Add file storage caching and improved types

internal/auth.go

@@ -25,6 +25,7 @@ func RefreshToken(issuer, clientID, refreshToken string) *TokenSet {
 		"grant_type":    "refresh_token",
 		"client_id":     clientID,
 		"refresh_token": refreshToken,
+		"scope":         "openid",
 	})
 	resp, err := client.Post(oidcMeta.TokenEndpoint)
 	LogRestyResp(resp, err)
@@ -42,6 +43,7 @@ func ClientCredenitalsAuth(issuer, clientID, clientSecret string) *TokenSet {
 		"grant_type":    "client_credentials",
 		"client_id":     clientID,
 		"client_secret": clientSecret,
+		"scope":         "openid",
 	})
 	resp, err := client.Post(oidcMeta.TokenEndpoint)
 	LogRestyResp(resp, err)
@@ -60,6 +62,7 @@ func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string) *
 		"client_id":  clientID,
 		"username":   username,
 		"password":   password,
+		"scope":      "openid",
 	})
 	resp, err := client.Post(oidcMeta.TokenEndpoint)
 	LogRestyResp(resp, err)

internal/oidc.go

@@ -28,11 +28,15 @@ type TokenErrorResponse struct {
 // TokenSet is the successful response of issuing an access token as defined by RFC6749.
 // See https://tools.ietf.org/html/rfc6749#section-5.1
 type TokenSet struct {
-	AccessToken  string `json:"access_token,omitempty"`
-	TokenType    string `json:"token_type,omitempty"`
-	ExpiresIn    int    `json:"expires_in,omitempty"`
-	RefreshToken string `json:"refresh_token,omitempty"`
-	Scope        string `json:"scope,omitempty"`
+	AccessToken      string `json:"access_token,omitempty"`
+	TokenType        string `json:"token_type,omitempty"`
+	ExpiresIn        int    `json:"expires_in,omitempty"`
+	RefreshToken     string `json:"refresh_token,omitempty"`
+	RefreshExpiresIn int    `json:"refresh_expires_in,omitempty"`
+	IDToken          string `json:"id_token,omitempty"`
+	Scope            string `json:"scope,omitempty"`
+	NotBeforePolicy  int    `json:"not-before-policy,omitempty"`
+	SessionState     string `json:"session_state,omitempty"`
 }
 
 // OpenIDProviderMetadata is the description of the OpenID Providers configuration.
@@ -239,6 +243,7 @@ type OpenIDAddressClaim struct {
 // See https://tools.ietf.org/html/rfc7517#section-5
 type JWKSet struct {
 	Keys []JWK `json:"keys"`
+	// rawJson []byte
 }
 
 // DiscoverOidcMetadata fetches OpenID Connect Provider configuration
@@ -263,6 +268,7 @@ func FetchJWKSet(issuer string) *JWKSet {
 	var jwkSet JWKSet
 	err = json.Unmarshal(resp.Body(), &jwkSet)
 	FatalOnError(err)
+	WriteJWKSet(issuer, &jwkSet)
 	return &jwkSet
 }
 

internal/storage.go

+package internal
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"os"
+	"path/filepath"
+
+	"github.com/mitchellh/go-homedir"
+)
+
+func EnsureDirExists(dirPath string) string {
+	dirPath = filepath.FromSlash(dirPath)
+	if _, err := os.Stat(dirPath); os.IsNotExist(err) {
+		err := os.MkdirAll(dirPath, 0700)
+		FatalOnError(err)
+	}
+	return dirPath
+}
+
+func CacheDir() string {
+	home, err := homedir.Dir()
+	FatalOnError(err)
+	xdgCacheHome := os.Getenv("XDG_CACHE_HOME")
+	if xdgCacheHome == "" {
+		xdgCacheHome = fmt.Sprintf("%s/.cache", home)
+	}
+	actlCacheDir := fmt.Sprintf("%s/actl", xdgCacheHome)
+	EnsureDirExists(actlCacheDir)
+	return actlCacheDir
+}
+
+func WriteFile(fileContent []byte, path string) {
+	EnsureDirExists(filepath.Dir(path))
+	err := ioutil.WriteFile(path, fileContent, 0600)
+	FatalOnError(err)
+}
+
+func WriteJWT(jwt []byte, symlinkLatest bool) {}
+
+func WriteJWKSet(issuer string, jwkSet *JWKSet) {
+	dir := fmt.Sprintf("%s/issuer/%s/certs", CacheDir(), url.QueryEscape(issuer))
+	for _, jwk := range jwkSet.Keys {
+		WriteFile([]byte(jwk.Kid), fmt.Sprintf("%s/%s", dir, jwk.Kid))
+	}
+}