Use a struct for connector data within OIDC connector

This commit is contained in:
Joel Speed 2019-09-25 21:20:19 +01:00
parent f6077083c9
commit 77fcf9ad77
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB

View File

@ -3,6 +3,7 @@ package oidc
import ( import (
"context" "context"
"encoding/json"
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
@ -61,6 +62,11 @@ var brokenAuthHeaderDomains = []string{
"oktapreview.com", "oktapreview.com",
} }
// connectorData stores information for sessions authenticated by this connector
type connectorData struct {
refreshToken []byte
}
// Detect auth header provider issues for known providers. This lets users // Detect auth header provider issues for known providers. This lets users
// avoid having to explicitly set "basicAuthUnsupported" in their config. // avoid having to explicitly set "basicAuthUnsupported" in their config.
// //
@ -210,8 +216,14 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide
// Refresh is used to refresh a session with the refresh token provided by the IdP // Refresh is used to refresh a session with the refresh token provided by the IdP
func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) { func (c *oidcConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
cd := connectorData{}
err := json.Unmarshal(identity.ConnectorData, &cd)
if err != nil {
return identity, fmt.Errorf("oidc: failed to unmarshal connector data: %v", err)
}
t := &oauth2.Token{ t := &oauth2.Token{
RefreshToken: string(identity.ConnectorData), RefreshToken: string(cd.refreshToken),
Expiry: time.Now().Add(-time.Hour), Expiry: time.Now().Add(-time.Hour),
} }
token, err := c.oauth2Config.TokenSource(ctx, t).Token() token, err := c.oauth2Config.TokenSource(ctx, t).Token()
@ -284,12 +296,21 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
} }
} }
cd := connectorData{
refreshToken: []byte(token.RefreshToken),
}
connData, err := json.Marshal(&cd)
if err != nil {
return identity, fmt.Errorf("oidc: failed to encode connector data: %v", err)
}
identity = connector.Identity{ identity = connector.Identity{
UserID: idToken.Subject, UserID: idToken.Subject,
Username: name, Username: name,
Email: email, Email: email,
EmailVerified: emailVerified, EmailVerified: emailVerified,
ConnectorData: []byte(token.RefreshToken), ConnectorData: connData,
} }
if c.userIDKey != "" { if c.userIDKey != "" {