specify defautl client id and host

2 files changed, 32 insertions, 1 deletions

diff --git a/src/oidc/bin/03_sts b/src/oidc/bin/03_sts
new file mode 100755
index 0000000..737f427
--- /dev/null
+++ b/src/oidc/bin/03_sts
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+cd "$(dirname "$0")/.."
+HOST="${HOST:-http://localhost:8282}"
+
+if [ $# -eq 0 ]; then
+  echo "Usage:"
+  echo "$0 <id_token> <role_arn>"
+  exit 1
+fi
+
+ID_TOKEN="${1}"
+ROLE_ARN="${2}"
+
+echo "$ID_TOKEN" | ruby -rjson -rbase64 -e "puts Base64.decode64(STDIN.read.split('.')[1])" | jq '.'
+
+aws sts assume-role-with-web-identity \
+  --role-arn "${ROLE_ARN}" \
+  --role-session-name="example-1" \
+  --duration-seconds 900 \
+  --web-identity-token="${ID_TOKEN}" \
+  --output json | cat
diff --git a/src/oidc/main.go b/src/oidc/main.go
index cca89f5..ac077fc 100644
--- a/src/oidc/main.go
+++ b/src/oidc/main.go
@@ -46,9 +46,17 @@ var (
 
 func createIdToken(clientId string) string {
 	now := time.Now()
+	if clientId == "" {
+		clientId = "clientId"
+	}
 	expiresAt := now.Add(time.Hour * time.Duration(1))
+
+	host, ok := os.LookupEnv("HOST")
+	if !ok {
+		host = "http://localhost:8282"
+	}
 	idToken := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
-		Issuer:    "https://example.com",
+		Issuer:    host,
 		Subject:   "1",
 		Audience:  clientId,
 		ExpiresAt: expiresAt.Unix(),