Replace Fosite OIDC provider with embedded Dex

2026-03-02 20:08:06 +01:00
parent 52a6e25bc3
commit 722c89e86a
24 changed files with 896 additions and 2079 deletions
--- a/oidc-provider/web/robots.txt
+++ b/oidc-provider/web/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /
--- a/oidc-provider/web/static/main.css
+++ b/oidc-provider/web/static/main.css
@@ -0,0 +1 @@
+/* Mobicoop Solidaire — static styles are inlined in header.html */
--- a/oidc-provider/web/templates/approval.html
+++ b/oidc-provider/web/templates/approval.html
@@ -0,0 +1,22 @@
+{{ template "header.html" . }}
+
+    <h2>Autorisation</h2>
+
+    <p style="text-align:center; font-size:0.875rem; margin-bottom:1rem;">
+      <strong>{{ .Client }}</strong> souhaite acceder a votre compte.
+    </p>
+
+    {{ if .Scopes }}
+    <p style="font-size:0.875rem;">Permissions demandees :</p>
+    <ul class="scopes-list">
+      {{ range $s := .Scopes }}
+      <li>{{ $s }}</li>
+      {{ end }}
+    </ul>
+    {{ end }}
+
+    <form method="POST" action="{{ .Approval }}">
+      <button type="submit" class="btn-primary">Autoriser</button>
+    </form>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/device.html
+++ b/oidc-provider/web/templates/device.html
@@ -0,0 +1,21 @@
+{{ template "header.html" . }}
+
+    <h2>Connexion appareil</h2>
+
+    {{ if .Invalid }}
+    <div class="error-box">
+      Code invalide. Veuillez reessayer.
+    </div>
+    {{ end }}
+
+    <form method="POST" action="{{ .PostURL }}">
+      <div class="form-group">
+        <label for="user_code">Code utilisateur</label>
+        <input required id="user_code" name="user_code" type="text"
+               {{ if .UserCode }}value="{{ .UserCode }}"{{ end }}
+               placeholder="XXXX-XXXX" autofocus>
+      </div>
+      <button type="submit" class="btn-primary">Valider</button>
+    </form>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/device_success.html
+++ b/oidc-provider/web/templates/device_success.html
@@ -0,0 +1,9 @@
+{{ template "header.html" . }}
+
+    <h2>Appareil connecte</h2>
+
+    <p style="text-align:center; font-size:0.875rem;">
+      Votre appareil <strong>{{ .ClientName }}</strong> est maintenant connecte. Vous pouvez fermer cette page.
+    </p>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/error.html
+++ b/oidc-provider/web/templates/error.html
@@ -0,0 +1,14 @@
+{{ template "header.html" . }}
+
+    <h2>Erreur</h2>
+
+    <div class="error-box">
+      {{ if .ErrType }}<strong>{{ .ErrType }}</strong><br>{{ end }}
+      {{ if .ErrMsg }}{{ .ErrMsg }}{{ else }}Une erreur inattendue est survenue.{{ end }}
+    </div>
+
+    <div class="link-center">
+      <a href="javascript:history.back()">Retour</a>
+    </div>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/footer.html
+++ b/oidc-provider/web/templates/footer.html
@@ -0,0 +1,3 @@
+  </div>
+</body>
+</html>
--- a/oidc-provider/web/templates/header.html
+++ b/oidc-provider/web/templates/header.html
@@ -0,0 +1,161 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{ issuer }} - Connexion</title>
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap" rel="stylesheet">
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+    body {
+      font-family: 'Poppins', sans-serif;
+      background-color: #f9fafb;
+      color: #1f2937;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .card {
+      background: #fff;
+      border-radius: 1rem;
+      box-shadow: 0 1px 3px rgba(0,0,0,0.08);
+      padding: 2.5rem 2rem;
+      width: 100%;
+      max-width: 28rem;
+      margin: 1rem;
+    }
+
+    .logo {
+      display: block;
+      margin: 0 auto 1.5rem;
+      max-width: 200px;
+      height: auto;
+    }
+
+    h2 {
+      text-align: center;
+      font-size: 1.5rem;
+      font-weight: 600;
+      color: #243887;
+      margin-bottom: 1.5rem;
+    }
+
+    .form-group { margin-bottom: 1rem; }
+
+    label {
+      display: block;
+      font-size: 0.875rem;
+      font-weight: 500;
+      color: #374151;
+      margin-bottom: 0.25rem;
+    }
+
+    input[type="text"],
+    input[type="email"],
+    input[type="password"] {
+      width: 100%;
+      padding: 0.625rem 0.875rem;
+      border: 1px solid #d1d5db;
+      border-radius: 1rem;
+      font-family: 'Poppins', sans-serif;
+      font-size: 0.875rem;
+      outline: none;
+      transition: border-color 0.15s;
+    }
+
+    input[type="text"]:focus,
+    input[type="email"]:focus,
+    input[type="password"]:focus {
+      border-color: #243887;
+      box-shadow: 0 0 0 2px rgba(36,56,135,0.15);
+    }
+
+    .btn-primary {
+      display: block;
+      width: 100%;
+      padding: 0.625rem;
+      background-color: #243887;
+      color: #fff;
+      border: none;
