2024-10-27 15:16:40 +00:00
20 changed files with 252 additions and 56 deletions
--- a/polyculeconnect/cmd/backend/add.go
+++ b/polyculeconnect/cmd/backend/add.go
@ -59,7 +59,7 @@ func addNewBackend() {
 	backendConf := model.Backend{
 		ID:   backendIDUUID,
 		Name: backendName,
-		OIDCConfig: model.BackendOIDCConfig{
+		Config: model.BackendOIDCConfig{
 			ClientID:     backendClientID,
 			ClientSecret: backendClientSecret,
 			Issuer:       backendIssuer,
--- a/polyculeconnect/cmd/backend/show.go
+++ b/polyculeconnect/cmd/backend/show.go
@ -46,10 +46,10 @@ func showBackend(backendName string, backendService backend.BackendDB) {
 	fmt.Println("Backend config:")
 	printProperty("ID", backendConfig.ID.String())
 	printProperty("Name", backendConfig.Name)
-	printProperty("Issuer", backendConfig.OIDCConfig.Issuer)
-	printProperty("Client ID", backendConfig.OIDCConfig.ClientID)
-	printProperty("Client secret", backendConfig.OIDCConfig.ClientSecret)
-	printProperty("Redirect URI", backendConfig.OIDCConfig.RedirectURI)
+	printProperty("Issuer", backendConfig.Config.Issuer)
+	printProperty("Client ID", backendConfig.Config.ClientID)
+	printProperty("Client secret", backendConfig.Config.ClientSecret)
+	printProperty("Redirect URI", backendConfig.Config.RedirectURI)
 }

 func listBackends(backendStorage backend.BackendDB) {
@ -63,7 +63,7 @@ func listBackends(backendStorage backend.BackendDB) {
 		return
 	}
 	for _, b := range backends {
-		fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.OIDCConfig.Issuer)
+		fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.Config.Issuer)
 	}
 }

--- a/polyculeconnect/cmd/serve/serve.go
+++ b/polyculeconnect/cmd/serve/serve.go
@ -16,6 +16,7 @@ import (
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/server"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services"
+	"github.com/google/uuid"
 	"github.com/spf13/cobra"
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"go.uber.org/zap/exp/zapslog"
@ -51,7 +52,9 @@ func serve() {
 		utils.Failf("failed to init user DB: %s", err.Error())
 	}

-	st := storage.Storage{LocalStorage: userDB}
+	backends := map[uuid.UUID]*client.OIDCClient{}
+
+	st := storage.Storage{LocalStorage: userDB, InitializedBackends: backends}
 	opConf := op.Config{}
 	slogger := slog.New(zapslog.NewHandler(logger.L.Desugar().Core(), nil))
 	// slogger :=
@ -61,29 +64,28 @@ func serve() {
 		op.WithHttpInterceptors(middlewares.WithBackendFromRequestMiddleware),
 	}

-	logger.L.Info("Initializing authentication backends")
-	backends := []*client.OIDCClient{}
-	backendConfs, err := userDB.BackendStorage().GetAllBackends(context.Background())
-	if err != nil {
-		utils.Failf("failed to get backend configs from the DB: %s", err.Error())
-	}
+	// logger.L.Info("Initializing authentication backends")
+	// backendConfs, err := userDB.BackendStorage().GetAllBackends(context.Background())
+	// if err != nil {
+	// 	utils.Failf("failed to get backend configs from the DB: %s", err.Error())
+	// }

