private_claim", "test") - return userinfo, nil + return nil } func (s *AuthStorage) GetPrivateClaimsFromScopes(_ context.Context, _, _ string, _ []string) (map[string]interface{}, error) { return map[string]interface{}{"private_claim": "test"}, nil } +func (s *AuthStorage) SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error { + if err := s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{}); err != nil { + return err + } + userinfo.SetClientID(a.ClientID) + return nil +} + +func (s *AuthStorage) ValidateJWTProfileScopes(ctx context.Context, userID string, scope oidc.Scopes) (oidc.Scopes, error) { + return scope, nil +} + type ConfClient struct { applicationType op.ApplicationType authMethod oidc.AuthMethod diff --git a/pkg/client/profile/jwt_profile.go b/pkg/client/profile/jwt_profile.go index d60a2f8..46a0fe9 100644 --- a/pkg/client/profile/jwt_profile.go +++ b/pkg/client/profile/jwt_profile.go @@ -23,7 +23,15 @@ type jwtProfileTokenSource struct { tokenEndpoint string } -func NewJWTProfileTokenSourceFromKeyFile(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) { +func NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath string, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) { + keyData, err := client.ConfigFromKeyFile(keyPath) + if err != nil { + return nil, err + } + return NewJWTProfileTokenSource(issuer, keyData.UserID, keyData.KeyID, []byte(keyData.Key), scopes, options...) +} + +func NewJWTProfileTokenSourceFromKeyFileData(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) { keyData, err := client.ConfigFromKeyFileData(data) if err != nil { return nil, err diff --git a/pkg/oidc/introspection.go b/pkg/oidc/introspection.go index 1a66520..a2176aa 100644 --- a/pkg/oidc/introspection.go +++ b/pkg/oidc/introspection.go @@ -21,7 +21,7 @@ type IntrospectionResponse interface { UserInfoSetter SetActive(bool) IsActive() bool - SetScopes(scopes Scope) + SetScopes(scopes Scopes) SetClientID(id string) } @@ -31,7 +31,7 @@ func NewIntrospectionResponse() IntrospectionResponse { type introspectionResponse struct { Active bool `json:"active"` - Scope Scope `json:"scope,omitempty"` + Scope Scopes `json:"scope,omitempty"` ClientID string `json:"client_id,omitempty"` Subject string `json:"sub,omitempty"` userInfoProfile @@ -46,7 +46,7 @@ func (u *introspectionResponse) IsActive() bool { return u.Active } -func (u *introspectionResponse) SetScopes(scope Scope) { +func (u *introspectionResponse) SetScopes(scope Scopes) { u.Scope = scope } @@ -252,10 +252,6 @@ func (i *introspectionResponse) MarshalJSON() ([]byte, error) { } return json.Marshal(i.claims) - //if err != nil { - // return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims) - //} - //return utils.ConcatenateJSON(b, claims) } func (i *introspectionResponse) UnmarshalJSON(data []byte) error { diff --git a/pkg/oidc/types.go b/pkg/oidc/types.go index fd496da..5525923 100644 --- a/pkg/oidc/types.go +++ b/pkg/oidc/types.go @@ -59,7 +59,6 @@ type Prompt string type ResponseType string type Scopes []string -type Scope []string //TODO: hurst? func (s Scopes) Encode() string { return strings.Join(s, " ") @@ -74,16 +73,16 @@ func (s *Scopes) MarshalText() ([]byte, error) { return []byte(s.Encode()), nil } -func (s *Scope) MarshalJSON() ([]byte, error) { - return json.Marshal(Scopes(*s).Encode()) +func (s *Scopes) MarshalJSON() ([]byte, error) { + return json.Marshal((*s).Encode()) } -func (s *Scope) UnmarshalJSON(data []byte) error { +func (s *Scopes) UnmarshalJSON(data []byte) error { var str string if err := json.Unmarshal(data, &str); err != nil { return err } - *s = Scope(strings.Split(str, " ")) + *s = strings.Split(str, " ") return nil } diff --git a/pkg/oidc/userinfo.go b/pkg/oidc/userinfo.go index 3a92501..6bc0016 100644 --- a/pkg/oidc/userinfo.go +++ b/pkg/oidc/userinfo.go @@ -355,11 +355,6 @@ func (i *userinfo) MarshalJSON() ([]byte, error) { } return json.Marshal(i.claims) - //claims, err := json.Marshal(i.claims) - //if err != nil { - // return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims) - //} - //return utils.ConcatenateJSON(b, claims) } func (i *userinfo) UnmarshalJSON(data []byte) error { diff --git a/pkg/op/discovery.go b/pkg/op/discovery.go index 291214c..d8ef7c3 100644 --- a/pkg/op/discovery.go +++ b/pkg/op/discovery.go @@ -21,20 +21,16 @@ func Discover(w http.ResponseWriter, config *oidc.DiscoveryConfiguration) { func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfiguration { return &oidc.DiscoveryConfiguration{ - Issuer: c.Issuer(), - AuthorizationEndpoint: c.AuthorizationEndpoint().Absolute(c.Issuer()), - TokenEndpoint: c.TokenEndpoint().Absolute(c.Issuer()), - IntrospectionEndpoint: c.IntrospectionEndpoint().Absolute(c.Issuer()), - UserinfoEndpoint: c.UserinfoEndpoint().Absolute(c.Issuer()), - //RevocationEndpoint: c.RevocationEndpoint().Absolute(c.Issuer()), - EndSessionEndpoint: c.EndSessionEndpoint().Absolute(c.Issuer()), - // CheckSessionIframe: c.TokenEndpoint().Absolute(c.Issuer())(c.CheckSessionIframe), - JwksURI: c.KeysEndpoint().Absolute(c.Issuer()), - ScopesSupported: Scopes(c), - ResponseTypesSupported: ResponseTypes(c), - //ResponseModesSupported: - GrantTypesSupported: GrantTypes(c), - //ACRValuesSupported: ACRValues(c), + Issuer: c.Issuer(), + AuthorizationEndpoint: c.AuthorizationEndpoint().Absolute(c.Issuer()), + TokenEndpoint: c.TokenEndpoint().Absolute(c.Issuer()), + IntrospectionEndpoint: c.IntrospectionEndpoint().Absolute(c.Issuer()), + UserinfoEndpoint: c.UserinfoEndpoint().Absolute(c.Issuer()), + EndSessionEndpoint: c.EndSessionEndpoint().Absolute(c.Issuer()), + JwksURI: c.KeysEndpoint().Absolute(c.Issuer()), + ScopesSupported: Scopes(c), + ResponseTypesSupported: ResponseTypes(c), + GrantTypesSupported: GrantTypes(c), SubjectTypesSupported: SubjectTypes(c), IDTokenSigningAlgValuesSupported: SigAlgorithms(s), TokenEndpointAuthMethodsSupported: AuthMethodsTokenEndpoint(c), diff --git a/pkg/utils/http.go b/pkg/utils/http.go index 6f1b74d..fa51815 100644 --- a/pkg/utils/http.go +++ b/pkg/utils/http.go @@ -42,9 +42,6 @@ func FormRequest(endpoint string, request interface{}, encoder Encoder, authFn i if fn, ok := authFn.(FormAuthorization); ok { fn(form) } - if fn, ok := authFn.(func(url.Values)); ok { - fn(form) - } body := strings.NewReader(form.Encode()) req, err := http.NewRequest("POST", endpoint, body) if err != nil {