fix(exampleop): pass the issuer interceptor to login
This commit is contained in:
Tim Möhlmann
parent
37b5de0e82
commit
508f6d719c
4 changed files with 14 additions and 12 deletions
|
|
@ -40,7 +40,7 @@ func main() {
|
|||
port := "9998"
|
||||
issuers := make([]string, len(hostnames))
|
||||
for i, hostname := range hostnames {
|
||||
issuers[i] = fmt.Sprintf("http://%s:%s/", hostname, port)
|
||||
issuers[i] = fmt.Sprintf("http://%s:%s/oidc/", hostname, port)
|
||||
}
|
||||
|
||||
//the OpenID Provider requires a 32-byte key for (token) encryption
|
||||
|
|
@ -84,7 +84,7 @@ func main() {
|
|||
//if your issuer ends with a path (e.g. http://localhost:9998/custom/path/),
|
||||
//then you would have to set the path prefix (/custom/path/):
|
||||
//router.PathPrefix("/custom/path/").Handler(http.StripPrefix("/custom/path", provider.HttpHandler()))
|
||||
router.PathPrefix("/").Handler(provider.HttpHandler())
|
||||
router.PathPrefix("/oidc/").Handler(http.StripPrefix("/oidc", provider.HttpHandler()))
|
||||
|
||||
server := &http.Server{
|
||||
Addr: ":" + port,
|
||||
|
|
@ -125,7 +125,7 @@ func newDynamicOP(ctx context.Context, storage op.Storage, key [32]byte) (*op.Pr
|
|||
//this example has only static texts (in English), so we'll set the here accordingly
|
||||
SupportedUILocales: []language.Tag{language.English},
|
||||
}
|
||||
handler, err := op.NewDynamicOpenIDProvider("/", config, storage,
|
||||
handler, err := op.NewDynamicOpenIDProvider("/oidc/", config, storage,
|
||||
//we must explicitly allow the use of the http issuer
|
||||
op.WithAllowInsecure(),
|
||||
//as an example on how to customize an endpoint this will change the authorization_endpoint from /authorize to /auth
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/zitadel/oidc/v2/pkg/op"
|
||||
)
|
||||
|
||||
type login struct {
|
||||
|
|
@ -14,19 +15,19 @@ type login struct {
|
|||
callback func(context.Context, string) string
|
||||
}
|
||||
|
||||
func NewLogin(authenticate authenticate, callback func(context.Context, string) string) *login {
|
||||
func NewLogin(authenticate authenticate, callback func(context.Context, string) string, issuerInterceptor *op.IssuerInterceptor) *login {
|
||||
l := &login{
|
||||
authenticate: authenticate,
|
||||
callback: callback,
|
||||
}
|
||||
l.createRouter()
|
||||
l.createRouter(issuerInterceptor)
|
||||
return l
|
||||
}
|
||||
|
||||
func (l *login) createRouter() {
|
||||
func (l *login) createRouter(issuerInterceptor *op.IssuerInterceptor) {
|
||||
l.router = mux.NewRouter()
|
||||
l.router.Path("/username").Methods("GET").HandlerFunc(l.loginHandler)
|
||||
l.router.Path("/username").Methods("POST").HandlerFunc(l.checkLoginHandler)
|
||||
l.router.Path("/username").Methods("POST").HandlerFunc(issuerInterceptor.HandlerFunc(l.checkLoginHandler))
|
||||
}
|
||||
|
||||
type authenticate interface {
|
||||
|
|
|
|||
|
|
@ -55,9 +55,10 @@ func SetupServer(issuer string, storage Storage, extraOptions ...op.Option) *mux
|
|||
log.Fatal(err)
|
||||
}
|
||||
|
||||
// the provider will only take care of the OpenID Protocol, so there must be some sort of UI for the login process
|
||||
// for the simplicity of the example this means a simple page with username and password field
|
||||
l := NewLogin(storage, op.AuthCallbackURL(provider))
|
||||
//the provider will only take care of the OpenID Protocol, so there must be some sort of UI for the login process
|
||||
//for the simplicity of the example this means a simple page with username and password field
|
||||
//be sure to provide an IssuerInterceptor with the IssuerFromRequest from the OP so the login can select / and pass it to the storage
|
||||
l := NewLogin(storage, op.AuthCallbackURL(provider), op.NewIssuerInterceptor(provider.IssuerFromRequest))
|
||||
|
||||
// regardless of how many pages / steps there are in the process, the UI must be registered in the router,
|
||||
// so we will direct all calls to /login to the login UI
|
||||
|
|
@ -71,7 +72,7 @@ func SetupServer(issuer string, storage Storage, extraOptions ...op.Option) *mux
|
|||
//
|
||||
// if your issuer ends with a path (e.g. http://localhost:9998/custom/path/),
|
||||
// then you would have to set the path prefix (/custom/path/)
|
||||
router.PathPrefix("/").Handler(provider.HttpHandler())
|
||||
router.PathPrefix("/oidc/").Handler(http.StripPrefix("/oidc", provider.HttpHandler()))
|
||||
|
||||
return router
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ func main() {
|
|||
//we will run on :9998
|
||||
port := "9998"
|
||||
//which gives us the issuer: http://localhost:9998/
|
||||
issuer := fmt.Sprintf("http://localhost:%s/", port)
|
||||
issuer := fmt.Sprintf("http://localhost:%s/oidc/", port)
|
||||
|
||||
// the OpenIDProvider interface needs a Storage interface handling various checks and state manipulations
|
||||
// this might be the layer for accessing your database
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue