2021-05-04 22:06:05 +00:00
|
|
|
package oidc
|
|
|
|
|
|
|
|
import (
|
2022-03-04 03:09:27 +00:00
|
|
|
"fmt"
|
2021-07-10 04:56:33 +00:00
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
"github.com/ory/fosite"
|
2022-10-20 02:16:36 +00:00
|
|
|
"github.com/ory/fosite/handler/openid"
|
2021-07-10 04:56:33 +00:00
|
|
|
"github.com/ory/herodot"
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
2022-04-07 05:33:53 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/storage"
|
2021-05-04 22:06:05 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// NewOpenIDConnectProvider new-ups a OpenIDConnectProvider.
|
2022-10-20 02:16:36 +00:00
|
|
|
func NewOpenIDConnectProvider(config *schema.OpenIDConnectConfiguration, store storage.Provider) (provider *OpenIDConnectProvider, err error) {
|
2022-04-07 05:33:53 +00:00
|
|
|
if config == nil {
|
2022-10-20 02:16:36 +00:00
|
|
|
return nil, nil
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
provider = &OpenIDConnectProvider{
|
|
|
|
JSONWriter: herodot.NewJSONWriter(nil),
|
2022-11-13 03:26:10 +00:00
|
|
|
Store: NewStore(config, store),
|
|
|
|
Config: NewConfig(config),
|
2022-10-02 02:07:40 +00:00
|
|
|
}
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
provider.OAuth2Provider = fosite.NewOAuth2Provider(provider.Store, provider.Config)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
if provider.KeyManager, err = NewKeyManagerWithConfiguration(config); err != nil {
|
|
|
|
return nil, err
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
provider.Config.Strategy.OpenID = &openid.DefaultStrategy{
|
|
|
|
Signer: provider.KeyManager.Strategy(),
|
|
|
|
Config: provider.Config,
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
provider.Config.LoadHandlers(provider.Store, provider.KeyManager.Strategy())
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
provider.discovery = NewOpenIDConnectWellKnownConfiguration(config.EnablePKCEPlainChallenge, provider.Store.clients)
|
2021-07-10 04:56:33 +00:00
|
|
|
|
2021-05-04 22:06:05 +00:00
|
|
|
return provider, nil
|
|
|
|
}
|
2021-07-10 04:56:33 +00:00
|
|
|
|
2022-03-04 03:09:27 +00:00
|
|
|
// GetOAuth2WellKnownConfiguration returns the discovery document for the OAuth Configuration.
|
2022-10-20 02:16:36 +00:00
|
|
|
func (p *OpenIDConnectProvider) GetOAuth2WellKnownConfiguration(issuer string) OAuth2WellKnownConfiguration {
|
2022-03-04 03:09:27 +00:00
|
|
|
options := OAuth2WellKnownConfiguration{
|
|
|
|
CommonDiscoveryOptions: p.discovery.CommonDiscoveryOptions,
|
|
|
|
OAuth2DiscoveryOptions: p.discovery.OAuth2DiscoveryOptions,
|
|
|
|
}
|
|
|
|
|
|
|
|
options.Issuer = issuer
|
2022-10-20 02:16:36 +00:00
|
|
|
options.JWKSURI = fmt.Sprintf("%s%s", issuer, EndpointPathJWKs)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
options.IntrospectionEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathIntrospection)
|
|
|
|
options.TokenEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathToken)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
options.AuthorizationEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathAuthorization)
|
|
|
|
options.RevocationEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathRevocation)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
|
|
|
return options
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetOpenIDConnectWellKnownConfiguration returns the discovery document for the OpenID Configuration.
|
2022-10-20 02:16:36 +00:00
|
|
|
func (p *OpenIDConnectProvider) GetOpenIDConnectWellKnownConfiguration(issuer string) OpenIDConnectWellKnownConfiguration {
|
2022-03-04 03:09:27 +00:00
|
|
|
options := OpenIDConnectWellKnownConfiguration{
|
|
|
|
CommonDiscoveryOptions: p.discovery.CommonDiscoveryOptions,
|
|
|
|
OAuth2DiscoveryOptions: p.discovery.OAuth2DiscoveryOptions,
|
|
|
|
OpenIDConnectDiscoveryOptions: p.discovery.OpenIDConnectDiscoveryOptions,
|
|
|
|
OpenIDConnectFrontChannelLogoutDiscoveryOptions: p.discovery.OpenIDConnectFrontChannelLogoutDiscoveryOptions,
|
|
|
|
OpenIDConnectBackChannelLogoutDiscoveryOptions: p.discovery.OpenIDConnectBackChannelLogoutDiscoveryOptions,
|
|
|
|
}
|
|
|
|
|
|
|
|
options.Issuer = issuer
|
2022-10-20 02:16:36 +00:00
|
|
|
options.JWKSURI = fmt.Sprintf("%s%s", issuer, EndpointPathJWKs)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
options.IntrospectionEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathIntrospection)
|
|
|
|
options.TokenEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathToken)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
options.AuthorizationEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathAuthorization)
|
|
|
|
options.RevocationEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathRevocation)
|
|
|
|
options.UserinfoEndpoint = fmt.Sprintf("%s%s", issuer, EndpointPathUserinfo)
|
2022-03-04 03:09:27 +00:00
|
|
|
|
|
|
|
return options
|
|
|
|
}
|