 	// TODO: check if we need to do it this way or
 	// 	- do a try-loop?
 	//	- only init when using them in a request?
-	for _, c := range backendConfs {
-		logger.L.Debugf("Initializing backend %s", c.Name)
-		b, err := client.New(context.Background(), c, logger.L)
-		if err != nil {
-			utils.Failf("failed to init backend client: %s", err.Error())
-		}
-		backends = append(backends, b)
-	}
-	if len(backends) == 0 {
-		logger.L.Warn("No auth backend loaded")
-	} else {
-		logger.L.Infof("Initialized %d auth backends", len(backends))
-	}
+	// for _, c := range backendConfs {
+	// 	logger.L.Debugf("Initializing backend %s", c.Name)
+	// 	b, err := client.New(context.Background(), c, logger.L)
+	// 	if err != nil {
+	// 		utils.Failf("failed to init backend client: %s", err.Error())
+	// 	}
+	// 	backends[c.ID] = b
+	// }
+	// if len(backends) == 0 {
+	// 	logger.L.Warn("No auth backend loaded")
+	// } else {
+	// 	logger.L.Infof("Initialized %d auth backends", len(backends))
+	// }

 	provider, err := op.NewProvider(&opConf, &st, op.StaticIssuer(conf.Issuer), options...)
 	if err != nil {
@ -95,7 +97,7 @@ func serve() {
 	}

 	logger.L.Info("Initializing server")
-	s, err := server.New(conf, provider, logger.L)
+	s, err := server.New(conf, provider, &st, logger.L)
 	if err != nil {
 		logger.L.Fatalf("Failed to initialize server: %s", err.Error())
 	}
--- a/polyculeconnect/controller/auth/authcallback.go
+++ b/polyculeconnect/controller/auth/authcallback.go
@ -0,0 +1,58 @@
+package auth
+
+import (
+	"net/http"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/helpers"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+)
+
+const AuthCallbackRoute = "/callback"
+
+type AuthCallbackController struct {
+	l  *zap.SugaredLogger
+	st *storage.Storage
+}
+
+func NewAuthCallbackController(l *zap.SugaredLogger, st *storage.Storage) *AuthCallbackController {
+	return &AuthCallbackController{
+		l:  l,
+		st: st,
+	}
+}
+
+func (c *AuthCallbackController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	errMsg := r.URL.Query().Get("error")
+	if errMsg != "" {
+		errorDesc := r.URL.Query().Get("error_description")
+		c.l.Errorf("Failed to perform authentication: %s (%s)", errMsg, errorDesc)
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l)
+		return
+	}
+
+	code := r.URL.Query().Get("code")
+	state := r.URL.Query().Get("state")
+	if code == "" || state == "" {
+		c.l.Error("Missing code or state in response")
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l)
+		return
+	}
+
+	requestID, err := uuid.Parse(state)
+	if err != nil {
+		c.l.Errorf("Invalid state, should be a request UUID, but got %s: %s", state, err)
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l)
+		return
+	}
+
+	err = c.st.LocalStorage.AuthRequestStorage().ValidateAuthRequest(r.Context(), requestID)
+	if err != nil {
+		c.l.Errorf("Failed to validate auth request from storage: %s", err)
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l)
+		return
+	}
+
+	http.Redirect(w, r, "/authorize/callback?id="+state, http.StatusFound)
+}
--- a/polyculeconnect/controller/auth/authredirect.go
+++ b/polyculeconnect/controller/auth/authredirect.go
@ -0,0 +1,63 @@
+package auth
+
+import (
+	"net/http"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/helpers"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
+	"github.com/google/uuid"
+	"github.com/zitadel/oidc/v3/pkg/client/rp"
+	"go.uber.org/zap"
+)
+
+const AuthRedirectRoute = "/perform_auth"
+
+type AuthRedirectController struct {
+	l  *zap.SugaredLogger
+	st *storage.Storage
+}
+
+func NewAuthRedirectController(l *zap.SugaredLogger, storage *storage.Storage) *AuthRedirectController {
+	return &AuthRedirectController{
+		l:  l,
+		st: storage,
+	}
+}
+
+func (c *AuthRedirectController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	requestIDStr := r.URL.Query().Get("request_id")
+	if requestIDStr == "" {
+		helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("no request ID in request"), c.l)
+		return
+	}
+
+	requestID, err := uuid.Parse(requestIDStr)
+	if err != nil {
+		c.l.Errorf("Invalid UUID format for request ID: %s", err)
+		helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("invalid request id"), c.l)
+		return
+	}
+
+	req, err := c.st.LocalStorage.AuthRequestStorage().GetAuthRequestByID(r.Context(), requestID)
+	if err != nil {
+		c.l.Errorf("Failed to get auth request from DB: %s", err)
+		helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("unknown request id"), c.l)
+		return
+	}
+
+	backend, err := c.st.LocalStorage.BackendStorage().GetBackendByID(r.Context(), req.BackendID)
+	if err != nil {
+		c.l.Errorf("Failed to get backend from DB: %s", err)
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform auth"), c.l)
+		return
+	}
+
+	provider, err := rp.NewRelyingPartyOIDC(r.Context(), backend.Config.Issuer, backend.Config.ClientID, backend.Config.ClientSecret, backend.Config.RedirectURI, req.Scopes)
+	if err != nil {
+		c.l.Errorf("Failed to init relying party: %s", err)
+		helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform auth"), c.l)
+		return
+	}
+
+	rp.AuthURLHandler(func() string { return requestIDStr }, provider).ServeHTTP(w, r)
+}
--- a/polyculeconnect/internal/client/client.go
+++ b/polyculeconnect/internal/client/client.go
@ -5,35 +5,48 @@ import (
 	"fmt"
 	"log/slog"

