wiki-cafe/member-console
0
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Activity

Refactor OIDC configuration keys for consistency and clarity

Browse Source
This commit is contained in:
Christian Galo 2025-05-18 17:48:51 -05:00
parent e51c71da67
commit ed00e1150f
5 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/start.go
View File

@ -37,7 +37,7 @@ var startCmd = &cobra.Command{
file string
configKey string
}{
{viper.GetString("client-secret"), viper.GetString("client-secret-file"), "client-secret"},
{viper.GetString("oidc-sp-client-secret"), viper.GetString("oidc-sp-client-secret-file"), "oidc-sp-client-secret"},
{viper.GetString("session-secret"), viper.GetString("session-secret-file"), "session-secret"},
{viper.GetString("csrf-secret"), viper.GetString("csrf-secret-file"), "csrf-secret"},
}
@ -89,13 +89,13 @@ func init() {
// Register flags with Cobra
// Do not set default values here. Use viper.SetDefault() instead. https://github.com/spf13/viper/issues/671
startCmd.Flags().StringP("port", "p", "", "Port to listen on")
startCmd.Flags().String("client-id", "", "OIDC Client ID")
startCmd.Flags().String("issuer-url", "", "Identity Provider Issuer URL")
startCmd.Flags().String("oidc-sp-client-id", "", "OIDC Client ID")
startCmd.Flags().String("oidc-idp-issuer-url", "", "Identity Provider Issuer URL")
startCmd.Flags().String("hostname", "", "Address at which the server is exposed")
startCmd.Flags().String("env", "", "Environment (development/production)")
startCmd.Flags().String("client-secret", "", "OIDC Client Secret")
startCmd.Flags().String("client-secret-file", "", "Path to file containing OIDC Client Secret")
startCmd.Flags().String("oidc-sp-client-secret", "", "OIDC Client Secret")
startCmd.Flags().String("oidc-sp-client-secret-file", "", "Path to file containing OIDC Client Secret")
startCmd.Flags().String("session-secret", "", "Secret key for session management (must be exactly 32 bytes)")
startCmd.Flags().String("session-secret-file", "", "Path to file containing session secret key")
startCmd.Flags().String("csrf-secret", "", "Secret key for CSRF protection (must be exactly 32 bytes)")

14
internal/auth/auth.go
View File

@ -40,15 +40,15 @@ func Setup() (*Config, error) {
// Initialize OIDC provider
ctx := context.Background()
provider, err := oidc.NewProvider(ctx, viper.GetString("issuer-url"))
provider, err := oidc.NewProvider(ctx, viper.GetString("oidc-idp-issuer-url"))
if err != nil {
return nil, fmt.Errorf("failed to initialize OIDC provider: %w", err)
}
// Create OAuth2 config
oauthConfig := &oauth2.Config{
ClientID: viper.GetString("client-id"),
ClientSecret: viper.GetString("client-secret"),
ClientID: viper.GetString("oidc-sp-client-id"),
ClientSecret: viper.GetString("oidc-sp-client-secret"),
RedirectURL: viper.GetString("hostname") + "/callback",
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
@ -240,7 +240,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) {
}
// Build logout URL
keycloakLogoutURL, err := url.Parse(viper.GetString("issuer-url") + "/protocol/openid-connect/logout")
keycloakLogoutURL, err := url.Parse(viper.GetString("oidc-idp-issuer-url") + "/protocol/openid-connect/logout")
if err != nil {
log.Printf("Error parsing logout URL: %v", err)
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
@ -251,7 +251,7 @@ func (c *Config) LogoutHandler(w http.ResponseWriter, r *http.Request) {
q := keycloakLogoutURL.Query()
// Use logout-callback for completing the logout flow
q.Set("post_logout_redirect_uri", viper.GetString("hostname")+"/logout-callback")
q.Set("client_id", viper.GetString("client-id"))
q.Set("client_id", viper.GetString("oidc-sp-client-id"))
q.Set("state", state)
// Add id_token_hint if available
@ -329,7 +329,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) {
}
// Build the registration URL using the specified registrations endpoint
baseURL := viper.GetString("issuer-url")
baseURL := viper.GetString("oidc-idp-issuer-url")
registrationURL, err := url.Parse(baseURL + "/protocol/openid-connect/registrations")
if err != nil {
log.Printf("Error parsing registration URL: %v", err)
@ -339,7 +339,7 @@ func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) {
// Add query parameters
q := registrationURL.Query()
q.Set("client_id", viper.GetString("client-id"))
q.Set("client_id", viper.GetString("oidc-sp-client-id"))
q.Set("response_type", "code")
q.Set("scope", "openid email profile")
q.Set("redirect_uri", viper.GetString("hostname")+"/callback")

6
internal/embeds/mc-config.yaml
View File

@ -6,9 +6,9 @@
# It is only used for local development purposes only
port: 8081
client-id: "member-console"
client-secret: ""
issuer-url: "http://localhost:8080/realms/master"
oidc-sp-client-id: "member-console"
oidc-sp-client-secret: ""
oidc-idp-issuer-url: "http://localhost:8080/realms/master"
hostname: "http://localhost:8081"
session-secret: ""
csrf-secret: ""

2
internal/server/server.go
View File

@ -116,7 +116,7 @@ func Start(ctx context.Context, cfg Config) error {
email, _ := session.Values["email"].(string)
// Create Keycloak Account URL
keycloakAccountURL := viper.GetString("issuer-url") + "/account"
keycloakAccountURL := viper.GetString("oidc-idp-issuer-url") + "/account"
data := struct {
Name string

6
test/mc-config.yaml
View File

@ -6,9 +6,9 @@
# It is only used for local development purposes only
port: 8081
client-id: "member-console"
client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH"
issuer-url: "http://localhost:8080/realms/master"
oidc-sp-client-id: "member-console"
oidc-sp-client-secret: "CigQbREzhFCekZ8yvV3CaCFrHOgANgaH"
oidc-idp-issuer-url: "http://localhost:8080/realms/master"
hostname: "http://localhost:8081"
session-secret: "rJcniy2aWl3vwBcrMJfqsTL+Wys7EwDx/RC+DRrKcYg="
csrf-secret: "e157b42a5b608882179cb4ac69c12f84"