Use a struct for connector data within OIDC connector
This commit is contained in:
parent
f6077083c9
commit
77fcf9ad77
1 changed files with 23 additions and 2 deletions
|
@ -3,6 +3,7 @@ package oidc
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -61,6 +62,11 @@ var brokenAuthHeaderDomains = []string{
|
||||||
"oktapreview.com",
|
"oktapreview.com",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// connectorData stores information for sessions authenticated by this connector
|
||||||
|
type connectorData struct {
|
||||||
|
refreshToken []byte
|
||||||
|
}
|
||||||
|
|
||||||
// Detect auth header provider issues for known providers. This lets users
|
// Detect auth header provider issues for known providers. This lets users
|
||||||
// avoid having to explicitly set "basicAuthUnsupported" in their config.
|
// avoid having to explicitly set "basicAuthUnsupported" in their config.
|
||||||
//
|
//
|
||||||
|
@ -210,8 +216,14 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
|
||||||
|
|
||||||
// Refresh is used to refresh a session with the refresh token provided by the IdP
|
// Refresh is used to refresh a session with the refresh token provided by the IdP
|
||||||
func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
|
func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
|
||||||
|
cd := connectorData{}
|
||||||
|
err := json.Unmarshal(identity.ConnectorData, &cd)
|
||||||
|
if err != nil {
|
||||||
|
return identity, fmt.Errorf("oidc: failed to unmarshal connector data: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
t := &oauth2.Token{
|
t := &oauth2.Token{
|
||||||
RefreshToken: string(identity.ConnectorData),
|
RefreshToken: string(cd.refreshToken),
|
||||||
Expiry: time.Now().Add(-time.Hour),
|
Expiry: time.Now().Add(-time.Hour),
|
||||||
}
|
}
|
||||||
token, err := c.oauth2Config.TokenSource(ctx, t).Token()
|
token, err := c.oauth2Config.TokenSource(ctx, t).Token()
|
||||||
|
@ -284,12 +296,21 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cd := connectorData{
|
||||||
|
refreshToken: []byte(token.RefreshToken),
|
||||||
|
}
|
||||||
|
|
||||||
|
connData, err := json.Marshal(&cd)
|
||||||
|
if err != nil {
|
||||||
|
return identity, fmt.Errorf("oidc: failed to encode connector data: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
identity = connector.Identity{
|
identity = connector.Identity{
|
||||||
UserID: idToken.Subject,
|
UserID: idToken.Subject,
|
||||||
Username: name,
|
Username: name,
|
||||||
Email: email,
|
Email: email,
|
||||||
EmailVerified: emailVerified,
|
EmailVerified: emailVerified,
|
||||||
ConnectorData: []byte(token.RefreshToken),
|
ConnectorData: connData,
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.userIDKey != "" {
|
if c.userIDKey != "" {
|
||||||
|
|
Reference in a new issue