-	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
-	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
+	"github.com/google/uuid"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	"go.uber.org/zap"
 	"go.uber.org/zap/exp/zapslog"
 )

+type BackendOIDCConfig struct {
+	Issuer       string
+	ClientID     string
+	ClientSecret string
+	RedirectURI  string
+}
+
+type Backend struct {
+	ID     uuid.UUID
+	Name   string
+	Config BackendOIDCConfig
+}
+
+// OIDCClient is an OIDC client which is the client used to access a registered backend
 type OIDCClient struct {
-	conf *model.Backend
+	backend *Backend

 	provider rp.RelyingParty
 	ctx      context.Context
-	st       db.Storage
 	l        *zap.SugaredLogger
 }

-func New(ctx context.Context, conf *model.Backend, l *zap.SugaredLogger) (*OIDCClient, error) {
+func New(ctx context.Context, conf *Backend, l *zap.SugaredLogger) (*OIDCClient, error) {
 	options := []rp.Option{
 		rp.WithLogger(slog.New(zapslog.NewHandler(logger.L.Desugar().Core(), nil))),
 	}
-	pr, err := rp.NewRelyingPartyOIDC(ctx, conf.OIDCConfig.Issuer, conf.OIDCConfig.ClientID, conf.OIDCConfig.ClientSecret, conf.OIDCConfig.RedirectURI, []string{}, options...)
+	pr, err := rp.NewRelyingPartyOIDC(ctx, conf.Config.Issuer, conf.Config.ClientID, conf.Config.ClientSecret, conf.Config.RedirectURI, []string{}, options...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to init relying party provider: %w", err)
 	}

-	return &OIDCClient{ctx: ctx, conf: conf, provider: pr, l: l}, nil
+	return &OIDCClient{ctx: ctx, backend: conf, provider: pr, l: l}, nil
 }

-func (c *OIDCClient) toto() {
-	c.provider.GetDeviceAuthorizationEndpoint()
+func (c *OIDCClient) AuthorizationEndpoint() string {
+	url := rp.AuthURL(uuid.NewString(), c.provider)
+	return url
 }
--- a/polyculeconnect/internal/db/authrequest/authrequest.go
+++ b/polyculeconnect/internal/db/authrequest/authrequest.go
@ -14,11 +14,12 @@ import (

 var ErrNotFound = errors.New("backend not found")

