example server now passes tests

2022-09-27 14:21:23 -07:00 · 2022-09-27 14:21:23 -07:00 · 2d0c08f8a2
commit 2d0c08f8a2
parent 0137ea5e68
4 changed files with 15 additions and 10 deletions
--- a/example/server/exampleop/op.go
+++ b/example/server/exampleop/op.go
@ -3,7 +3,6 @@ package exampleop
 import (
 	"context"
 	"crypto/sha256"
-	"fmt"
 	"log"
 	"net/http"
 	"os"
@ -35,7 +34,7 @@ type Storage interface {
 // SetupServer creates an OIDC server with Issuer=http://localhost:<port>
 //
 // Use one of the pre-made clients in storage/clients.go or register a new one.
-func SetupServer(ctx context.Context, port string, storage Storage) *mux.Router {
+func SetupServer(ctx context.Context, issuer string, storage Storage) *mux.Router {
 	// this will allow us to use an issuer with http:// instead of https://
 	os.Setenv(op.OidcDevMode, "true")

@ -54,7 +53,7 @@ func SetupServer(ctx context.Context, port string, storage Storage) *mux.Router
 	})

 	// creation of the OpenIDProvider with the just created in-memory Storage
-	provider, err := newOP(ctx, storage, port, key)
+	provider, err := newOP(ctx, storage, issuer, key)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -80,9 +79,9 @@ func SetupServer(ctx context.Context, port string, storage Storage) *mux.Router
 // newOP will create an OpenID Provider for localhost on a specified port with a given encryption key
 // and a predefined default logout uri
 // it will enable all options (see descriptions)
-func newOP(ctx context.Context, storage op.Storage, port string, key [32]byte) (op.OpenIDProvider, error) {
+func newOP(ctx context.Context, storage op.Storage, issuer string, key [32]byte) (op.OpenIDProvider, error) {
 	config := &op.Config{
-		Issuer:    fmt.Sprintf("http://localhost:%s/", port),
+		Issuer:    issuer,
 		CryptoKey: key,

 		// will be used if the end_session endpoint is called without a post_logout_redirect_uri
--- a/example/server/main.go
+++ b/example/server/main.go
@ -18,7 +18,7 @@ func main() {
 	storage := storage.NewStorage(storage.NewUserStore())

 	port := "9998"
-	router := exampleop.SetupServer(ctx, port, storage)
+	router := exampleop.SetupServer(ctx, "http://localhost:"+port, storage)

 	server := &http.Server{
 		Addr:    ":" + port,
--- a/example/server/storage/storage.go
+++ b/example/server/storage/storage.go
@ -60,7 +60,7 @@ func NewStorage(userStore UserStore) *Storage {
 		clients:       clients,
 		userStore:     userStore,
 		services: map[string]Service{
-			"service": {
+			userStore.ExampleClientID(): {
 				keys: map[string]*rsa.PublicKey{
 					"key1": serviceKey1,
 				},
@ -436,12 +436,12 @@ func (s *Storage) GetPrivateClaimsFromScopes(ctx context.Context, userID, client

 // GetKeyByIDAndUserID implements the op.Storage interface
 // it will be called to validate the signatures of a JWT (JWT Profile Grant and Authentication)
-func (s *Storage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error) {
+func (s *Storage) GetKeyByIDAndUserID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error) {
 	s.lock.Lock()
 	defer s.lock.Unlock()
-	service, ok := s.services[userID]
+	service, ok := s.services[clientID]
 	if !ok {
-		return nil, fmt.Errorf("user not found")
+		return nil, fmt.Errorf("clientID not found")
 	}
 	key, ok := service.keys[keyID]
 	if !ok {
--- a/example/server/storage/user.go
+++ b/example/server/storage/user.go
@ -26,6 +26,7 @@ type Service struct {
 type UserStore interface {
 	GetUserByID(string) *User
 	GetUserByUsername(string) *User
+	ExampleClientID() string
 }

 type userStore struct {
@ -51,6 +52,11 @@ func NewUserStore() UserStore {
 	}
 }

+// ExampleClientID is only used in the example server
+func (u userStore) ExampleClientID() string {
+	return "service"
+}
+
 func (u userStore) GetUserByID(id string) *User {
 	return u.users[id]
 }