generate a jwt as the id_token

4 files changed, 80 insertions, 1 deletions

diff --git a/src/oidc/go.mod b/src/oidc/go.mod
index 6d19d06..87be84c 100644
--- a/src/oidc/go.mod
+++ b/src/oidc/go.mod
@@ -1,3 +1,7 @@
 module github.com/hashicorp/xlgmokha/src/oidc
 
 go 1.18
+
+require github.com/google/uuid v1.3.0
+
+require github.com/golang-jwt/jwt v3.2.2+incompatible
diff --git a/src/oidc/go.sum b/src/oidc/go.sum
new file mode 100644
index 0000000..9fb2128
--- /dev/null
+++ b/src/oidc/go.sum
@@ -0,0 +1,4 @@
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
diff --git a/src/oidc/insecure.pem b/src/oidc/insecure.pem
new file mode 100644
index 0000000..2c2d50c
--- /dev/null
+++ b/src/oidc/insecure.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAzarZqw/DVFYx17kaGhhQSHDdGy0axPoKfQj1umXWEkTzUQeV
+ge+KlD37hdk52usO4NLL01n7UyKMy6GbSbBn6DhEVwRzZiEZvxWyU70jhXkeOcwH
+bl/H06B291F3cPhUv6RUQ9fQ7nVrA0IJnpFGRoIzpsrcjpjTFYLQF6pnkg/ZQNNq
+6hWlI2Xw9pB5jLSrG221+d/pwAQhnFwnUEJi/mfV3/ISwlNXXNOt/voNCiHfJDnb
+y8OdjQ1slI0Vi5V5AubqLbX8IOmWuPNCSQIN0sa17FvRsE0aFkwiYUy48kYad6CK
+zJ30nAGG7N/d+DjMNkB+my5o/HgyTyVMwbb9++X0GEHZ94tLSSA6OXoKQ4vgCXxA
+M0qpdu5y0xow4M87u/kDbEVOxyihIZ0ovj0IBJi91d++FJ9Yn9sbL+6UkcBCzf9+
+vJRwyp75xTfK0W7N2rQrZmSMmsh5JLTzjEOvcaDsPt+WxARrRoNB8JACWDyigxWA
+On6+m5KwfkYi0KsZz0sxZ7Enc4uBPinE/A6b0jnbwX4Eld58piZ1oZ4nNjYxL99I
+IGkm2hS2KYIHFshehOA71hYjTi6idbfvLjEo7V/bTbsJe6oTGoo7wRvQ4BTL0Ign
+OlPLCV8y+b/xIcpaLIJ4wQl0xIk24xqGK1gcQLUQtzt7k+mZfzV8Y5AyVZcCAwEA
+AQKCAgEAvSauvkbnDH+ho5dXzDwkShuTHtVi01prnwdIiD/0nCTR6uogtLoMJ77B
+vx5DuXWJ33e/ggg1vwX9m6Jr4V/ekJJ/N9CeGYXD2hwoQB+pta3pAJsHEpoAfEAO
+afOA+GNL/l0yKpsoSseuvfZURoOxsFM7EeFs67DeIeCHZdyRGKJ+2sIWiGeT03SE
+IyBIygG3hKhoPwGSR8kE6HtQpN4JkZUJ/Mb0PcjMhlEgq2pp57GzOewEm+iy0/FO
+tWj0McYs32Bka9n9on9y4XLIucCr2fhrhJAF0DF5Fpy62eXoCtoyqWb7gKidOYWm
+A+D4krwaBKNYTXxnjhs1mdjiOR8FgqpXgs63XIwuXmMN1Aldj2WKr0lvjDw8ONNq
+PZl98Cfp7fYBCqndBKeE0UTIMkgsjAPkJNiZ4aPnfKA1gISl6x+3FBmvOJ2eUF4y
+DzR96UhKOMWS0l07e60fc9KQXsLEWrzwM/oKPo0R3pODBLpq8vrwSkEoYN9KrZ2b
+Nhod3JGbcGXQxOISizcDhMo06PpvnftkNUdYSZV6xu6aEhGTy5bKXJ9VpSk15sqz
+WW7GGOf3NcV1bru/Ap3tKMKTmu2yf3arU1R4FI59So2exsp+diAnjmp+lZdE6k+n
+2rKmo9vG/9RUL16g1pdvwmbf8pAwL6af9ZJkVGcLzUOO5m0S7JECggEBAO7le7IS
+ztnaJpgh2P/z+r6pJJkzE4pg5F0T3UzV3+YS9UGpxBJIxq9TYb9SoxBYpqUfAPyQ
+acaD3RvwPU3PINMCl/oi12i2deGjgIAgxjY6QuXw5Q1GQKtOJnvhlIHNh2QOJ8ye
+09CBRj5f4fOS3+vSLoWljmj/p+iKTrqqm9Q2XwGgqE99CJ0YhYXd1KVuzUMydVGt
+nWDIpm3XhsvpcTXLd3guMW5FzEaq9pe9DXMiGjjPb/brDY2HaTMX9L3Q0v2YZEtM
+9QPcDQ87w3HerPzwM/7bZeHZdMJwsbX1LR08kLs4ghLrwsm1ttHd28MYf132OLPN
+rE8+dhe8E1UEgZUCggEBANxkV5OVMnsU2zSVn86gXlBI7KrbOFF4YkCgM9JrkcTR
+u7L2eNAbGZ+34H7rrYIpfgIYLnWNoRIYtNEmcUxIXlNE9//BZSvm/KP6nWgXU7rE
+F6HfLBS6rk8rptBkIT+UeOxv7dUCJW64UWcvixNTjznW0tXsSADvqgY1oUohM9BW
+z7w2F0MwkQf7pvStxtstttORzqsSVt3Ktik75YLRYfpq2oBJVuYJmS5E8bgUeKL8
+baiBcGdhx93vnzQqoDzLbbOrchj3meU+xQ+FeOw5QyUv6Kw0W+zXLmdRrR801UL7
+MLdKJuCnAR5JAfyfEA0DjVMhNECSabmZAIFmZhRJB3sCggEBAMEwZzV8LDbUSX2h
+caCapt1kXypcuaKf9Eyo8b9e/a9LCXbOWLcIj1PdNCDKLP/dEPZa+itEhaV5oWck
+gg7YP40kfc5UOqp9UxrjY9k5p9DWkJ7ujeyMMWPW0RxBMh0+Hgz1vY2lq1jkEfAD
+DfAxiE9mKyT82wtiI2DT6BLgQR/90Bq61yFg1YRk/iVhXMNjtS5wMZuZsLlBygTt
+1B42a8y6+6P+hw7L9wP24W+X/LZsj5P9fGfLcaxQIuykpNCTfOyDPif+1e0HGLCG
+/eip0G7DuOiSd/OKLPfIto2U9aS9A7XDXrz6Vw1Tm8JfjYZZ2zYbFYOiAYQb2Ngc
+ye1otXkCggEAbomNOyIrjXvqbbdVzaa1ZwMMYK1O093TOaKgGzuEgvjGcX4ZHhdZ
+hLgOytmdzpjM8HP8aU09qfvmRLhJPv9U/+KpmAcBnUFfGUeLRzfb8OKFD9UFIOh4
+oJC+O+rcmiz3cW66FIndCGk9usknsevI/DN4z36QppeN6Utgt/NrL2U7D6T5ieOD
++kMHe9Tk1e1Zs0eAJmEuXFNdhdTaygAGajjJmmouQXYy8/f0XGU4FFcTEN7K568t
+NW0HpnxynctSHDkzIr6c21PeNmi1O5WEzdP3mNcx+9n5Fizq7ansBIpD5so0MZzR
+fMUVUATfYgeUDEutD23fxQyuKjiXnjj6nQKCAQEA61lWGLNAfx769JOQ1Br1VjVt
+DP4NPmkSXgdNaIsPHa/Kcy66+dnPQKkhUsHAfDMpAUz/SjK3k/cQDJcq5pExYeMV
+RrTTMU2sHTYGjnng4h8tggAB0b/STekHOjAg8AAma3+qz607DDxXiBgPV15jZi7f
+mq5j89txr7XDkxViNS780jN6cyNrk9k/RvU0YSD0vpRdypH9SnvYBoeKuZpFlWsf
+DBEw9+RrAAeB1xYDALmj0ty3DJxQ9sL1XkOtpkgSpVpaPEJ8wZL27QeR+qWtOgOO
+tOZuVTGeCTk8YxGXo7GtnnpREK6cKWaZpUiLF4nUdPVyaIdGeEZ30zrwT6aBKQ==
+-----END RSA PRIVATE KEY-----
diff --git a/src/oidc/main.go b/src/oidc/main.go
index 8df0d77..6e59b08 100644
--- a/src/oidc/main.go
+++ b/src/oidc/main.go
@@ -2,8 +2,13 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
+	"time"
+
+	"github.com/golang-jwt/jwt"
+	"github.com/google/uuid"
 )
 
