Merge branch 'main' into dependabot/go_modules/github.com/caos/logging-0.3.1

# Conflicts: # pkg/op/signer.go
2022-03-16 11:13:24 +01:00 · 2022-03-16 11:13:24 +01:00 · c8d9da150e
commit c8d9da150e
parent 7f698a74c4 c07557be02
6 changed files with 60 additions and 25 deletions
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -19,6 +19,7 @@ import (
 const (
 	healthEndpoint               = "/healthz"
 	readinessEndpoint            = "/ready"
+	authCallbackPathSuffix       = "/callback"
 	defaultAuthorizationEndpoint = "authorize"
 	defaultTokenEndpoint         = "oauth/token"
 	defaultIntrospectEndpoint    = "oauth/introspect"
@ -72,7 +73,7 @@ func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router
 	router.HandleFunc(readinessEndpoint, readyHandler(o.Probes()))
 	router.HandleFunc(oidc.DiscoveryEndpoint, discoveryHandler(o, o.Signer()))
 	router.Handle(o.AuthorizationEndpoint().Relative(), intercept(authorizeHandler(o)))
-	router.NewRoute().Path(o.AuthorizationEndpoint().Relative()+"/callback").Queries("id", "{id}").Handler(intercept(authorizeCallbackHandler(o)))
+	router.NewRoute().Path(authCallbackPath(o)).Queries("id", "{id}").Handler(intercept(authorizeCallbackHandler(o)))
 	router.Handle(o.TokenEndpoint().Relative(), intercept(tokenHandler(o)))
 	router.HandleFunc(o.IntrospectionEndpoint().Relative(), introspectionHandler(o))
 	router.HandleFunc(o.UserinfoEndpoint().Relative(), userinfoHandler(o))
@ -82,6 +83,17 @@ func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router
 	return router
 }

+//AuthCallbackURL builds the url for the redirect (with the requestID) after a successful login
+func AuthCallbackURL(o OpenIDProvider) func(string) string {
+	return func(requestID string) string {
+		return o.AuthorizationEndpoint().Absolute(o.Issuer()) + authCallbackPathSuffix + "?id=" + requestID
+	}
+}
+
+func authCallbackPath(o OpenIDProvider) string {
+	return o.AuthorizationEndpoint().Relative() + authCallbackPathSuffix
+}
+
 type Config struct {
 	Issuer                   string
 	CryptoKey                [32]byte
@ -125,8 +137,8 @@ func NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opO
 	}

 	keyCh := make(chan jose.SigningKey)
-	o.signer = NewSigner(ctx, storage, keyCh)
 	go storage.GetSigningKey(ctx, keyCh)
+	o.signer = NewSigner(ctx, storage, keyCh)

 	o.httpHandler = CreateRouter(o, o.interceptors...)

--- a/pkg/op/signer.go
+++ b/pkg/op/signer.go
@ -25,6 +25,12 @@ func NewSigner(ctx context.Context, storage AuthStorage, keyCh <-chan jose.Signi
 		storage: storage,
 	}

+	select {
+	case <-ctx.Done():
+		return nil
+	case key := <-keyCh:
+		s.exchangeSigningKey(key)
+	}
 	go s.refreshSigningKey(ctx, keyCh)

 	return s
@ -50,23 +56,27 @@ func (s *tokenSigner) refreshSigningKey(ctx context.Context, keyCh <-chan jose.S
 		case <-ctx.Done():
 			return
 		case key := <-keyCh:
-			s.alg = key.Algorithm
-			if key.Algorithm == "" || key.Key == nil {
-				s.signer = nil
-				logging.Warn("signer has no key")
-				continue
-			}
-			var err error
-			s.signer, err = jose.NewSigner(key, &jose.SignerOptions{})
-			if err != nil {
-				logging.New().WithError(err).Error("error creating signer")
-				continue
-			}
-			logging.Info("signer exchanged signing key")
+			s.exchangeSigningKey(key)
 		}
 	}
 }

+func (s *tokenSigner) exchangeSigningKey(key jose.SigningKey) {
+	s.alg = key.Algorithm
+	if key.Algorithm == "" || key.Key == nil {
+		s.signer = nil
+		logging.Warn("signer has no key")
+		return
+	}
+	var err error
+	s.signer, err = jose.NewSigner(key, &jose.SignerOptions{})
+	if err != nil {
+		logging.New().WithError(err).Error("error creating signer")
+		return
+	}
+	logging.Info("signer exchanged signing key")
+}
+
 func (s *tokenSigner) SignatureAlgorithm() jose.SignatureAlgorithm {
 	return s.alg
 }