From fa5bd34bea32f0a38948f2c7875aed733c62e7d4 Mon Sep 17 00:00:00 2001 From: Thorsten Essig Date: Fri, 25 Mar 2022 10:14:35 +0100 Subject: [PATCH] feat(core/oauth): support issuer URL overriding (#227) see 860764857ae4611ea901c6d6fb0a7fcd0d9bd44a --- core/oauth/application/authmanager.go | 12 +++++++++--- core/oauth/module.go | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/core/oauth/application/authmanager.go b/core/oauth/application/authmanager.go index 3d342d2f..2fe6dc8c 100644 --- a/core/oauth/application/authmanager.go +++ b/core/oauth/application/authmanager.go @@ -93,6 +93,7 @@ func (am *AuthManager) Inject(logger flamingo.Logger, router *web.Router, config TokenExtras config.Slice `inject:"config:core.oauth.tokenExtras"` DebugMode bool `inject:"config:flamingo.debug.mode"` Enabled bool `inject:"config:core.oauth.enabled"` + OverrideIssuerURL string `inject:"config:core.oauth.overrideIssuerURL"` }) { am.logger = logger.WithField(flamingo.LogKeyModule, "oauth") am.router = router @@ -110,13 +111,18 @@ func (am *AuthManager) Inject(logger flamingo.Logger, router *web.Router, config return } + ctx := context.Background() + if config.OverrideIssuerURL != "" { + ctx = oidc.InsecureIssuerURLContext(ctx, config.OverrideIssuerURL) + } + var err error - am.openIDProvider, err = oidc.NewProvider(context.Background(), config.Server) + am.openIDProvider, err = oidc.NewProvider(ctx, config.Server) if err != nil { if config.DebugMode { am.logger.Error(err) } else { - //panic on err since we really expect a valid authmanager state and application is in a failed state otherwise + // panic on err since we really expect a valid authmanager state and application is in a failed state otherwise panic(err) } } @@ -161,7 +167,7 @@ func (am *AuthManager) OpenIDProvider() *oidc.Provider { return am.openIDProvider } -//OAuthCtx - returns ctx that should be used to pass to oauth2 lib - it enables logging for Debug reasons +// OAuthCtx - returns ctx that should be used to pass to oauth2 lib - it enables logging for Debug reasons func (am *AuthManager) OAuthCtx(ctx context.Context) context.Context { if os.Getenv("OAUTHDEBUG") == "1" { oauthHTTPClient := &http.Client{ diff --git a/core/oauth/module.go b/core/oauth/module.go index 6f302121..6e202b5c 100644 --- a/core/oauth/module.go +++ b/core/oauth/module.go @@ -85,6 +85,7 @@ core oauth: { useFake: bool | *false fakeUserData: [string]: _ fakeLoginTemplate: string | *"" + overrideIssuerURL: string | *"" scopes: [...string] | *["profile", "email"] claims: { idToken: [...string]