Add basic support to store auth_requests (#48)
This commit is contained in:
parent
13f65707e7
commit
741e638c78
4 changed files with 136 additions and 4 deletions
|
@ -3,6 +3,7 @@ package middlewares
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -15,6 +16,11 @@ type BackendFromRequestMiddleware struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if !strings.HasPrefix(r.RequestURI, "/authorize") {
|
||||||
|
m.h.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err := r.ParseForm(); err != nil {
|
if err := r.ParseForm(); err != nil {
|
||||||
// TODO: handle this better
|
// TODO: handle this better
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
|
116
polyculeconnect/internal/model/authrequest.go
Normal file
116
polyculeconnect/internal/model/authrequest.go
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
package model
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AuthRequest also implements the op.AuthRequest interface
|
||||||
|
type AuthRequest struct {
|
||||||
|
ID uuid.UUID
|
||||||
|
ClientID string
|
||||||
|
Scopes []string
|
||||||
|
RedirectURI string
|
||||||
|
State string
|
||||||
|
Nonce string
|
||||||
|
|
||||||
|
ResponseType string
|
||||||
|
|
||||||
|
CreationDate time.Time
|
||||||
|
AuthTime time.Time
|
||||||
|
|
||||||
|
// TODO mapping to claims to be added I guess
|
||||||
|
|
||||||
|
CodeChallenge string
|
||||||
|
CodeChallengeMethod string
|
||||||
|
|
||||||
|
BackendID uuid.UUID
|
||||||
|
UserID uuid.UUID
|
||||||
|
done bool
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetID() string {
|
||||||
|
return a.ID.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetACR() string {
|
||||||
|
return "" // TODO: the hell is ACR???
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetAMR() []string {
|
||||||
|
return []string{} // TODO: the hell is this???
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetAudience() []string {
|
||||||
|
return []string{a.ID.String()} // TODO: check if we need to return something else
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetAuthTime() time.Time {
|
||||||
|
return a.AuthTime
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetClientID() string {
|
||||||
|
return a.ClientID
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetCodeChallenge() *oidc.CodeChallenge {
|
||||||
|
return &oidc.CodeChallenge{
|
||||||
|
Challenge: a.CodeChallenge,
|
||||||
|
Method: oidc.CodeChallengeMethod(a.CodeChallengeMethod),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetNonce() string {
|
||||||
|
return a.Nonce
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetRedirectURI() string {
|
||||||
|
return a.RedirectURI
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetResponseType() oidc.ResponseType {
|
||||||
|
return oidc.ResponseType(a.ResponseType)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetResponseMode() oidc.ResponseMode {
|
||||||
|
return oidc.ResponseModeQuery // TODO: check if this is good
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetScopes() []string {
|
||||||
|
return a.Scopes
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetState() string {
|
||||||
|
return a.State
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) GetSubject() string {
|
||||||
|
return a.UserID.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a AuthRequest) Done() bool {
|
||||||
|
return a.done
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *AuthRequest) FromOIDCAuthRequest(req *oidc.AuthRequest, backendID uuid.UUID) {
|
||||||
|
fmt.Println(req)
|
||||||
|
|
||||||
|
a.ID = uuid.New()
|
||||||
|
a.ClientID = req.ClientID
|
||||||
|
a.Scopes = strings.Split(req.Scopes.String(), " ")
|
||||||
|
a.RedirectURI = req.RedirectURI
|
||||||
|
a.State = req.State
|
||||||
|
a.Nonce = req.Nonce
|
||||||
|
a.ResponseType = string(req.ResponseType)
|
||||||
|
a.CreationDate = time.Now().UTC()
|
||||||
|
a.CodeChallenge = req.CodeChallenge
|
||||||
|
a.CodeChallengeMethod = string(req.CodeChallengeMethod)
|
||||||
|
a.BackendID = backendID
|
||||||
|
|
||||||
|
fmt.Println(a)
|
||||||
|
|
||||||
|
}
|
|
@ -13,6 +13,7 @@ type ClientConfig struct {
|
||||||
RedirectURIs []string
|
RedirectURIs []string
|
||||||
TrustedPeers []string
|
TrustedPeers []string
|
||||||
Name string
|
Name string
|
||||||
|
AuthRequest *AuthRequest
|
||||||
}
|
}
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
|
@ -47,8 +48,13 @@ func (c Client) GrantTypes() []oidc.GrantType {
|
||||||
return []oidc.GrantType{oidc.GrantTypeCode}
|
return []oidc.GrantType{oidc.GrantTypeCode}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) LoginURL(id string) string {
|
func (c Client) LoginURL(authRequestID string) string {
|
||||||
return id
|
// here we have the requestID, meaning we should:
|
||||||
|
// - get the request from its ID
|
||||||
|
// - get the associated backend
|
||||||
|
// - build the correct URI to use as a redirection, which is from the backend
|
||||||
|
// - afterwards would should basically handle it as a OIDC client
|
||||||
|
return authRequestID
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) AccessTokenType() op.AccessTokenType {
|
func (c Client) AccessTokenType() op.AccessTokenType {
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
|
||||||
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
|
||||||
"github.com/go-jose/go-jose/v4"
|
"github.com/go-jose/go-jose/v4"
|
||||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||||
"github.com/zitadel/oidc/v3/pkg/op"
|
"github.com/zitadel/oidc/v3/pkg/op"
|
||||||
|
@ -30,12 +31,15 @@ func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest,
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, errors.New("no backend name provided")
|
return nil, errors.New("no backend name provided")
|
||||||
}
|
}
|
||||||
_, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName)
|
selectedBackend, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to get backend: %w", err)
|
return nil, fmt.Errorf("failed to get backend: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil, ErrNotImplemented("CreateAuthRequest")
|
var opReq model.AuthRequest
|
||||||
|
opReq.FromOIDCAuthRequest(req, selectedBackend.ID)
|
||||||
|
|
||||||
|
return opReq, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {
|
func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {
|
||||||
|
|
Loading…
Reference in a new issue