Compare commits
2 Commits
authorizat
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 6c19409567 | |||
| f0bce986f1 |
@ -5,6 +5,7 @@ README.md
|
|||||||
.git/
|
.git/
|
||||||
node_modules/
|
node_modules/
|
||||||
.drone.yml
|
.drone.yml
|
||||||
|
deployment.yaml
|
||||||
|
|
||||||
# Editor directories and files
|
# Editor directories and files
|
||||||
.vscode/*
|
.vscode/*
|
||||||
|
|||||||
54
app.js
54
app.js
@ -9,61 +9,31 @@ async function run() {
|
|||||||
|
|
||||||
const issuer = await Issuer.discover(process.env.OIDC_GATEWAY_URI);
|
const issuer = await Issuer.discover(process.env.OIDC_GATEWAY_URI);
|
||||||
console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
|
console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
|
||||||
|
|
||||||
const client = new issuer.Client({
|
const client = new issuer.Client({
|
||||||
client_id: process.env.OIDC_CLIENT_ID,
|
client_id: process.env.OIDC_CLIENT_ID,
|
||||||
client_secret: process.env.OIDC_CLIENT_SECRET,
|
|
||||||
redirect_uris: [process.env.OIDC_REDIRECT_URIS],
|
redirect_uris: [process.env.OIDC_REDIRECT_URIS],
|
||||||
response_types: ['code'],
|
response_types: ['id_token'],
|
||||||
// id_token_signed_response_alg (default "RS256")
|
// id_token_signed_response_alg (default "RS256")
|
||||||
})
|
})
|
||||||
const code_verifier = generators.codeVerifier();
|
const nonce = generators.nonce();
|
||||||
const code_challenge = generators.codeChallenge(code_verifier);
|
|
||||||
|
|
||||||
|
|
||||||
app.get('/', async function (req, res) {
|
app.get('/', async function (req, res) {
|
||||||
let url = client.authorizationUrl({
|
let url = client.authorizationUrl({
|
||||||
redirect_uri: process.env.CLIENT_URL + '/cb',
|
redirect_uri: process.env.CLIENT_URL + '/cb',
|
||||||
scope: 'openid profile offline_access',
|
scope: 'openid',
|
||||||
response_type: 'code',
|
response_mode: 'form_post',
|
||||||
code_challenge,
|
nonce,
|
||||||
code_challenge_method: 'S256',
|
|
||||||
});
|
});
|
||||||
|
|
||||||
res.redirect(url);
|
res.redirect(url);
|
||||||
});
|
});
|
||||||
|
app.post('/cb', async function (req, res) {
|
||||||
app.get('/cb', async function (req, res) {
|
const params = client.callbackParams(req);
|
||||||
const params = client.callbackParams(req);
|
const tokenSet = await client.callback(process.env.CLIENT_URL + '/cb', params, {nonce});
|
||||||
const tokenSet = await client.callback(process.env.CLIENT_URL + '/cb', params,{ code_verifier });
|
console.log('received and validated tokens %j', tokenSet);
|
||||||
const userinfo = await client.userinfo(tokenSet.access_token);
|
console.log('validated ID Token claims %j', tokenSet.claims());
|
||||||
res.send(
|
res.send(tokenSet.claims());
|
||||||
`
|
|
||||||
<code>${JSON.stringify(userinfo)}</code>
|
|
||||||
<code>${JSON.stringify(tokenSet)}</code>
|
|
||||||
<a href="/refresh/${tokenSet.refresh_token}">refresh</a>
|
|
||||||
<a href="/access/${tokenSet.access_token}">access</a>
|
|
||||||
`
|
|
||||||
)
|
|
||||||
});
|
|
||||||
|
|
||||||
app.get('/access/:token', async function (req, res) {
|
|
||||||
const access = await client.userinfo(req.params.token)
|
|
||||||
res.send(
|
|
||||||
`
|
|
||||||
<code>${JSON.stringify(access)}</code>
|
|
||||||
<a href="/access/${req.params.token}">access</a>
|
|
||||||
`
|
|
||||||
)
|
|
||||||
});
|
|
||||||
|
|
||||||
app.get('/refresh/:token', async function (req, res) {
|
|
||||||
const refresh = await client.refresh(req.params.token)
|
|
||||||
res.send(
|
|
||||||
`
|
|
||||||
<code>${JSON.stringify(refresh)}</code>
|
|
||||||
<a href="/refresh/${refresh.refresh_token}">refresh</a>
|
|
||||||
`
|
|
||||||
)
|
|
||||||
});
|
});
|
||||||
|
|
||||||
app.listen(3000);
|
app.listen(3000);
|
||||||
|
|||||||
@ -1,27 +1,4 @@
|
|||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: OIDCGWClient
|
|
||||||
metadata:
|
|
||||||
name: authorization-code-sample-client
|
|
||||||
spec:
|
|
||||||
uri: 'https://client-gab7y.codemowers.ee/'
|
|
||||||
redirectUris:
|
|
||||||
- 'https://client-gab7y.codemowers.ee/cb'
|
|
||||||
# allowedGroups: # if no groups are set, everyone is allowed
|
|
||||||
# - 'codemowers:users'
|
|
||||||
grantTypes:
|
|
||||||
- 'authorization_code'
|
|
||||||
- 'refresh_token' # might be supported by some implementations
|
|
||||||
responseTypes:
|
|
||||||
- 'code'
|
|
||||||
# - 'code id_token' # might be needed in some implementations
|
|
||||||
availableScopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'profile'
|
|
||||||
- 'offline_access'
|
|
||||||
tokenEndpointAuthMethod: 'client_secret_basic'
|
|
||||||
pkce: true
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
@ -86,5 +63,4 @@ spec:
|
|||||||
value: https://client-gab7y.codemowers.ee
|
value: https://client-gab7y.codemowers.ee
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: oidc-client-authorization-code-sample-client-owner-secrets
|
name: oidc-client-implicit-id-token-sample-client-owner-secrets
|
||||||
|
|
||||||
|
|||||||
1044
package-lock.json
generated
1044
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user