Refactor OIDC configuration keys for consistency and clarity

cmd/start.go

@@ -37,7 +37,7 @@ var startCmd = &cobra.Command{
 			file      string
 			configKey string
 		}{
-			{viper.GetString("client-secret"), viper.GetString("client-secret-file"), "client-secret"},
+			{viper.GetString("oidc-sp-client-secret"), viper.GetString("oidc-sp-client-secret-file"), "oidc-sp-client-secret"},
 			{viper.GetString("session-secret"), viper.GetString("session-secret-file"), "session-secret"},
 			{viper.GetString("csrf-secret"), viper.GetString("csrf-secret-file"), "csrf-secret"},
 		}
@@ -89,13 +89,13 @@ func init() {
 	// Register flags with Cobra
 	// Do not set default values here. Use viper.SetDefault() instead. https://github.com/spf13/viper/issues/671
 	startCmd.Flags().StringP("port", "p", "", "Port to listen on")
-	startCmd.Flags().String("client-id", "", "OIDC Client ID")
+	startCmd.Flags().String("oidc-sp-client-id", "", "OIDC Client ID")
-	startCmd.Flags().String("issuer-url", "", "Identity Provider Issuer URL")
+	startCmd.Flags().String("oidc-idp-issuer-url", "", "Identity Provider Issuer URL")
 	startCmd.Flags().String("hostname", "", "Address at which the server is exposed")
 	startCmd.Flags().String("env", "", "Environment (development/production)")
 
-	startCmd.Flags().String("client-secret", "", "OIDC Client Secret")
+	startCmd.Flags().String("oidc-sp-client-secret", "", "OIDC Client Secret")
-	startCmd.Flags().String("client-secret-file", "", "Path to file containing OIDC Client Secret")
+	startCmd.Flags().String("oidc-sp-client-secret-file", "", "Path to file containing OIDC Client Secret")
 	startCmd.Flags().String("session-secret", "", "Secret key for session management (must be exactly 32 bytes)")
 	startCmd.Flags().String("session-secret-file", "", "Path to file containing session secret key")
 	startCmd.Flags().String("csrf-secret", "", "Secret key for CSRF protection (must be exactly 32 bytes)")

internal/auth/auth.go

@@ -40,15 +40,15 @@ func Setup() (*Config, error) {
 
 	// Initialize OIDC provider
 	ctx := context.Background()
-	provider, err := oidc.NewProvider(ctx, viper.GetString("issuer-url"))
+	provider, err := oidc.NewProvider(ctx, viper.GetString("oidc-idp-issuer-url"))
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize OIDC provider: %w", err)
 	}
 
 	// Create OAuth2 config
 	oauthConfig := &oauth2.Config{
-		ClientID:     viper.GetString("client-id"),
+		ClientID:     viper.GetString("oidc-sp-client-id"),
-		ClientSecret: viper.GetString("client-secret"),
+		ClientSecret: viper.GetString("oidc-sp-client-secret"),
 		RedirectURL:  viper.GetString("hostname") + "/callback",
 		Endpoint:     provider.Endpoint(),
 		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
@@ -240,7 +240,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Build logout URL
-	keycloakLogoutURL, err := url.Parse(viper.GetString("issuer-url") + "/protocol/openid-connect/logout")
+	keycloakLogoutURL, err := url.Parse(viper.GetString("oidc-idp-issuer-url") + "/protocol/openid-connect/logout")
 	if err != nil {
 		log.Printf("Error parsing logout URL: %v", err)
 		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
@@ -251,7 +251,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) {
 	q := keycloakLogoutURL.Query()
 	// Use logout-callback for completing the logout flow
 	q.Set("post_logout_redirect_uri", viper.GetString("hostname")+"/logout-callback")
-	q.Set("client_id", viper.GetString("client-id"))
+	q.Set("client_id", viper.GetString("oidc-sp-client-id"))
 	q.Set("state", state)
 
 	// Add id_token_hint if available
@@ -329,7 +329,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Build the registration URL using the specified registrations endpoint
-	baseURL := viper.GetString("issuer-url")
+	baseURL := viper.GetString("oidc-idp-issuer-url")
 	registrationURL, err := url.Parse(baseURL + "/protocol/openid-connect/registrations")
 	if err != nil {
 		log.Printf("Error parsing registration URL: %v", err)
@@ -339,7 +339,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) {
 
 	// Add query parameters
 	q := registrationURL.Query()
-	q.Set("client_id", viper.GetString("client-id"))
+	q.Set("client_id", viper.GetString("oidc-sp-client-id"))
 	q.Set("response_type", "code")
 	q.Set("scope", "openid email profile")
 	q.Set("redirect_uri", viper.GetString("hostname")+"/callback")

internal/embeds/mc-config.yaml

@@ -6,9 +6,9 @@
 # It is only used for local development purposes only
 
 port: 8081
-client-id: "member-console"
+oidc-sp-client-id: "member-console"
-client-secret: ""
+oidc-sp-client-secret: ""
-issuer-url: "http://localhost:8080/realms/master"
+oidc-idp-issuer-url: "http://localhost:8080/realms/master"
 hostname: "http://localhost:8081"
 session-secret: ""
 csrf-secret: ""

internal/server/server.go

@@ -116,7 +116,7 @@ func Start(ctx context.Context, cfg Config) error {
 		email, _ := session.Values["email"].(string)
 
 		// Create Keycloak Account URL
-		keycloakAccountURL := viper.GetString("issuer-url") + "/account"
+		keycloakAccountURL := viper.GetString("oidc-idp-issuer-url") + "/account"
 
 		data := struct {
 			Name               string

test/mc-config.yaml

@@ -6,9 +6,9 @@
 # It is only used for local development purposes only
 
 port: 8081
-client-id: "member-console"
+oidc-sp-client-id: "member-console"
-client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH"
+oidc-sp-client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH"
-issuer-url: "http://localhost:8080/realms/master"
+oidc-idp-issuer-url: "http://localhost:8080/realms/master"
 hostname: "http://localhost:8081"
 session-secret: "rJcniy2aWl3vwBcrMJfqsTL+Wys7EwDx/RC+DRrKcYg="
 csrf-secret: "e157b42a5b608882179cb4ac69c12f84"