mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 19:14:23 +00:00
34ec2508d3
* fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * feat: send email to users after domain claim * username * check origin on userinfo * update oidc pkg * fix: add migration 1.6 * change username * change username * remove unique email aggregate * change username in mgmt * search global user by login name * fix test * change user search in angular * fix tests * merge * userview in angular * fix merge * Update pkg/grpc/management/proto/management.proto Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/notification/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
97 lines
3.1 KiB
Go
97 lines
3.1 KiB
Go
package oidc
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/caos/logging"
|
|
"github.com/caos/oidc/pkg/op"
|
|
|
|
http_utils "github.com/caos/zitadel/internal/api/http"
|
|
"github.com/caos/zitadel/internal/api/http/middleware"
|
|
"github.com/caos/zitadel/internal/auth/repository"
|
|
"github.com/caos/zitadel/internal/config/types"
|
|
"github.com/caos/zitadel/internal/id"
|
|
)
|
|
|
|
type OPHandlerConfig struct {
|
|
OPConfig *op.Config
|
|
StorageConfig StorageConfig
|
|
UserAgentCookieConfig *http_utils.UserAgentCookieConfig
|
|
Cache *middleware.CacheConfig
|
|
Endpoints *EndpointConfig
|
|
}
|
|
|
|
type StorageConfig struct {
|
|
DefaultLoginURL string
|
|
SigningKeyAlgorithm string
|
|
DefaultAccessTokenLifetime types.Duration
|
|
DefaultIdTokenLifetime types.Duration
|
|
}
|
|
|
|
type EndpointConfig struct {
|
|
Auth *Endpoint
|
|
Token *Endpoint
|
|
Userinfo *Endpoint
|
|
EndSession *Endpoint
|
|
Keys *Endpoint
|
|
}
|
|
|
|
type Endpoint struct {
|
|
Path string
|
|
URL string
|
|
}
|
|
|
|
type OPStorage struct {
|
|
repo repository.Repository
|
|
defaultLoginURL string
|
|
defaultAccessTokenLifetime time.Duration
|
|
defaultIdTokenLifetime time.Duration
|
|
signingKeyAlgorithm string
|
|
}
|
|
|
|
func NewProvider(ctx context.Context, config OPHandlerConfig, repo repository.Repository) op.OpenIDProvider {
|
|
cookieHandler, err := http_utils.NewUserAgentHandler(config.UserAgentCookieConfig, id.SonyFlakeGenerator)
|
|
logging.Log("OIDC-sd4fd").OnError(err).Panic("cannot user agent handler")
|
|
nextHandler := func(handlerFunc http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
middleware.NoCacheInterceptor(http_utils.CopyHeadersToContext(handlerFunc))
|
|
}
|
|
}
|
|
config.OPConfig.CodeMethodS256 = true
|
|
provider, err := op.NewDefaultOP(
|
|
ctx,
|
|
config.OPConfig,
|
|
newStorage(config.StorageConfig, repo),
|
|
op.WithHttpInterceptor(
|
|
UserAgentCookieHandler(
|
|
cookieHandler,
|
|
nextHandler,
|
|
),
|
|
),
|
|
op.WithCustomAuthEndpoint(op.NewEndpointWithURL(config.Endpoints.Auth.Path, config.Endpoints.Auth.URL)),
|
|
op.WithCustomTokenEndpoint(op.NewEndpointWithURL(config.Endpoints.Token.Path, config.Endpoints.Token.URL)),
|
|
op.WithCustomUserinfoEndpoint(op.NewEndpointWithURL(config.Endpoints.Userinfo.Path, config.Endpoints.Userinfo.URL)),
|
|
op.WithCustomEndSessionEndpoint(op.NewEndpointWithURL(config.Endpoints.EndSession.Path, config.Endpoints.EndSession.URL)),
|
|
op.WithCustomKeysEndpoint(op.NewEndpointWithURL(config.Endpoints.Keys.Path, config.Endpoints.Keys.URL)),
|
|
op.WithRetry(3, time.Duration(30*time.Second)),
|
|
)
|
|
logging.Log("OIDC-asf13").OnError(err).Panic("cannot create provider")
|
|
return provider
|
|
}
|
|
|
|
func newStorage(config StorageConfig, repo repository.Repository) *OPStorage {
|
|
return &OPStorage{
|
|
repo: repo,
|
|
defaultLoginURL: config.DefaultLoginURL,
|
|
signingKeyAlgorithm: config.SigningKeyAlgorithm,
|
|
defaultAccessTokenLifetime: config.DefaultAccessTokenLifetime.Duration,
|
|
defaultIdTokenLifetime: config.DefaultIdTokenLifetime.Duration,
|
|
}
|
|
}
|
|
|
|
func (o *OPStorage) Health(ctx context.Context) error {
|
|
return o.repo.Health(ctx)
|
|
}
|