Authorization flow example
This commit is contained in:
parent
6a14ee6c36
commit
5167c76898
37
app.js
37
app.js
@ -7,35 +7,38 @@ async function run() {
|
|||||||
app.use(bodyParser.urlencoded());
|
app.use(bodyParser.urlencoded());
|
||||||
app.use(bodyParser.json())
|
app.use(bodyParser.json())
|
||||||
|
|
||||||
const issuer = await Issuer.discover('https://gateway-gab7y.codemowers.ee/');
|
const issuer = await Issuer.discover(process.env.OIDC_GATEWAY_URL);
|
||||||
console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
|
console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
|
||||||
|
|
||||||
const client = new issuer.Client({
|
const client = new issuer.Client({
|
||||||
client_id: 'foo',
|
client_id: process.env.OIDC_CLIENT_ID,
|
||||||
redirect_uris: ['https://client-gab7y.codemowers.ee/cb'],
|
client_secret: process.env.OIDC_CLIENT_SECRET,
|
||||||
response_types: ['id_token'],
|
redirect_uris: JSON.parse(process.env.OIDC_REDIRECT_URIS),
|
||||||
|
response_types: ['code'],
|
||||||
// id_token_signed_response_alg (default "RS256")
|
// id_token_signed_response_alg (default "RS256")
|
||||||
})
|
})
|
||||||
const nonce = generators.nonce();
|
const code_verifier = generators.codeVerifier();
|
||||||
|
const code_challenge = generators.codeChallenge(code_verifier);
|
||||||
|
|
||||||
|
|
||||||
app.get('/', async function (req, res) {
|
app.get('/', async function (req, res) {
|
||||||
let url = client.authorizationUrl({
|
let url = client.authorizationUrl({
|
||||||
redirect_uri: 'https://client-gab7y.codemowers.ee/cb',
|
redirect_uri: process.env.CLIENT_URL + '/cb',
|
||||||
scope: 'openid',
|
scope: 'openid profile',
|
||||||
response_mode: 'form_post',
|
response_type: 'code',
|
||||||
nonce,
|
code_challenge,
|
||||||
|
code_challenge_method: 'S256',
|
||||||
});
|
});
|
||||||
|
|
||||||
res.redirect(url);
|
res.redirect(url);
|
||||||
});
|
});
|
||||||
app.post('/cb', async function (req, res) {
|
app.get('/cb', async function (req, res) {
|
||||||
const params = client.callbackParams(req);
|
const params = client.callbackParams(req);
|
||||||
const tokenSet = await client.callback('https://client-gab7y.codemowers.ee/ok', params, {nonce});
|
const tokenSet = await client.callback(process.env.CLIENT_URL + '/cb', params,{ code_verifier });
|
||||||
console.log('received and validated tokens %j', tokenSet);
|
const userinfo = await client.userinfo(tokenSet.access_token);
|
||||||
console.log('validated ID Token claims %j', tokenSet.claims());
|
console.log('userinfo %j', userinfo);
|
||||||
res.send(tokenSet.claims());
|
res.send(userinfo)
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
app.listen(3000);
|
app.listen(3000);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -58,3 +58,10 @@ spec:
|
|||||||
image: oidc-test-client
|
image: oidc-test-client
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 3000
|
- containerPort: 3000
|
||||||
|
env:
|
||||||
|
- name: CLIENT_URL
|
||||||
|
value: client-gab7y.codemowers.ee
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: oidc-client-authorization-code-sample-client-owner-secrets
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user