cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix examples and update usage

Browse source
This commit is contained in:
Livio Amstutz 2022-04-22 15:42:09 +02:00
parent 636d0db033
commit 33a38e9c07
No known key found for this signature in database
GPG key ID: 7AB5FDFBCA448635
4 changed files with 16 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -43,16 +43,27 @@ Check the `/example` folder where example code for different scenarios is locate
```bash
# start oidc op server
# oidc discovery http://localhost:9998/.well-known/openid-configuration
go run github.com/caos/oidc/example/server
go run github.com/caos/oidc/example/server/op
# start oidc web client
CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/caos/oidc/example/client/app
```
- open http://localhost:9999/login in your browser
- you will be redirected to op server and the login UI
- login with user `test-user` and password `verysecure`
- login with user `test-user@localhost` and password `verysecure`
- the OP will redirect you to the client app, which displays the user info
for the dynamic issuer, just start it with:
```bash
go run github.com/caos/oidc/example/server/dynamic
```
the oidc web client above will still work, but if you add `oidc.local` (pointing to 127.0.0.1) in your hosts file you can also start it with:
```bash
CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://oidc.local:9998/ SCOPES="openid profile" PORT=9999 go run github.com/caos/oidc/example/client/app
```
> Note: Usernames are suffixed with the hostname (`test-user@localhost` or `test-user@oidc.local`)
## Features
| | Code Flow | Implicit Flow | Hybrid Flow | Discovery | PKCE | Token Exchange | mTLS | JWT Profile | Refresh Token |

2
example/server/dynamic/op.go
View file

@ -40,7 +40,7 @@ func main() {
port := "9998"
issuers := make([]string, len(hostnames))
for i, hostname := range hostnames {
issuers[i] = fmt.Sprintf("http://%s:%s", hostname, port)
issuers[i] = fmt.Sprintf("http://%s:%s/", hostname, port)
}
//the OpenID Provider requires a 32-byte key for (token) encryption

2
example/server/internal/storage.go
View file

@ -82,7 +82,7 @@ func (s *publicKey) Key() interface{} {
}
func NewStorage(issuer string) *storage {
hostname := strings.Split(strings.Split(issuer, "://")[0], ":")[0]
hostname := strings.Split(strings.Split(issuer, "://")[1], ":")[0]
key, _ := rsa.GenerateKey(rand.Reader, 2048)
return &storage{
authRequests: make(map[string]*AuthRequest),

2
example/server/internal/storage_dynamic.go
View file

@ -254,7 +254,7 @@ func (s *multiStorage) Health(ctx context.Context) error {
func (s *multiStorage) storageFromContext(ctx context.Context) (*storage, *oidc.Error) {
storage, ok := s.issuers[op.IssuerFromContext(ctx)]
if !ok {
return nil, oidc.ErrInvalidRequest().WithDescription("invalid issuer")
}
return storage, nil
}