*: fix --no-db client decoding
This commit is contained in:
parent
dcf5835189
commit
3b125d6073
2 changed files with 43 additions and 11 deletions
|
@ -108,15 +108,10 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
cf, err := os.Open(cfg.ClientsFile)
|
clients, err := loadClients(cfg.ClientsFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
|
return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
|
||||||
}
|
}
|
||||||
defer cf.Close()
|
|
||||||
var clients []oidc.ClientIdentity
|
|
||||||
if err := json.NewDecoder(cf).Decode(&clients); err != nil {
|
|
||||||
return fmt.Errorf("unable to read client identities from file %s: %v", cfg.ClientsFile, err)
|
|
||||||
}
|
|
||||||
ciRepo, err := db.NewClientIdentityRepoFromClients(dbMap, clients)
|
ciRepo, err := db.NewClientIdentityRepoFromClients(dbMap, clients)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to create client identity repo: %v", err)
|
return fmt.Errorf("failed to create client identity repo: %v", err)
|
||||||
|
@ -164,7 +159,6 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
|
||||||
srv.SessionManager = sm
|
srv.SessionManager = sm
|
||||||
srv.RefreshTokenRepo = refTokRepo
|
srv.RefreshTokenRepo = refTokRepo
|
||||||
return nil
|
return nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadUsers(filepath string) (users []user.UserWithRemoteIdentities, err error) {
|
func loadUsers(filepath string) (users []user.UserWithRemoteIdentities, err error) {
|
||||||
|
@ -177,6 +171,44 @@ func loadUsers(filepath string) (users []user.UserWithRemoteIdentities, err erro
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func loadClients(filepath string) ([]oidc.ClientIdentity, error) {
|
||||||
|
f, err := os.Open(filepath)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
var c []struct {
|
||||||
|
ID string `json:"id"`
|
||||||
|
Secret string `json:"secret"`
|
||||||
|
RedirectURLs []string `json:"redirectURLs"`
|
||||||
|
}
|
||||||
|
if err := json.NewDecoder(f).Decode(&c); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
clients := make([]oidc.ClientIdentity, len(c))
|
||||||
|
for i, client := range c {
|
||||||
|
redirectURIs := make([]url.URL, len(client.RedirectURLs))
|
||||||
|
for j, u := range client.RedirectURLs {
|
||||||
|
uri, err := url.Parse(u)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
redirectURIs[j] = *uri
|
||||||
|
}
|
||||||
|
|
||||||
|
clients[i] = oidc.ClientIdentity{
|
||||||
|
Credentials: oidc.ClientCredentials{
|
||||||
|
ID: client.ID,
|
||||||
|
Secret: client.Secret,
|
||||||
|
},
|
||||||
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: redirectURIs,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return clients, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (cfg *MultiServerConfig) Configure(srv *Server) error {
|
func (cfg *MultiServerConfig) Configure(srv *Server) error {
|
||||||
if len(cfg.KeySecrets) == 0 {
|
if len(cfg.KeySecrets) == 0 {
|
||||||
return errors.New("missing key secret")
|
return errors.New("missing key secret")
|
||||||
|
|
|
@ -1,22 +1,22 @@
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"id": "XXX",
|
"id": "XXX",
|
||||||
"secret": "secrete",
|
"secret": "c2VjcmV0ZQ==",
|
||||||
"redirectURLs": ["http://127.0.0.1:5555/callback"]
|
"redirectURLs": ["http://127.0.0.1:5555/callback"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "example-app",
|
"id": "example-app",
|
||||||
"secret": "example-app-secret",
|
"secret": "ZXhhbXBsZS1hcHAtc2VjcmV0",
|
||||||
"redirectURLs": ["http://127.0.0.1:5555/callback"]
|
"redirectURLs": ["http://127.0.0.1:5555/callback"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "example-cli",
|
"id": "example-cli",
|
||||||
"secret": "example-cli-secret",
|
"secret": "ZXhhbXBsZS1jbGktc2VjcmV0",
|
||||||
"redirectURLs": ["http://127.0.0.1:8000/admin/v1/oauth/login"]
|
"redirectURLs": ["http://127.0.0.1:8000/admin/v1/oauth/login"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "oauth2_proxy",
|
"id": "oauth2_proxy",
|
||||||
"secret": "proxy",
|
"secret": "cHJveHk=",
|
||||||
"redirectURLs": ["http://127.0.0.1:4180/oauth2/callback"]
|
"redirectURLs": ["http://127.0.0.1:4180/oauth2/callback"]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
Reference in a new issue