 type AuthorizationRequest struct {
@@ -71,12 +76,27 @@ func handler(w http.ResponseWriter, r *http.Request) {
 		}
 		if tr.GrantType == "authorization_code" {
 			// Authorization Code Flow https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
+			now := time.Now()
+			expiresAt := now.Add(time.Hour * time.Duration(1))
+			token := jwt.NewWithClaims(jwt.SigningMethodRS256, &jwt.StandardClaims{
+				Issuer:    "https://example.com",
+				Subject:   "1",
+				Audience:  r.FormValue("client_id"),
+				ExpiresAt: expiresAt.Unix(),
+				NotBefore: now.Unix(),
+				IssuedAt:  now.Unix(),
+				Id:        uuid.NewString(),
+			})
+
+			keyData, _ := ioutil.ReadFile("insecure.pem")
+			key, _ := jwt.ParseRSAPrivateKeyFromPEM(keyData)
+			signed, _ := token.SignedString(key)
 			r := &TokenResponse{
 				AccessToken:  "stateful_token",
 				TokenType:    "Bearer",
 				RefreshToken: "another_stateful_token",
 				ExpiresIn:    3600,
-				IdToken:      "JWT",
+				IdToken:      signed,
 			}
 
 			w.Header().Set("Content-Type", "application/json")