+      border-radius: 1rem;
+      font-family: 'Poppins', sans-serif;
+      font-size: 0.875rem;
+      font-weight: 600;
+      cursor: pointer;
+      transition: background-color 0.15s;
+      margin-top: 1.25rem;
+    }
+
+    .btn-primary:hover { background-color: #1c2d6e; }
+
+    .error-box {
+      background-color: #fef2f2;
+      border: 1px solid #fecaca;
+      color: #991b1b;
+      padding: 0.75rem 1rem;
+      border-radius: 0.75rem;
+      font-size: 0.8125rem;
+      margin-bottom: 1rem;
+    }
+
+    .link-center {
+      text-align: center;
+      margin-top: 1rem;
+    }
+
+    .link-center a {
+      color: #243887;
+      font-size: 0.8125rem;
+      text-decoration: none;
+      font-weight: 500;
+    }
+
+    .link-center a:hover { text-decoration: underline; }
+
+    .back-link {
+      text-align: center;
+      margin-top: 0.75rem;
+    }
+
+    .back-link a {
+      color: #6b7280;
+      font-size: 0.8125rem;
+      text-decoration: none;
+    }
+
+    .back-link a:hover { text-decoration: underline; }
+
+    .connector-list { list-style: none; }
+
+    .connector-list li { margin-bottom: 0.5rem; }
+
+    .connector-list a {
+      display: block;
+      text-align: center;
+      padding: 0.625rem;
+      background-color: #243887;
+      color: #fff;
+      border-radius: 1rem;
+      text-decoration: none;
+      font-weight: 600;
+      font-size: 0.875rem;
+      transition: background-color 0.15s;
+    }
+
+    .connector-list a:hover { background-color: #1c2d6e; }
+
+    .scopes-list {
+      list-style: disc;
+      padding-left: 1.5rem;
+      margin: 1rem 0;
+      font-size: 0.875rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
--- a/oidc-provider/web/templates/login.html
+++ b/oidc-provider/web/templates/login.html
@@ -0,0 +1,18 @@
+{{ template "header.html" . }}
+
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 240 48" class="logo">
+      <text x="50%" y="50%" dominant-baseline="central" text-anchor="middle"
+            font-family="Poppins, sans-serif" font-weight="700" font-size="18" fill="#243887">
+        Mobicoop Solidaire
+      </text>
+    </svg>
+
+    <h2>Connexion</h2>
+
+    <ul class="connector-list">
+    {{ range $c := .Connectors }}
+      <li><a href="{{ $c.URL }}">{{ $c.Name }}</a></li>
+    {{ end }}
+    </ul>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/oob.html
+++ b/oidc-provider/web/templates/oob.html
@@ -0,0 +1,13 @@
+{{ template "header.html" . }}
+
+    <h2>Code d'autorisation</h2>
+
+    <p style="text-align:center; font-size:0.875rem; margin-bottom:1rem;">
+      Copiez ce code dans votre application :
+    </p>
+
+    <div style="text-align:center; font-size:1.25rem; font-weight:600; color:#243887; background:#f3f4f6; padding:1rem; border-radius:0.75rem; font-family:monospace;">
+      {{ .Code }}
+    </div>
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/templates/password.html
+++ b/oidc-provider/web/templates/password.html
@@ -0,0 +1,41 @@
+{{ template "header.html" . }}
+
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 240 48" class="logo">
+      <text x="50%" y="50%" dominant-baseline="central" text-anchor="middle"
+            font-family="Poppins, sans-serif" font-weight="700" font-size="18" fill="#243887">
+        Mobicoop Solidaire
+      </text>
+    </svg>
+
+    <h2>Connexion</h2>
+
+    {{ if .Invalid }}
+    <div class="error-box">
+      Identifiant ou mot de passe incorrect.
+    </div>
+    {{ end }}
+
+    <form method="POST" action="{{ .PostURL }}">
+      <div class="form-group">
+        <label for="login">{{ .UsernamePrompt }}</label>
+        <input tabindex="1" required id="login" name="login" type="email"
+               placeholder="email@exemple.fr"
+               {{ if .Username }}value="{{ .Username }}"{{ else }}autofocus{{ end }}>
+      </div>
+
+      <div class="form-group">
+        <label for="password">Mot de passe</label>
+        <input tabindex="2" required id="password" name="password" type="password"
+               placeholder="mot de passe" {{ if .Invalid }}autofocus{{ end }}>
+      </div>
+
+      <button tabindex="3" type="submit" class="btn-primary">Se connecter</button>
+    </form>
+
+    {{ if .BackLink }}
+    <div class="back-link">
+      <a href="{{ .BackLink }}">Choisir une autre methode de connexion</a>
+    </div>
+    {{ end }}
+
+{{ template "footer.html" . }}
--- a/oidc-provider/web/themes/light/styles.css
+++ b/oidc-provider/web/themes/light/styles.css
@@ -0,0 +1 @@
+/* Mobicoop Solidaire theme — styles are inlined in header.html */
				`@@ -0,0 +1 @@`
				`/* Mobicoop Solidaire — static styles are inlined in header.html */`
				`@@ -0,0 +1 @@`
				`/* Mobicoop Solidaire theme — styles are inlined in header.html */`