diff --git a/cmd/start.go b/cmd/start.go index 58159c0..2fe90b7 100644 --- a/cmd/start.go +++ b/cmd/start.go @@ -37,7 +37,7 @@ var startCmd = &cobra.Command{ file string configKey string }{ - {viper.GetString("client-secret"), viper.GetString("client-secret-file"), "client-secret"}, + {viper.GetString("oidc-sp-client-secret"), viper.GetString("oidc-sp-client-secret-file"), "oidc-sp-client-secret"}, {viper.GetString("session-secret"), viper.GetString("session-secret-file"), "session-secret"}, {viper.GetString("csrf-secret"), viper.GetString("csrf-secret-file"), "csrf-secret"}, } @@ -89,13 +89,13 @@ func init() { // Register flags with Cobra // Do not set default values here. Use viper.SetDefault() instead. https://github.com/spf13/viper/issues/671 startCmd.Flags().StringP("port", "p", "", "Port to listen on") - startCmd.Flags().String("client-id", "", "OIDC Client ID") - startCmd.Flags().String("issuer-url", "", "Identity Provider Issuer URL") + startCmd.Flags().String("oidc-sp-client-id", "", "OIDC Client ID") + startCmd.Flags().String("oidc-idp-issuer-url", "", "Identity Provider Issuer URL") startCmd.Flags().String("hostname", "", "Address at which the server is exposed") startCmd.Flags().String("env", "", "Environment (development/production)") - startCmd.Flags().String("client-secret", "", "OIDC Client Secret") - startCmd.Flags().String("client-secret-file", "", "Path to file containing OIDC Client Secret") + startCmd.Flags().String("oidc-sp-client-secret", "", "OIDC Client Secret") + startCmd.Flags().String("oidc-sp-client-secret-file", "", "Path to file containing OIDC Client Secret") startCmd.Flags().String("session-secret", "", "Secret key for session management (must be exactly 32 bytes)") startCmd.Flags().String("session-secret-file", "", "Path to file containing session secret key") startCmd.Flags().String("csrf-secret", "", "Secret key for CSRF protection (must be exactly 32 bytes)") diff --git a/internal/auth/auth.go b/internal/auth/auth.go index a9d80c3..76bfed6 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -40,15 +40,15 @@ func Setup() (*Config, error) { // Initialize OIDC provider ctx := context.Background() - provider, err := oidc.NewProvider(ctx, viper.GetString("issuer-url")) + provider, err := oidc.NewProvider(ctx, viper.GetString("oidc-idp-issuer-url")) if err != nil { return nil, fmt.Errorf("failed to initialize OIDC provider: %w", err) } // Create OAuth2 config oauthConfig := &oauth2.Config{ - ClientID: viper.GetString("client-id"), - ClientSecret: viper.GetString("client-secret"), + ClientID: viper.GetString("oidc-sp-client-id"), + ClientSecret: viper.GetString("oidc-sp-client-secret"), RedirectURL: viper.GetString("hostname") + "/callback", Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, @@ -240,7 +240,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) { } // Build logout URL - keycloakLogoutURL, err := url.Parse(viper.GetString("issuer-url") + "/protocol/openid-connect/logout") + keycloakLogoutURL, err := url.Parse(viper.GetString("oidc-idp-issuer-url") + "/protocol/openid-connect/logout") if err != nil { log.Printf("Error parsing logout URL: %v", err) http.Error(w, "Internal Server Error", http.StatusInternalServerError) @@ -251,7 +251,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) { q := keycloakLogoutURL.Query() // Use logout-callback for completing the logout flow q.Set("post_logout_redirect_uri", viper.GetString("hostname")+"/logout-callback") - q.Set("client_id", viper.GetString("client-id")) + q.Set("client_id", viper.GetString("oidc-sp-client-id")) q.Set("state", state) // Add id_token_hint if available @@ -329,7 +329,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) { } // Build the registration URL using the specified registrations endpoint - baseURL := viper.GetString("issuer-url") + baseURL := viper.GetString("oidc-idp-issuer-url") registrationURL, err := url.Parse(baseURL + "/protocol/openid-connect/registrations") if err != nil { log.Printf("Error parsing registration URL: %v", err) @@ -339,7 +339,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) { // Add query parameters q := registrationURL.Query() - q.Set("client_id", viper.GetString("client-id")) + q.Set("client_id", viper.GetString("oidc-sp-client-id")) q.Set("response_type", "code") q.Set("scope", "openid email profile") q.Set("redirect_uri", viper.GetString("hostname")+"/callback") diff --git a/internal/embeds/mc-config.yaml b/internal/embeds/mc-config.yaml index 220fc4e..3921eb8 100644 --- a/internal/embeds/mc-config.yaml +++ b/internal/embeds/mc-config.yaml @@ -6,9 +6,9 @@ # It is only used for local development purposes only port: 8081 -client-id: "member-console" -client-secret: "" -issuer-url: "http://localhost:8080/realms/master" +oidc-sp-client-id: "member-console" +oidc-sp-client-secret: "" +oidc-idp-issuer-url: "http://localhost:8080/realms/master" hostname: "http://localhost:8081" session-secret: "" csrf-secret: "" \ No newline at end of file diff --git a/internal/server/server.go b/internal/server/server.go index 077f671..ec9e5ea 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -116,7 +116,7 @@ func Start(ctx context.Context, cfg Config) error { email, _ := session.Values["email"].(string) // Create Keycloak Account URL - keycloakAccountURL := viper.GetString("issuer-url") + "/account" + keycloakAccountURL := viper.GetString("oidc-idp-issuer-url") + "/account" data := struct { Name string diff --git a/test/mc-config.yaml b/test/mc-config.yaml index 40c7a93..1271051 100644 --- a/test/mc-config.yaml +++ b/test/mc-config.yaml @@ -6,9 +6,9 @@ # It is only used for local development purposes only port: 8081 -client-id: "member-console" -client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH" -issuer-url: "http://localhost:8080/realms/master" +oidc-sp-client-id: "member-console" +oidc-sp-client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH" +oidc-idp-issuer-url: "http://localhost:8080/realms/master" hostname: "http://localhost:8081" session-secret: "rJcniy2aWl3vwBcrMJfqsTL+Wys7EwDx/RC+DRrKcYg=" csrf-secret: "e157b42a5b608882179cb4ac69c12f84" \ No newline at end of file