diff --git a/app.js b/app.js index 0b78980..1f73a51 100644 --- a/app.js +++ b/app.js @@ -7,35 +7,38 @@ async function run() { app.use(bodyParser.urlencoded()); app.use(bodyParser.json()) - const issuer = await Issuer.discover('https://gateway-gab7y.codemowers.ee/'); + const issuer = await Issuer.discover(process.env.OIDC_GATEWAY_URL); console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata); - const client = new issuer.Client({ - client_id: 'foo', - redirect_uris: ['https://client-gab7y.codemowers.ee/cb'], - response_types: ['id_token'], + client_id: process.env.OIDC_CLIENT_ID, + client_secret: process.env.OIDC_CLIENT_SECRET, + redirect_uris: JSON.parse(process.env.OIDC_REDIRECT_URIS), + response_types: ['code'], // id_token_signed_response_alg (default "RS256") }) - const nonce = generators.nonce(); + const code_verifier = generators.codeVerifier(); + const code_challenge = generators.codeChallenge(code_verifier); + app.get('/', async function (req, res) { let url = client.authorizationUrl({ - redirect_uri: 'https://client-gab7y.codemowers.ee/cb', - scope: 'openid', - response_mode: 'form_post', - nonce, + redirect_uri: process.env.CLIENT_URL + '/cb', + scope: 'openid profile', + response_type: 'code', + code_challenge, + code_challenge_method: 'S256', }); - res.redirect(url); }); - app.post('/cb', async function (req, res) { - const params = client.callbackParams(req); - const tokenSet = await client.callback('https://client-gab7y.codemowers.ee/ok', params, {nonce}); - console.log('received and validated tokens %j', tokenSet); - console.log('validated ID Token claims %j', tokenSet.claims()); - res.send(tokenSet.claims()); + app.get('/cb', async function (req, res) { + const params = client.callbackParams(req); + const tokenSet = await client.callback(process.env.CLIENT_URL + '/cb', params,{ code_verifier }); + const userinfo = await client.userinfo(tokenSet.access_token); + console.log('userinfo %j', userinfo); + res.send(userinfo) }); + app.listen(3000); } diff --git a/deployment.yaml b/deployment.yaml index b56a10e..f48b66a 100644 --- a/deployment.yaml +++ b/deployment.yaml @@ -58,3 +58,10 @@ spec: image: oidc-test-client ports: - containerPort: 3000 + env: + - name: CLIENT_URL + value: client-gab7y.codemowers.ee + envFrom: + - secretRef: + name: oidc-client-authorization-code-sample-client-owner-secrets +