diff options
| -rw-r--r-- | app/controllers/sessions/controller_test.go | 2 | ||||
| -rw-r--r-- | app/controllers/sessions/service_test.go | 2 | ||||
| -rw-r--r-- | app/init.go | 9 | ||||
| -rw-r--r-- | app/middleware/id_token_test.go | 2 | ||||
| -rw-r--r-- | pkg/oidc/oidc.go | 7 | ||||
| -rw-r--r-- | pkg/oidc/oidc_test.go | 8 | ||||
| -rw-r--r-- | pkg/oidc/provider.go | 27 | ||||
| -rw-r--r-- | pkg/oidc/test_server.go | 5 |
8 files changed, 49 insertions, 13 deletions
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go index b3e1d56..73a373f 100644 --- a/app/controllers/sessions/controller_test.go +++ b/app/controllers/sessions/controller_test.go @@ -26,7 +26,7 @@ func TestSessions(t *testing.T) { clientSecret := srv.MockOIDC.Config().ClientSecret cfg, err := oidc.New( t.Context(), - srv.Issuer(), + srv.Provider, clientID, clientSecret, "callback_url", diff --git a/app/controllers/sessions/service_test.go b/app/controllers/sessions/service_test.go index 4bea1dd..c98488a 100644 --- a/app/controllers/sessions/service_test.go +++ b/app/controllers/sessions/service_test.go @@ -22,7 +22,7 @@ func TestService(t *testing.T) { clientSecret := srv.MockOIDC.Config().ClientSecret cfg, err := oidc.New( t.Context(), - srv.Issuer(), + srv.Provider, clientID, clientSecret, "/session/callback", diff --git a/app/init.go b/app/init.go index c1e999c..959048b 100644 --- a/app/init.go +++ b/app/init.go @@ -5,6 +5,7 @@ import ( "net/http" "os" + xoidc "github.com/coreos/go-oidc/v3/oidc" "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/env" "github.com/xlgmokha/x/pkg/ioc" @@ -50,11 +51,17 @@ func init() { }, } }) + ioc.Register[*xoidc.Provider](ioc.Default, func() *xoidc.Provider { + ctx := context.WithValue(context.Background(), oauth2.HTTPClient, ioc.MustResolve[*http.Client](ioc.Default)) + return oidc.NewProvider(ctx, cfg.OIDCIssuer, func(err error) { + ioc.MustResolve[*zerolog.Logger](ioc.Default).Err(err).Send() + }) + }) ioc.RegisterSingleton[*oidc.OpenID](ioc.Default, func() *oidc.OpenID { ctx := context.WithValue(context.Background(), oauth2.HTTPClient, ioc.MustResolve[*http.Client](ioc.Default)) item, err := oidc.New( ctx, - cfg.OIDCIssuer, + ioc.MustResolve[*xoidc.Provider](ioc.Default), cfg.OAuthClientID, cfg.OAuthClientSecret, cfg.OAuthRedirectURL, diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index 45221ff..3df9a7d 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -26,7 +26,7 @@ func TestIDToken(t *testing.T) { ctx := context.WithValue(t.Context(), oauth2.HTTPClient, client) openID, err := oidc.New( ctx, - srv.Issuer(), + srv.Provider, cfg.ClientID, cfg.ClientSecret, "https://example.com/oauth/callback", diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go index 5ff8c28..6ec1005 100644 --- a/pkg/oidc/oidc.go +++ b/pkg/oidc/oidc.go @@ -13,12 +13,7 @@ type OpenID struct { OIDCConfig *oidc.Config } -func New(ctx context.Context, issuer string, clientID, clientSecret, callbackURL string) (*OpenID, error) { - provider, err := oidc.NewProvider(ctx, issuer) - if err != nil { - return nil, err - } - +func New(ctx context.Context, provider *oidc.Provider, clientID, clientSecret, callbackURL string) (*OpenID, error) { return &OpenID{ Provider: provider, Config: &oauth2.Config{ diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go index 47a58ba..bb040a2 100644 --- a/pkg/oidc/oidc_test.go +++ b/pkg/oidc/oidc_test.go @@ -13,7 +13,13 @@ func TestOpenID(t *testing.T) { defer srv.Close() t.Run("GET /.well-known/openid-configuration", func(t *testing.T) { - openID, err := New(context.Background(), srv.Issuer(), "client_id", "client_secret", "https://example.com/oauth/callback") + openID, err := New( + context.Background(), + srv.Provider, + srv.MockOIDC.ClientID, + srv.MockOIDC.ClientSecret, + "https://example.com/oauth/callback", + ) require.NoError(t, err) assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL) diff --git a/pkg/oidc/provider.go b/pkg/oidc/provider.go new file mode 100644 index 0000000..31f7577 --- /dev/null +++ b/pkg/oidc/provider.go @@ -0,0 +1,27 @@ +package oidc + +import ( + "context" + + "github.com/coreos/go-oidc/v3/oidc" +) + +func NewProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider { + provider, err := oidc.NewProvider(ctx, issuer) + if err == nil { + return provider + } + + report(err) + + config := &oidc.ProviderConfig{ + IssuerURL: issuer, + AuthURL: issuer + "/oauth/authorize", + TokenURL: issuer + "/oauth/token", + DeviceAuthURL: "", + UserInfoURL: issuer + "/oauth/userinfo", + JWKSURL: issuer + "/oauth/disovery/keys", + Algorithms: []string{"RS256"}, + } + return config.NewProvider(ctx) +} diff --git a/pkg/oidc/test_server.go b/pkg/oidc/test_server.go index 5a25549..198076c 100644 --- a/pkg/oidc/test_server.go +++ b/pkg/oidc/test_server.go @@ -30,8 +30,9 @@ func NewTestServer(t *testing.T) *TestServer { }) }) - provider, err := oidc.NewProvider(t.Context(), srv.Issuer()) - require.NoError(t, err) + provider := NewProvider(t.Context(), srv.Issuer(), func(err error) { + require.NoError(t, err) + }) config := &oauth2.Config{ ClientID: srv.Config().ClientID, |