cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zitadel-oidc/pkg/op/default_handler.go
Livio Amstutz 8b0f4438fb try config handling
2019-11-21 13:56:03 +01:00

210 lines
5.5 KiB
Go
Raw Blame History

package server
import (
"errors"
"net/http"
"net/url"
"strings"
"github.com/caos/oidc/pkg/utils"
"github.com/caos/oidc/pkg/oidc"
)
type DefaultHandler struct {
config *Config
discoveryConfig *oidc.DiscoveryConfiguration
storage Storage
http *http.Server
}
type Config struct {
Issuer string
AuthorizationEndpoint Endpoint
TokenEndpoint Endpoint
IntrospectionEndpoint Endpoint
UserinfoEndpoint Endpoint
EndSessionEndpoint Endpoint
CheckSessionIframe Endpoint
JwksURI Endpoint
// ScopesSupported: oidc.SupportedScopes,
// ResponseTypesSupported: responseTypes,
// GrantTypesSupported: oidc.SupportedGrantTypes,
// ClaimsSupported: oidc.SupportedClaims,
// IdTokenSigningAlgValuesSupported: []string{keys.SigningAlgorithm},
// SubjectTypesSupported: []string{"public"},
// TokenEndpointAuthMethodsSupported:
Port string
}
const (
defaultAuthorizationEndpoint = "authorize"
defaulTokenEndpoint = "token"
defaultIntrospectEndpoint = "introspect"
defaultUserinfoEndpoint = "me"
)
func (c *Config) DefaultAndValidate() error {
if err := ValidateIssuer(c.Issuer); err != nil {
return err
}
if c.AuthorizationEndpoint == "" {
c.AuthorizationEndpoint = defaultAuthorizationEndpoint
}
if c.TokenEndpoint == "" {
c.TokenEndpoint = defaulTokenEndpoint
}
if c.IntrospectionEndpoint == "" {
c.IntrospectionEndpoint = defaultIntrospectEndpoint
}
if c.UserinfoEndpoint == "" {
c.UserinfoEndpoint = defaultUserinfoEndpoint
}
return nil
}
func ValidateIssuer(issuer string) error {
if issuer == "" {
return errors.New("missing issuer")
}
u, err := url.Parse(issuer)
if err != nil {
return errors.New("invalid url for issuer")
}
if u.Host == "" {
return errors.New("host for issuer missing")
}
if u.Scheme != "https" {
if !(u.Scheme == "http" && (u.Host == "localhost" || u.Host == "127.0.0.1" || u.Host == "::1" || strings.HasPrefix(u.Host, "localhost:"))) { //TODO: ?
return errors.New("scheme for issuer must be `https`")
}
}
if u.Fragment != "" || len(u.Query()) > 0 {
return errors.New("no fragments or query allowed for issuer")
}
return nil
}
func OIDC(c Configuration) *oidc.DiscoveryConfiguration {
return &oidc.DiscoveryConfiguration{
Issuer: c.Issuer(),
AuthorizationEndpoint: c.AuthorizationEndpoint().Absolute(c.Issuer()),
// TokenEndpoint: c.absoluteEndpoint(c.TokenEndpoint),
// IntrospectionEndpoint: c.absoluteEndpoint(c.IntrospectionEndpoint),
// UserinfoEndpoint: c.absoluteEndpoint(c.UserinfoEndpoint),
// EndSessionEndpoint: c.absoluteEndpoint(c.EndSessionEndpoint),
// CheckSessionIframe: c.absoluteEndpoint(c.CheckSessionIframe),
// JwksURI: c.absoluteEndpoint(c.JwksURI),
// ScopesSupported: oidc.SupportedScopes,
// ResponseTypesSupported: responseTypes,
// GrantTypesSupported: oidc.SupportedGrantTypes,
// ClaimsSupported: oidc.SupportedClaims,
// IdTokenSigningAlgValuesSupported: []string{keys.SigningAlgorithm},
// SubjectTypesSupported: []string{"public"},
// TokenEndpointAuthMethodsSupported:
}
}
func (c *Config) absoluteEndpoint(endpoint string) string {
return strings.TrimSuffix(c.Issuer, "/") + relativeEndpoint(endpoint)
}
func absoluteEndpoint(host, endpoint string) string {
return strings.TrimSuffix(host, "/") + relativeEndpoint(endpoint)
}
func relativeEndpoint(endpoint string) string {
return "/" + strings.TrimPrefix(endpoint, "/")
}
func NewDefaultHandler(config *Config, storage Storage) (Handler, error) {
err := config.DefaultAndValidate()
if err != nil {
return nil, err
}
h := &DefaultHandler{
config: config,
storage: storage,
}
h.discoveryConfig = OIDC(h)
router := CreateRouter(h)
h.http = &http.Server{
Addr: ":" + config.Port,
Handler: router,
}
return h, nil
}
func (h *DefaultHandler) Issuer() string {
return h.config.Issuer
}
type Endpoint string
func (e Endpoint) Relative() string {
return relativeEndpoint(string(e))
}
func (e Endpoint) Absolute(host string) string {
return absoluteEndpoint(host, string(e))
}
func (e Endpoint) Validate() error {
return nil //TODO:
}
func (h *DefaultHandler) AuthorizationEndpoint() Endpoint {
return Endpoint(h.config.AuthorizationEndpoint)
}
func (h *DefaultHandler) TokenEndpoint() Endpoint {
return Endpoint(h.config.TokenEndpoint)
}
func (h *DefaultHandler) UserinfoEndpoint() Endpoint {
return Endpoint(h.config.UserinfoEndpoint)
}
func (h *DefaultHandler) Port() string {
return h.config.Port
}
func (h *DefaultHandler) HttpHandler() *http.Server {
return h.http
}
func (h *DefaultHandler) HandleDiscovery(w http.ResponseWriter, r *http.Request) {
utils.MarshalJSON(w, h.discoveryConfig)
}
func (h *DefaultHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
authRequest, err := ParseAuthRequest(w, r)
if err != nil {
//TODO: return err
}
err = ValidateAuthRequest(authRequest)
if err != nil {
//TODO: return err
}
if NeedsExistingSession(authRequest) {
// session, err := h.storage.CheckSession(authRequest)
// if err != nil {
// //TODO: return err
// }
}
err = h.storage.CreateAuthRequest(authRequest)
if err != nil {
//TODO: return err
}
//TODO: redirect?
}
func (h *DefaultHandler) HandleExchange(w http.ResponseWriter, r *http.Request) {
}
func (h *DefaultHandler) HandleUserinfo(w http.ResponseWriter, r *http.Request) {
}
Reference in a new issue View git blame Copy permalink