feat: token introspection (#83)

* introspect * introspect and client assertion * introspect and client assertion * scopes * token introspection * introspect * refactoring * fixes * clenaup * Update example/internal/mock/storage.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * clenaup Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2021-02-15 13:43:50 +01:00 · 2021-02-15 13:43:50 +01:00 · 1518c843de
commit 1518c843de
parent fa92a20615
46 changed files with 1672 additions and 570 deletions
--- a/example/client/app/app.go
+++ b/example/client/app/app.go
@ -1,11 +1,8 @@
 package main

 import (
-	"context"
 	"encoding/json"
 	"fmt"
-	"html/template"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"strings"
@ -14,8 +11,8 @@ import (
 	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"

+	"github.com/caos/oidc/pkg/client/rp"
 	"github.com/caos/oidc/pkg/oidc"
-	"github.com/caos/oidc/pkg/rp"
 	"github.com/caos/oidc/pkg/utils"
 )

@ -27,18 +24,26 @@ var (
 func main() {
 	clientID := os.Getenv("CLIENT_ID")
 	clientSecret := os.Getenv("CLIENT_SECRET")
+	keyPath := os.Getenv("KEY_PATH")
 	issuer := os.Getenv("ISSUER")
 	port := os.Getenv("PORT")
 	scopes := strings.Split(os.Getenv("SCOPES"), " ")

-	ctx := context.Background()
-
 	redirectURI := fmt.Sprintf("http://localhost:%v%v", port, callbackPath)
 	cookieHandler := utils.NewCookieHandler(key, key, utils.WithUnsecure())
-	provider, err := rp.NewRelayingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes,
-		rp.WithPKCE(cookieHandler),
-		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5*time.Second)),
-	)
+
+	options := []rp.Option{
+		rp.WithCookieHandler(cookieHandler),
+		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
+	}
+	if clientSecret == "" {
+		options = append(options, rp.WithPKCE(cookieHandler))
+	}
+	if keyPath != "" {
+		options = append(options, rp.WithClientKey(keyPath))
+	}
+
+	provider, err := rp.NewRelyingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes, options...)
 	if err != nil {
 		logrus.Fatalf("error creating provider %s", err.Error())
 	}
@ -71,80 +76,6 @@ func main() {
 	//with the returned tokens from the token endpoint
 	http.Handle(callbackPath, rp.CodeExchangeHandler(marshal, provider))

-	http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
-		tokens, err := rp.ClientCredentials(ctx, provider, "scope")
-		if err != nil {
-			http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
-			return
-		}
-
-		data, err := json.Marshal(tokens)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		w.Write(data)
-	})
-
-	http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) {
-		if r.Method == "GET" {
-			tpl := `
-	<!DOCTYPE html>
-	<html>
-		<head>
-			<meta charset="UTF-8">
-			<title>Login</title>
-		</head>
-		<body>
-			<form method="POST" action="/jwt-profile" enctype="multipart/form-data">
-				<label for="key">Select a key file:</label>
-				<input type="file" accept=".json" id="key" name="key">
-				<button type="submit">Get Token</button>
-			</form>
-		</body>
-	</html>`
-			t, err := template.New("login").Parse(tpl)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			err = t.Execute(w, nil)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-			}
-		} else {
-			err := r.ParseMultipartForm(4 << 10)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			file, handler, err := r.FormFile("key")
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			defer file.Close()
-
-			key, err := ioutil.ReadAll(file)
-			fmt.Println(handler.Header)
-			assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer})
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			token, err := rp.JWTProfileAssertionExchange(ctx, assertion, scopes, provider)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			data, err := json.Marshal(token)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			w.Write(data)
-		}
-	})
 	lis := fmt.Sprintf("127.0.0.1:%s", port)
 	logrus.Infof("listening on http://%s/", lis)
 	logrus.Fatal(http.ListenAndServe("127.0.0.1:"+port, nil))