-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenIDConnect v1 implementation #828
Conversation
Codecov ReportBase: 79.25% // Head: 77.22% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #828 +/- ##
==========================================
- Coverage 79.25% 77.22% -2.03%
==========================================
Files 101 102 +1
Lines 11188 11466 +278
==========================================
- Hits 8867 8855 -12
- Misses 1826 2112 +286
- Partials 495 499 +4
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
doc/reference/filters.md
Outdated
OIDC End-User basic profile map json encoded by standard base64 which header name is `X-Userinfo` | ||
End-User origin request url before OpenID Connect or OAuth2.0 flow which header name is `X-Origin-ReqURL` | ||
The ID Token returned by OpenID Connect flow which header name is `X-Id-Token` | ||
The AccessToken returned by OpenId Connect or OAuth2.0 flow which header name is `X-Access-Token` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OIDC End-User basic profile map json encoded by standard base64 which header name is `X-Userinfo` | |
End-User origin request url before OpenID Connect or OAuth2.0 flow which header name is `X-Origin-ReqURL` | |
The ID Token returned by OpenID Connect flow which header name is `X-Id-Token` | |
The AccessToken returned by OpenId Connect or OAuth2.0 flow which header name is `X-Access-Token` | |
* **X-Userinfo**: Base64 encoded OIDC End-User basic profile. | |
* **X-Origin-ReqURL**: End-User origin request URL before OpenID Connect or OAuth2.0 flow. | |
* **X-Id-Token**: The ID Token returned by OpenID Connect flow. | |
* **X-Access-Token**: The AccessToken returned by OpenId Connect or OAuth2.0 flow. |
and propose X-Userinfo
to be X-User-Info
, X-Origin-ReqURL
to be X-Origin-Request-Url
.
"github.com/google/uuid" | ||
"io" | ||
"io/ioutil" | ||
"net/http" | ||
"net/url" | ||
"strings" | ||
"time" | ||
|
||
"github.com/MicahParks/keyfunc" | ||
"github.com/golang-jwt/jwt/v4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"github.com/google/uuid" | |
"io" | |
"io/ioutil" | |
"net/http" | |
"net/url" | |
"strings" | |
"time" | |
"github.com/MicahParks/keyfunc" | |
"github.com/golang-jwt/jwt/v4" | |
"io" | |
"io/ioutil" | |
"net/http" | |
"net/url" | |
"strings" | |
"time" | |
"github.com/google/uuid" | |
"github.com/golang-jwt/jwt/v4" | |
"github.com/MicahParks/keyfunc" |
spec *Spec | ||
store | ||
|
||
//Following are user custom defined |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
//Following are user custom defined | |
// Following are user custom defined |
|
||
Discovery string `json:"discovery"` | ||
|
||
//If Discovery not configured, following should be configured for OAuth2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
//If Discovery not configured, following should be configured for OAuth2 | |
// If Discovery is not configured, the following should be configured for OAuth2 |
} | ||
|
||
func (o *OIDCAdaptor) Init() { | ||
//for testable delegate store interface operation to itself |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
//for testable delegate store interface operation to itself | |
// delegate store interface operation to itself for testing |
if err != nil { | ||
logger.Errorf("put origin req url error: %s", err) | ||
} | ||
//nonce is optional |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
//nonce is optional | |
// nonce is optional |
for _, c := range req.Cookies() { | ||
if spec.CookieName == c.Name { | ||
return "" | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cookie name is not case-sensitive, propose to call req.Cookie
logger.Errorf("close error: %s", err) | ||
} | ||
}(resp.Body) | ||
respBody, err := ioutil.ReadAll(resp.Body) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ioutil.ReadAll
is Deprecated.
respBody, err := ioutil.ReadAll(resp.Body) | |
respBody, err := io.ReadAll(resp.Body) |
authCode := req.Request.URL.Query().Get("code") | ||
state := req.Request.URL.Query().Get("state") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
authCode := req.Request.URL.Query().Get("code") | |
state := req.Request.URL.Query().Get("state") | |
authCode := req.Std().URL.Query().Get("code") | |
state := req.Std().URL.Query().Get("state") |
mapClaims, _ := parseToken.Claims.(jwt.MapClaims) | ||
for k, v := range mapClaims { | ||
userInfo[k] = v | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mapClaims, _ := parseToken.Claims.(jwt.MapClaims) | |
for k, v := range mapClaims { | |
userInfo[k] = v | |
} | |
if claims, ok := parseToken.Claims.(jwt.MapClaims); ok { | |
userInfo = claims | |
} |
OpenIDConnect integration implementation #827