-const authRequestRows = `"id", "client_id", "backend_id", "scopes", "redirect_uri", "state", "nonce", "response_type", "creation_time"`
+const authRequestRows = `"id", "client_id", "backend_id", "scopes", "redirect_uri", "state", "nonce", "response_type", "creation_time", "done"`

 type AuthRequestDB interface {
 	GetAuthRequestByID(ctx context.Context, id uuid.UUID) (*model.AuthRequest, error)
 	CreateAuthRequest(ctx context.Context, req model.AuthRequest) error
+	ValidateAuthRequest(ctx context.Context, reqID uuid.UUID) error
 }

 type sqlAuthRequestDB struct {
@ -33,7 +34,8 @@ func (db *sqlAuthRequestDB) GetAuthRequestByID(ctx context.Context, id uuid.UUID
 	var res model.AuthRequest
 	var scopesStr []byte

-	if err := row.Scan(&res.ID, &res.ClientID, &res.BackendID, &scopesStr, &res.RedirectURI, &res.State, &res.Nonce, &res.ResponseType, &res.CreationDate); err != nil {
+	fmt.Println(query)
+	if err := row.Scan(&res.ID, &res.ClientID, &res.BackendID, &scopesStr, &res.RedirectURI, &res.State, &res.Nonce, &res.ResponseType, &res.CreationDate, &res.DoneVal); err != nil {
 		return nil, fmt.Errorf("failed to get auth request from DB: %w", err)
 	}
 	if err := json.Unmarshal(scopesStr, &res.Scopes); err != nil {
@ -57,11 +59,11 @@ func (db *sqlAuthRequestDB) CreateAuthRequest(ctx context.Context, req model.Aut
 	}

 	// TODO: when the old table is done, rename into auth_request
-	query := fmt.Sprintf(`INSERT INTO "auth_request_2" (%s) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)`, authRequestRows)
+	query := fmt.Sprintf(`INSERT INTO "auth_request_2" (%s) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`, authRequestRows)
 	_, err = tx.ExecContext(ctx, query,
 		req.ID, req.ClientID, req.BackendID,
 		scopesStr, req.RedirectURI, req.State,
-		req.Nonce, req.ResponseType, req.CreationDate, req.AuthTime,
+		req.Nonce, req.ResponseType, req.CreationDate, false,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to insert in DB: %w", err)
@ -74,6 +76,33 @@ func (db *sqlAuthRequestDB) CreateAuthRequest(ctx context.Context, req model.Aut
 	return nil
 }

+func (db *sqlAuthRequestDB) ValidateAuthRequest(ctx context.Context, reqID uuid.UUID) error {
+	logger.L.Debugf("Validating auth request %s", reqID)
+	tx, err := db.db.BeginTx(ctx, nil)
+	if err != nil {
+		return fmt.Errorf("failed to start transaction: %w", err)
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	res, err := tx.ExecContext(ctx, `UPDATE "auth_request_2" SET done = true WHERE id = $1`, reqID.String())
+	if err != nil {
+		return fmt.Errorf("failed to update in DB: %w", err)
+	}
+	affectedRows, err := res.RowsAffected()
+	if err != nil {
+		return fmt.Errorf("failed to check number of affected rows: %w", err)
+	}
+	if affectedRows != 1 {
+		return ErrNotFound
+	}
+
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("failed to commit transaction: %w", err)
+	}
+
+	return nil
+}
+
 func New(db *sql.DB) *sqlAuthRequestDB {
 	return &sqlAuthRequestDB{db: db}
 }
--- a/polyculeconnect/internal/db/backend/backend.go
+++ b/polyculeconnect/internal/db/backend/backend.go
@ -37,7 +37,7 @@ type sqlBackendDB struct {
 func backendFromRow(row scannable) (*model.Backend, error) {
 	var res model.Backend

