Use a struct for connector data within OIDC connector

This commit is contained in:
Joel Speed 2019-09-25 21:20:19 +01:00
parent f6077083c9
commit 77fcf9ad77
No known key found for this signature in database
GPG key ID: 6E80578D6751DEFB

View file

@ -3,6 +3,7 @@ package oidc
import (
"context"
"encoding/json"
"errors"
"fmt"
"net/http"
@ -61,6 +62,11 @@ var brokenAuthHeaderDomains = []string{
"oktapreview.com",
}
// connectorData stores information for sessions authenticated by this connector
type connectorData struct {
refreshToken []byte
}
// Detect auth header provider issues for known providers. This lets users
// avoid having to explicitly set "basicAuthUnsupported" in their config.
//
@ -210,8 +216,14 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
// Refresh is used to refresh a session with the refresh token provided by the IdP
func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
cd := connectorData{}
err := json.Unmarshal(identity.ConnectorData, &cd)
if err != nil {
return identity, fmt.Errorf("oidc: failed to unmarshal connector data: %v", err)
}
t := &oauth2.Token{
RefreshToken: string(identity.ConnectorData),
RefreshToken: string(cd.refreshToken),
Expiry: time.Now().Add(-time.Hour),
}
token, err := c.oauth2Config.TokenSource(ctx, t).Token()
@ -284,12 +296,21 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
}
}
cd := connectorData{
refreshToken: []byte(token.RefreshToken),
}
connData, err := json.Marshal(&cd)
if err != nil {
return identity, fmt.Errorf("oidc: failed to encode connector data: %v", err)
}
identity = connector.Identity{
UserID: idToken.Subject,
Username: name,
Email: email,
EmailVerified: emailVerified,
ConnectorData: []byte(token.RefreshToken),
ConnectorData: connData,
}
if c.userIDKey != "" {