update app example

example/client/app/app.go

@@ -6,10 +6,11 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-
-	"github.com/sirupsen/logrus"
+	"time"
 
 	"github.com/google/uuid"
+	"github.com/sirupsen/logrus"
+	"golang.org/x/oauth2"
 
 	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/rp"
@@ -29,41 +30,34 @@ func main() {
 
 	ctx := context.Background()
 
-	rpConfig := &rp.Config{
-		ClientID:     clientID,
-		ClientSecret: clientSecret,
-		Issuer:       issuer,
-		CallbackURL:  fmt.Sprintf("http://localhost:%v%v", port, callbackPath),
-		Scopes:       []string{"openid", "profile", "email"},
+	rpConfig := &rp.Configuration{
+		Issuer: issuer,
+		Config: &oauth2.Config{
+			ClientID:     clientID,
+			ClientSecret: clientSecret,
+			RedirectURL:  fmt.Sprintf("http://localhost:%v%v", port, callbackPath),
+			Scopes:       []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail},
+		},
 	}
 	cookieHandler := utils.NewCookieHandler(key, key, utils.WithUnsecure())
-	provider, err := rp.NewDefaultRP(rpConfig, rp.WithCookieHandler(cookieHandler)) //rp.WithPKCE(cookieHandler)) //,
+	provider, err := rp.NewRelayingParty(rpConfig, rp.WithCookieHandler(cookieHandler), rp.WithPKCE(cookieHandler), rp.WithVerifierOpts(rp.WithIssuedAtOffset(-3*time.Minute))) //,
 	if err != nil {
 		logrus.Fatalf("error creating provider %s", err.Error())
 	}
 
-	// state := "foobar"
-	state := uuid.New().String()
+	//generate some state (representing the state of the user in your application,
+	//e.g. the page where he was before sending him to login
+	state := func() string {
+		return uuid.New().String()
+	}
 
-	http.Handle("/login", provider.AuthURLHandler(state))
-	// http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {
-	// 	http.Redirect(w, r, provider.AuthURL(state), http.StatusFound)
-	// })
-
-	// http.HandleFunc(callbackPath, func(w http.ResponseWriter, r *http.Request) {
-	// 	tokens, err := provider.CodeExchange(ctx, r.URL.Query().Get("code"))
-	// 	if err != nil {
-	// 		http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
-	// 		return
-	// 	}
-	// 	data, err := json.Marshal(tokens)
-	// 	if err != nil {
-	// 		http.Error(w, err.Error(), http.StatusInternalServerError)
-	// 		return
-	// 	}
-	// 	w.Write(data)
-	// })
+	//register the AuthURLHandler at your preferred path
+	//the AuthURLHandler creates the auth request and redirects the user to the auth server
+	//including state handling with secure cookie and the possibility to use PKCE
+	http.Handle("/login", rp.AuthURLHandler(state, provider))
 
+	//for demonstration purposes the returned tokens (access token, id_token an its parsed claims)
+	//are written as JSON objects onto response
 	marshal := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens, state string) {
 		_ = state
 		data, err := json.Marshal(tokens)
@@ -74,10 +68,13 @@ func main() {
 		w.Write(data)
 	}
 
-	http.Handle(callbackPath, provider.CodeExchangeHandler(marshal))
+	//register the CodeExchangeHandler at the callbackPath
+	//the CodeExchangeHandler handles the auth response, creates the token request and calls the callback function
+	//with the returned tokens from the token endpoint
+	http.Handle(callbackPath, rp.CodeExchangeHandler(marshal, provider))
 
 	http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
-		tokens, err := provider.ClientCredentials(ctx, "scope")
+		tokens, err := rp.ClientCredentials(ctx, provider, "scope")
 		if err != nil {
 			http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
 			return
@@ -92,5 +89,5 @@ func main() {
 	})
 	lis := fmt.Sprintf("127.0.0.1:%s", port)
 	logrus.Infof("listening on http://%s/", lis)
-	logrus.Fatal(http.ListenAndServe("127.0.0.1:5556", nil))
+	logrus.Fatal(http.ListenAndServe("127.0.0.1:"+port, nil))
 }