feat(rp): provide key by data (not only path) for jwt profile
This commit is contained in:
Livio Amstutz
parent
d740fe1710
commit
dda0628528
2 changed files with 44 additions and 1 deletions
|
|
@ -40,7 +40,7 @@ func main() {
|
|||
options = append(options, rp.WithPKCE(cookieHandler))
|
||||
}
|
||||
if keyPath != "" {
|
||||
options = append(options, rp.WithClientKey(keyPath))
|
||||
options = append(options, rp.WithJWTProfile(rp.SignerFromKeyPath(keyPath)))
|
||||
}
|
||||
|
||||
provider, err := rp.NewRelyingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes, options...)
|
||||
|
|
|
|||
|
|
@ -233,6 +233,9 @@ func WithVerifierOpts(opts ...VerifierOption) Option {
|
|||
}
|
||||
}
|
||||
|
||||
// WithClientKey specifies the path to the key.json to be used for the JWT Profile Client Authentication on the token endpoint
|
||||
//
|
||||
//deprecated: use WithJWTProfile(SignerFromKeyPath(path)) instead
|
||||
func WithClientKey(path string) Option {
|
||||
return func(rp *relyingParty) error {
|
||||
config, err := client.ConfigFromKeyFile(path)
|
||||
|
|
@ -244,6 +247,46 @@ func WithClientKey(path string) Option {
|
|||
}
|
||||
}
|
||||
|
||||
// WithJWTProfile creates a signer used for the JWT Profile Client Authentication on the token endpoint
|
||||
func WithJWTProfile(signerFromKey SignerFromKey) Option {
|
||||
return func(rp *relyingParty) error {
|
||||
signer, err := signerFromKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rp.signer = signer
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
type SignerFromKey func() (jose.Signer, error)
|
||||
|
||||
func SignerFromKeyPath(path string) SignerFromKey {
|
||||
return func() (jose.Signer, error) {
|
||||
config, err := client.ConfigFromKeyFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return client.NewSignerFromPrivateKeyByte([]byte(config.Key), config.KeyID)
|
||||
}
|
||||
}
|
||||
|
||||
func SignerFromKeyFile(fileData []byte) SignerFromKey {
|
||||
return func() (jose.Signer, error) {
|
||||
config, err := client.ConfigFromKeyFileData(fileData)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return client.NewSignerFromPrivateKeyByte([]byte(config.Key), config.KeyID)
|
||||
}
|
||||
}
|
||||
|
||||
func SignerFromKeyAndKeyID(key []byte, keyID string) SignerFromKey {
|
||||
return func() (jose.Signer, error) {
|
||||
return client.NewSignerFromPrivateKeyByte(key, keyID)
|
||||
}
|
||||
}
|
||||
|
||||
//Discover calls the discovery endpoint of the provided issuer and returns the found endpoints
|
||||
//
|
||||
//deprecated: use client.Discover
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue