cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix examples

Browse source
This commit is contained in:
Livio Amstutz 2022-04-22 15:02:24 +02:00
parent 3dd0d5fc3a
commit 5c5d716409
No known key found for this signature in database
GPG key ID: 7AB5FDFBCA448635
6 changed files with 533 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

15
example/server/op/op.go
View file

@ -3,6 +3,7 @@ package main
import (
"context"
"crypto/sha256"
"fmt"
"log"
"net/http"
@ -28,7 +29,10 @@ func init() {
func main() {
ctx := context.Background()
//we will run on :9998
port := "9998"
//which gives us the issuer: //http://localhost:9998/
issuer := fmt.Sprintf("http://localhost:%s/", port)
//the OpenID Provider requires a 32-byte key for (token) encryption
//be sure to create a proper crypto random key and manage it securely!
@ -47,17 +51,17 @@ func main() {
//the OpenIDProvider interface needs a Storage interface handling various checks and state manipulations
//this might be the layer for accessing your database
//in this example it will be handled in-memory
storage := internal.NewStorage()
storage := internal.NewStorage(issuer)
//creation of the OpenIDProvider with the just created in-memory Storage
provider, err := newOP(ctx, storage, port, key)
provider, err := newOP(ctx, storage, issuer, key)
if err != nil {
log.Fatal(err)
}
//the provider will only take care of the OpenID Protocol, so there must be some sort of UI for the login process
//for the simplicity of the example this means a simple page with username and password field
l := NewLogin(storage, op.AuthCallbackURL(provider), op.NewIssuerInterceptor(provider.IssuerFromRequest))
l := NewLogin(storage, op.AuthCallbackURL(provider))
//regardless of how many pages / steps there are in the process, the UI must be registered in the router,
//so we will direct all calls to /login to the login UI
@ -85,7 +89,7 @@ func main() {
//newOP will create an OpenID Provider for localhost on a specified port with a given encryption key
//and a predefined default logout uri
//it will enable all options (see descriptions)
func newOP(ctx context.Context, storage op.Storage, port string, key [32]byte) (*op.Provider, error) {
func newOP(ctx context.Context, storage op.Storage, issuer string, key [32]byte) (*op.Provider, error) {
config := &op.Config{
CryptoKey: key,
@ -110,8 +114,7 @@ func newOP(ctx context.Context, storage op.Storage, port string, key [32]byte) (
//this example has only static texts (in English), so we'll set the here accordingly
SupportedUILocales: []language.Tag{language.English},
}
//handler, err := op.NewOpenIDProvider(ctx, fmt.Sprintf("http://localhost:%s/", port), config, storage,
handler, err := op.NewDynamicOpenIDProvider(ctx, "/", config, storage,
handler, err := op.NewOpenIDProvider(ctx, issuer, config, storage,
//we must explicitly allow the use of the http issuer
op.WithAllowInsecure(),
//as an example on how to customize an endpoint this will change the authorization_endpoint from /authorize to /auth