From 7b74ddbe8478bbf901685cea7826d96f042c142e Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 14 May 2025 17:05:41 -0600
Subject: feat: provider a fallback provider that defaults to hard-coded paths

---
 pkg/oidc/oidc.go        |  7 +------
 pkg/oidc/oidc_test.go   |  8 +++++++-
 pkg/oidc/provider.go    | 27 +++++++++++++++++++++++++++
 pkg/oidc/test_server.go |  5 +++--
 4 files changed, 38 insertions(+), 9 deletions(-)
 create mode 100644 pkg/oidc/provider.go

(limited to 'pkg')

diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go
index 5ff8c28..6ec1005 100644
--- a/pkg/oidc/oidc.go
+++ b/pkg/oidc/oidc.go
@@ -13,12 +13,7 @@ type OpenID struct {
 	OIDCConfig *oidc.Config
 }
 
-func New(ctx context.Context, issuer string, clientID, clientSecret, callbackURL string) (*OpenID, error) {
-	provider, err := oidc.NewProvider(ctx, issuer)
-	if err != nil {
-		return nil, err
-	}
-
+func New(ctx context.Context, provider *oidc.Provider, clientID, clientSecret, callbackURL string) (*OpenID, error) {
 	return &OpenID{
 		Provider: provider,
 		Config: &oauth2.Config{
diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go
index 47a58ba..bb040a2 100644
--- a/pkg/oidc/oidc_test.go
+++ b/pkg/oidc/oidc_test.go
@@ -13,7 +13,13 @@ func TestOpenID(t *testing.T) {
 	defer srv.Close()
 
 	t.Run("GET /.well-known/openid-configuration", func(t *testing.T) {
-		openID, err := New(context.Background(), srv.Issuer(), "client_id", "client_secret", "https://example.com/oauth/callback")
+		openID, err := New(
+			context.Background(),
+			srv.Provider,
+			srv.MockOIDC.ClientID,
+			srv.MockOIDC.ClientSecret,
+			"https://example.com/oauth/callback",
+		)
 		require.NoError(t, err)
 
 		assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL)
diff --git a/pkg/oidc/provider.go b/pkg/oidc/provider.go
new file mode 100644
index 0000000..31f7577
--- /dev/null
+++ b/pkg/oidc/provider.go
@@ -0,0 +1,27 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+)
+
+func NewProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider {
+	provider, err := oidc.NewProvider(ctx, issuer)
+	if err == nil {
+		return provider
+	}
+
+	report(err)
+
+	config := &oidc.ProviderConfig{
+		IssuerURL:     issuer,
+		AuthURL:       issuer + "/oauth/authorize",
+		TokenURL:      issuer + "/oauth/token",
+		DeviceAuthURL: "",
+		UserInfoURL:   issuer + "/oauth/userinfo",
+		JWKSURL:       issuer + "/oauth/disovery/keys",
+		Algorithms:    []string{"RS256"},
+	}
+	return config.NewProvider(ctx)
+}
diff --git a/pkg/oidc/test_server.go b/pkg/oidc/test_server.go
index 5a25549..198076c 100644
--- a/pkg/oidc/test_server.go
+++ b/pkg/oidc/test_server.go
@@ -30,8 +30,9 @@ func NewTestServer(t *testing.T) *TestServer {
 		})
 	})
 
-	provider, err := oidc.NewProvider(t.Context(), srv.Issuer())
-	require.NoError(t, err)
+	provider := NewProvider(t.Context(), srv.Issuer(), func(err error) {
+		require.NoError(t, err)
+	})
 
 	config := &oauth2.Config{
 		ClientID:     srv.Config().ClientID,
-- 
cgit v1.2.3