-	if err := row.Scan(&res.ID, &res.Name, &res.OIDCConfig.Issuer, &res.OIDCConfig.ClientID, &res.OIDCConfig.ClientSecret, &res.OIDCConfig.RedirectURI); err != nil {
+	if err := row.Scan(&res.ID, &res.Name, &res.Config.Issuer, &res.Config.ClientID, &res.Config.ClientSecret, &res.Config.RedirectURI); err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, ErrNotFound
 		}
@ -89,8 +89,8 @@ func (db *sqlBackendDB) AddBackend(ctx context.Context, newBackend *model.Backen
 	_, err = tx.ExecContext(
 		ctx, query,
 		newBackend.ID, newBackend.Name,
-		newBackend.OIDCConfig.Issuer, newBackend.OIDCConfig.ClientID,
-		newBackend.OIDCConfig.ClientSecret, newBackend.OIDCConfig.RedirectURI,
+		newBackend.Config.Issuer, newBackend.Config.ClientID,
+		newBackend.Config.ClientSecret, newBackend.Config.RedirectURI,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to insert in DB: %w", err)
--- a/polyculeconnect/internal/middlewares/test.go
+++ b/polyculeconnect/internal/middlewares/test.go
@ -3,7 +3,6 @@ package middlewares
 import (
 	"context"
 	"net/http"
-	"strings"
 )

 const (
@ -16,7 +15,7 @@ type BackendFromRequestMiddleware struct {
 }

 func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if !strings.HasPrefix(r.RequestURI, "/authorize") {
+	if r.URL.Path != "/authorize" {
 		m.h.ServeHTTP(w, r)
 		return
 	}
--- a/polyculeconnect/internal/model/authrequest.go
+++ b/polyculeconnect/internal/model/authrequest.go
@ -31,7 +31,8 @@ type AuthRequest struct {
 	Backend   *Backend

 	UserID uuid.UUID
-	done   bool
+
+	DoneVal bool
 }

 func (a AuthRequest) GetID() string {
@ -94,7 +95,7 @@ func (a AuthRequest) GetSubject() string {
 }

 func (a AuthRequest) Done() bool {
-	return a.done
+	return a.DoneVal
 }

 func (a *AuthRequest) FromOIDCAuthRequest(req *oidc.AuthRequest, backendID uuid.UUID) {
--- a/polyculeconnect/internal/model/backend.go
+++ b/polyculeconnect/internal/model/backend.go
@ -12,5 +12,5 @@ type BackendOIDCConfig struct {
 type Backend struct {
 	ID     uuid.UUID
 	Name   string
-	OIDCConfig BackendOIDCConfig
+	Config BackendOIDCConfig
 }
--- a/polyculeconnect/internal/model/client.go
+++ b/polyculeconnect/internal/model/client.go
@ -7,6 +7,7 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/op"
 )

+// ClientConfig represents the configuration for a OIDC client app
 type ClientConfig struct {
 	ID           string
 	Secret       string
@ -16,6 +17,7 @@ type ClientConfig struct {
 	AuthRequest  *AuthRequest
 }

+// Client represents an OIDC client app
 type Client struct {
 	ClientConfig
 }
@ -48,12 +50,14 @@ func (c Client) GrantTypes() []oidc.GrantType {
 	return []oidc.GrantType{oidc.GrantTypeCode}
 }

+// LoginURL returns the login URL for a given client app and auth request.
+// This login url should be the authorization URL for the selected OIDC backend
 func (c Client) LoginURL(authRequestID string) string {
 	if c.AuthRequest == nil {
 		return "" // we don't have a request, let's return nothing
 	}

-	return c.AuthRequest.Backend.OIDCConfig.Issuer
+	return "/perform_auth?request_id=" + authRequestID
 }

 func (c Client) AccessTokenType() op.AccessTokenType {
--- a/polyculeconnect/internal/storage/storage.go
+++ b/polyculeconnect/internal/storage/storage.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"time"

+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/client"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
@ -22,6 +23,7 @@ func ErrNotImplemented(name string) error {
 // Storage implements the Storage interface from zitadel/oidc/op
 type Storage struct {
 	LocalStorage        db.Storage
+	InitializedBackends map[uuid.UUID]*client.OIDCClient
 }

