Init OIDC client on start with config from DB (#48)
This commit is contained in:
parent
b0e0a19c97
commit
13f65707e7
4 changed files with 48 additions and 15 deletions
|
@ -11,9 +11,6 @@ var backendCmd = &cobra.Command{
|
||||||
Use: "backend",
|
Use: "backend",
|
||||||
Short: "Handle authentication backends",
|
Short: "Handle authentication backends",
|
||||||
Long: `Add, Remove or Show currently installed authentication backends`,
|
Long: `Add, Remove or Show currently installed authentication backends`,
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
|
||||||
fmt.Println("backend called")
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func printProperty(key, value string) {
|
func printProperty(key, value string) {
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
|
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||||
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/client"
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares"
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
|
||||||
|
@ -45,18 +46,6 @@ func serve() {
|
||||||
storageType := utils.InitStorage(conf)
|
storageType := utils.InitStorage(conf)
|
||||||
logger.L.Infof("Initialized storage backend %q", conf.StorageType)
|
logger.L.Infof("Initialized storage backend %q", conf.StorageType)
|
||||||
|
|
||||||
logger.L.Info("Initializing authentication backends")
|
|
||||||
|
|
||||||
// dex_server.ConnectorsConfig[connector.TypeRefuseAll] = func() dex_server.ConnectorConfig { return new(connector.RefuseAllConfig) }
|
|
||||||
// connectors, err := dexConf.Storage.ListConnectors()
|
|
||||||
// if err != nil {
|
|
||||||
// logger.L.Fatalf("Failed to get existing connectors: %s", err.Error())
|
|
||||||
// }
|
|
||||||
// var connectorIDs []string
|
|
||||||
// for _, conn := range connectors {
|
|
||||||
// connectorIDs = append(connectorIDs, conn.ID)
|
|
||||||
// }
|
|
||||||
|
|
||||||
userDB, err := db.New(*conf)
|
userDB, err := db.New(*conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.Failf("failed to init user DB: %s", err.Error())
|
utils.Failf("failed to init user DB: %s", err.Error())
|
||||||
|
@ -71,6 +60,30 @@ func serve() {
|
||||||
op.WithLogger(slogger),
|
op.WithLogger(slogger),
|
||||||
op.WithHttpInterceptors(middlewares.WithBackendFromRequestMiddleware),
|
op.WithHttpInterceptors(middlewares.WithBackendFromRequestMiddleware),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
logger.L.Info("Initializing authentication backends")
|
||||||
|
backends := []*client.OIDCClient{}
|
||||||
|
backendConfs, err := userDB.BackendStorage().GetAllBackends(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
utils.Failf("failed to get backend configs from the DB: %s", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: check if we need to do it this way or
|
||||||
|
// - do a try-loop?
|
||||||
|
// - only init when using them in a request?
|
||||||
|
for _, c := range backendConfs {
|
||||||
|
b, err := client.New(context.Background(), c)
|
||||||
|
if err != nil {
|
||||||
|
utils.Failf("failed to init backend client: %s", err.Error())
|
||||||
|
}
|
||||||
|
backends = append(backends, b)
|
||||||
|
}
|
||||||
|
if len(backends) == 0 {
|
||||||
|
logger.L.Warn("No auth backend loaded")
|
||||||
|
} else {
|
||||||
|
logger.L.Infof("Initialized %d auth backends", len(backends))
|
||||||
|
}
|
||||||
|
|
||||||
provider, err := op.NewProvider(&opConf, &st, op.StaticIssuer(conf.Issuer), options...)
|
provider, err := op.NewProvider(&opConf, &st, op.StaticIssuer(conf.Issuer), options...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.Failf("failed to init OIDC provider: %s", err.Error())
|
utils.Failf("failed to init OIDC provider: %s", err.Error())
|
||||||
|
|
23
polyculeconnect/internal/client/client.go
Normal file
23
polyculeconnect/internal/client/client.go
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
package client
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
|
||||||
|
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||||
|
)
|
||||||
|
|
||||||
|
type OIDCClient struct {
|
||||||
|
Conf *model.Backend
|
||||||
|
provider rp.RelyingParty
|
||||||
|
}
|
||||||
|
|
||||||
|
func New(ctx context.Context, conf *model.Backend) (*OIDCClient, error) {
|
||||||
|
pr, err := rp.NewRelyingPartyOIDC(ctx, conf.OIDCConfig.Issuer, conf.OIDCConfig.ClientID, conf.OIDCConfig.ClientSecret, conf.OIDCConfig.RedirectURI, []string{})
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to init relying party provider: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &OIDCClient{Conf: conf, provider: pr}, nil
|
||||||
|
}
|
Binary file not shown.
Loading…
Reference in a new issue