forked from mystiq/dex
96 lines
2.1 KiB
Go
96 lines
2.1 KiB
Go
package main
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
pflag "github.com/coreos/dex/pkg/flag"
|
|
"github.com/coreos/dex/pkg/log"
|
|
"github.com/coreos/go-oidc/oidc"
|
|
)
|
|
|
|
func main() {
|
|
fs := flag.NewFlagSet("example-cli", flag.ExitOnError)
|
|
clientID := fs.String("client-id", "", "")
|
|
clientSecret := fs.String("client-secret", "", "")
|
|
discovery := fs.String("discovery", "http://localhost:5556", "")
|
|
logDebug := fs.Bool("log-debug", false, "log debug-level information")
|
|
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
|
|
|
|
if err := fs.Parse(os.Args[1:]); err != nil {
|
|
fmt.Fprintln(os.Stderr, err.Error())
|
|
os.Exit(1)
|
|
}
|
|
|
|
if err := pflag.SetFlagsFromEnv(fs, "EXAMPLE_CLI"); err != nil {
|
|
fmt.Fprintln(os.Stderr, err.Error())
|
|
os.Exit(1)
|
|
}
|
|
|
|
if *logDebug {
|
|
log.EnableDebug()
|
|
}
|
|
if *logTimestamps {
|
|
log.EnableTimestamps()
|
|
}
|
|
|
|
if *clientID == "" {
|
|
fmt.Println("--client-id must be set")
|
|
os.Exit(2)
|
|
}
|
|
|
|
if *clientSecret == "" {
|
|
fmt.Println("--client-secret must be set")
|
|
os.Exit(2)
|
|
}
|
|
|
|
cc := oidc.ClientCredentials{
|
|
ID: *clientID,
|
|
Secret: *clientSecret,
|
|
}
|
|
|
|
// NOTE: A real CLI would cache this config, or provide it via flags/config file.
|
|
var cfg oidc.ProviderConfig
|
|
var err error
|
|
for {
|
|
cfg, err = oidc.FetchProviderConfig(http.DefaultClient, *discovery)
|
|
if err == nil {
|
|
break
|
|
}
|
|
|
|
sleep := 1 * time.Second
|
|
fmt.Printf("Failed fetching provider config, trying again in %v: %v\n", sleep, err)
|
|
time.Sleep(sleep)
|
|
}
|
|
|
|
fmt.Printf("Fetched provider config from %s: %#v\n\n", *discovery, cfg)
|
|
|
|
ccfg := oidc.ClientConfig{
|
|
ProviderConfig: cfg,
|
|
Credentials: cc,
|
|
}
|
|
|
|
client, err := oidc.NewClient(ccfg)
|
|
if err != nil {
|
|
log.Fatalf("Unable to create Client: %v", err)
|
|
}
|
|
|
|
tok, err := client.ClientCredsToken([]string{"openid"})
|
|
if err != nil {
|
|
fmt.Printf("unable to verify auth code with issuer: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Printf("got jwt: %v\n\n", tok.Encode())
|
|
|
|
claims, err := tok.Claims()
|
|
if err != nil {
|
|
fmt.Printf("unable to construct claims: %v\n", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Printf("got claims %#v...\n", claims)
|
|
}
|