 /*
@ -56,7 +58,14 @@ func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest,
 }

 func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {
-	return nil, ErrNotImplemented("AuthRequestByID")
+	logger.L.Debugf("Getting auth request with ID %s", requestID)
+
+	id, err := uuid.Parse(requestID)
+	if err != nil {
+		return nil, fmt.Errorf("invalid format for uuid: %w", err)
+	}
+
+	return s.LocalStorage.AuthRequestStorage().GetAuthRequestByID(ctx, id)
 }

 func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op.AuthRequest, error) {
@ -64,6 +73,7 @@ func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op
 }

 func (s *Storage) SaveAuthCode(ctx context.Context, id string, code string) error {
+	logger.L.Debugf("Saving auth code %s for request %s", code, id)
 	return ErrNotImplemented("SaveAuthCode")
 }

@ -127,6 +137,11 @@ func (s *Storage) getClientWithDetails(ctx context.Context, authRequestID uuid.U
 		return nil, fmt.Errorf("failed to get associated client from local storage: %w", err)
 	}

+	// oidcClient, ok := s.InitializedBackends[backend.ID]
+	// if !ok {
+	// 	return nil, fmt.Errorf("no initialized backend for ID %s", backend.ID)
+	// }
+
 	authRequest.Backend = backend
 	client.AuthRequest = authRequest

--- a/polyculeconnect/migrations/2_add_auth_request_done.down.sql
+++ b/polyculeconnect/migrations/2_add_auth_request_done.down.sql
@ -0,0 +1 @@
+ALTER TABLE "auth_request_2" DROP COLUMN done;
--- a/polyculeconnect/migrations/2_add_auth_request_done.up.sql
+++ b/polyculeconnect/migrations/2_add_auth_request_done.up.sql
@ -0,0 +1 @@
+ALTER TABLE "auth_request_2" ADD COLUMN done INTEGER NOT NULL DEFAULT 0;
--- a/polyculeconnect/migrations/3_add_auth_code.down.sql
+++ b/polyculeconnect/migrations/3_add_auth_code.down.sql
@ -0,0 +1 @@
+DROP TABLE "auth_code_2";
--- a/polyculeconnect/migrations/3_add_auth_code.up.sql
+++ b/polyculeconnect/migrations/3_add_auth_code.up.sql
@ -0,0 +1,5 @@
+CREATE TABLE "auth_code_2" (
+    id TEXT NOT NULL PRIMARY KEY,
+    code TEXT NOT NULL,
+    auth_request_id TEXT NOT NULL
+);
--- a/polyculeconnect/polyculeconnect
+++ b/polyculeconnect/polyculeconnect
--- a/polyculeconnect/polyculeconnect.db
+++ b/polyculeconnect/polyculeconnect.db
--- a/polyculeconnect/server/server.go
+++ b/polyculeconnect/server/server.go
@ -9,8 +9,10 @@ import (
 	"os"

 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/auth"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage"
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"go.uber.org/zap"
 )
@ -42,7 +44,7 @@ func newUnixListener(sockPath string) (net.Listener, error) {
 	return sock, nil
 }

-func New(appConf *config.AppConfig, oidcHandler *op.Provider, logger *zap.SugaredLogger) (*Server, error) {
+func New(appConf *config.AppConfig, oidcHandler *op.Provider, st *storage.Storage, logger *zap.SugaredLogger) (*Server, error) {
 	var listener net.Listener
 	var addr string
 	var err error
@ -64,6 +66,8 @@ func New(appConf *config.AppConfig, oidcHandler *op.Provider, logger *zap.Sugare
 	}

 	controllers := map[string]http.Handler{
+		auth.AuthCallbackRoute: middlewares.WithLogger(auth.NewAuthCallbackController(logger, st), logger),
+		auth.AuthRedirectRoute: middlewares.WithLogger(auth.NewAuthRedirectController(logger, st), logger),
 		ui.StaticRoute:         middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger),
 		"/":                    middlewares.WithLogger(ui.NewIndexController(logger, oidcHandler, appConf.StaticDir), logger),
 	}
				`@ -0,0 +1 @@`
				`ALTER TABLE "auth_request_2" DROP COLUMN done;`
				`@ -0,0 +1 @@`
				`ALTER TABLE "auth_request_2" ADD COLUMN done INTEGER NOT NULL DEFAULT 0;`