cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix code flow example

Browse source
This commit is contained in:
Livio Amstutz 2022-04-06 11:41:37 +02:00
parent 6736ca0a79
commit 30e40af24a
No known key found for this signature in database
GPG key ID: 26BB1C2FA5952CF0
1 changed files with 30 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

44
example/server/internal/storage.go
View file

@ -8,6 +8,7 @@ import (
"time" "time"
"github.com/google/uuid" "github.com/google/uuid"
"golang.org/x/text/language"
"gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2"
"github.com/caos/oidc/pkg/oidc" "github.com/caos/oidc/pkg/oidc"
@ -42,6 +43,20 @@ func NewStorage() *storage {
tokens: make(map[string]*Token), tokens: make(map[string]*Token),
refreshTokens: make(map[string]*RefreshToken), refreshTokens: make(map[string]*RefreshToken),
clients: clients, clients: clients,
users: map[string]*User{
"id1": {
id: "id1",
username: "test-user",
password: "verysecure",
firstname: "Test",
lastname: "User",
email: "test-user@zitadel.ch",
emailVerified: true,
phone: "",
phoneVerified: false,
preferredLanguage: language.German,
},
},
signingKey: signingKey{ signingKey: signingKey{
ID: "id", ID: "id",
Algorithm: "RS256", Algorithm: "RS256",
@ -52,26 +67,27 @@ func NewStorage() *storage {
//CheckUsernamePassword implements the `authenticate` interface of the login //CheckUsernamePassword implements the `authenticate` interface of the login
func (s *storage) CheckUsernamePassword(username, password, id string) error { func (s *storage) CheckUsernamePassword(username, password, id string) error {
//for demonstration purposes we'll check on a static list with plain text password
//for real world scenarios, be sure to have the password hashed and salted (e.g. using bcrypt)
user, ok := s.users[username]
if !ok || user.password != password {
return fmt.Errorf("username or password wrong")
}
request, ok := s.authRequests[id] request, ok := s.authRequests[id]
if !ok { if !ok {
return fmt.Errorf("request not found") return fmt.Errorf("request not found")
} }
//be sure to set user id into the auth request after the user was checked (either with or without password), //for demonstration purposes we'll check on a static list with plain text password
//so that you'll be able to get more information about the user after the login //for real world scenarios, be sure to have the password hashed and salted (e.g. using bcrypt)
request.UserID = user.id for _, user := range s.users {
if user.username == username && user.password == password {
//be sure to set user id into the auth request after the user was checked,
//so that you'll be able to get more information about the user after the login
request.UserID = user.id
//you will have to change some state on the request to guide the user through possible multiple steps of the login process //you will have to change some state on the request to guide the user through possible multiple steps of the login process
//in this example we'll simply check the username / password and set a boolean to true //in this example we'll simply check the username / password and set a boolean to true
//therefore we will also just check this boolean if the request / login has been finished //therefore we will also just check this boolean if the request / login has been finished
request.passwordChecked = true request.passwordChecked = true
return nil return nil
}
}
return fmt.Errorf("username or password wrong")
} }
//CreateAuthRequest implements the op.Storage interface //CreateAuthRequest implements the op.Storage interface