Commit 8057177e authored by Simon Schürg's avatar Simon Schürg 🚀
Browse files

Add file storage caching and improved types

parent 4b9cb684
......@@ -25,6 +25,7 @@ func RefreshToken(issuer, clientID, refreshToken string) *TokenSet {
"grant_type": "refresh_token",
"client_id": clientID,
"refresh_token": refreshToken,
"scope": "openid",
})
resp, err := client.Post(oidcMeta.TokenEndpoint)
LogRestyResp(resp, err)
......@@ -42,6 +43,7 @@ func ClientCredenitalsAuth(issuer, clientID, clientSecret string) *TokenSet {
"grant_type": "client_credentials",
"client_id": clientID,
"client_secret": clientSecret,
"scope": "openid",
})
resp, err := client.Post(oidcMeta.TokenEndpoint)
LogRestyResp(resp, err)
......@@ -60,6 +62,7 @@ func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string) *
"client_id": clientID,
"username": username,
"password": password,
"scope": "openid",
})
resp, err := client.Post(oidcMeta.TokenEndpoint)
LogRestyResp(resp, err)
......
......@@ -28,11 +28,15 @@ type TokenErrorResponse struct {
// TokenSet is the successful response of issuing an access token as defined by RFC6749.
// See https://tools.ietf.org/html/rfc6749#section-5.1
type TokenSet struct {
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
RefreshExpiresIn int `json:"refresh_expires_in,omitempty"`
IDToken string `json:"id_token,omitempty"`
Scope string `json:"scope,omitempty"`
NotBeforePolicy int `json:"not-before-policy,omitempty"`
SessionState string `json:"session_state,omitempty"`
}
// OpenIDProviderMetadata is the description of the OpenID Providers configuration.
......@@ -239,6 +243,7 @@ type OpenIDAddressClaim struct {
// See https://tools.ietf.org/html/rfc7517#section-5
type JWKSet struct {
Keys []JWK `json:"keys"`
// rawJson []byte
}
// DiscoverOidcMetadata fetches OpenID Connect Provider configuration
......@@ -263,6 +268,7 @@ func FetchJWKSet(issuer string) *JWKSet {
var jwkSet JWKSet
err = json.Unmarshal(resp.Body(), &jwkSet)
FatalOnError(err)
WriteJWKSet(issuer, &jwkSet)
return &jwkSet
}
......
package internal
import (
"fmt"
"io/ioutil"
"net/url"
"os"
"path/filepath"
"github.com/mitchellh/go-homedir"
)
func EnsureDirExists(dirPath string) string {
dirPath = filepath.FromSlash(dirPath)
if _, err := os.Stat(dirPath); os.IsNotExist(err) {
err := os.MkdirAll(dirPath, 0700)
FatalOnError(err)
}
return dirPath
}
func CacheDir() string {
home, err := homedir.Dir()
FatalOnError(err)
xdgCacheHome := os.Getenv("XDG_CACHE_HOME")
if xdgCacheHome == "" {
xdgCacheHome = fmt.Sprintf("%s/.cache", home)
}
actlCacheDir := fmt.Sprintf("%s/actl", xdgCacheHome)
EnsureDirExists(actlCacheDir)
return actlCacheDir
}
func WriteFile(fileContent []byte, path string) {
EnsureDirExists(filepath.Dir(path))
err := ioutil.WriteFile(path, fileContent, 0600)
FatalOnError(err)
}
func WriteJWT(jwt []byte, symlinkLatest bool) {}
func WriteJWKSet(issuer string, jwkSet *JWKSet) {
dir := fmt.Sprintf("%s/issuer/%s/certs", CacheDir(), url.QueryEscape(issuer))
for _, jwk := range jwkSet.Keys {
WriteFile([]byte(jwk.Kid), fmt.Sprintf("%s/%s", dir, jwk.Kid))
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment