Allow insecure HTTP for OIDC only in local in development mode

2024-11-04 17:24:02 +01:00
parent 8de170a009
commit 4fc08a35de
9 changed files with 140 additions and 93 deletions
--- a/utils/identification/groups.go
+++ b/utils/identification/groups.go
@@ -19,7 +19,6 @@ func (p *IdentificationProvider) GroupsMiddleware(next http.Handler) http.Handle

 		o, ok := session.Values["organization"]
 		if !ok || o == nil {
-			fmt.Println("no organization")
 			http.Redirect(w, r, "/auth/groups/", http.StatusFound)
 			return
 		}
--- a/utils/identification/oidc.go
+++ b/utils/identification/oidc.go
@@ -10,7 +10,7 @@ import (

 	"git.coopgo.io/coopgo-apps/parcoursmob/services"
 	"git.coopgo.io/coopgo-apps/parcoursmob/utils/storage"
-	"github.com/coreos/go-oidc"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/sessions"
 	"github.com/spf13/viper"
 	"golang.org/x/oauth2"
@@ -40,7 +40,27 @@ func NewIdentificationProvider(cfg *viper.Viper, services *services.ServicesHand

 	provider, err := oidc.NewProvider(context.Background(), providerURL)
 	if err != nil {
-		return nil, err
+		var (
+			issuerUrl   = cfg.GetString("identification.oidc.provider_config.issuer_url")
+			authUrl     = cfg.GetString("identification.oidc.provider_config.auth_url")
+			tokenUrl    = cfg.GetString("identification.oidc.provider_config.token_url")
+			userInfoUrl = cfg.GetString("identification.oidc.provider_config.user_info_url")
+			jwksUrl     = cfg.GetString("identification.oidc.provider_config.jwks_url")
+			algorithms  = []string{"RS256"}
+		)
+		if issuerUrl == "" || authUrl == "" || tokenUrl == "" || jwksUrl == "" {
+			return nil, err
+		}
+		providerConfig := oidc.ProviderConfig{
+			IssuerURL:   issuerUrl,
+			AuthURL:     authUrl,
+			TokenURL:    tokenUrl,
+			UserInfoURL: userInfoUrl,
+			JWKSURL:     jwksUrl,
+			Algorithms:  algorithms,
+		}
+
+		provider = providerConfig.NewProvider(context.Background())
 	}

 	oauth2Config := oauth2.Config{
@@ -75,14 +95,14 @@ func (p *IdentificationProvider) Middleware(next http.Handler) http.Handler {
 		}

 		if session.Values["idtoken"] == nil || session.Values["idtoken"] == "" {
-
 			state, err := newState()
 			if err != nil {
 				panic(err)
 			}
 			session.Values["state"] = state
 			session.Save(r, w)
-			http.Redirect(w, r, p.OAuth2Config.AuthCodeURL(state), http.StatusFound)
+			url := p.OAuth2Config.AuthCodeURL(state)
+			http.Redirect(w, r, url, http.StatusFound)
 			return
 		}