diff --git a/cmd/serve.go b/cmd/serve.go index 5318c87..b68b814 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -22,7 +22,7 @@ var serveCmd = &cobra.Command{ s := opaal.NewServerWithConfig(&config) // FIXME: change how the server address is set with `NewServerWithConfig` s.Server.Addr = fmt.Sprintf("%s:%d", s.Issuer.Host, s.Issuer.Port) - err := s.StartIdentityProvider(endpoints) + err := s.StartIdentityProvider() if errors.Is(err, http.ErrServerClosed) { fmt.Printf("Identity provider server closed.\n") } else if err != nil { diff --git a/internal/config.go b/internal/config.go index 8e2139f..cb7bef1 100644 --- a/internal/config.go +++ b/internal/config.go @@ -2,6 +2,7 @@ package opaal import ( "davidallendj/opaal/internal/oauth" + "davidallendj/opaal/internal/oidc" "log" "os" "path/filepath" @@ -72,11 +73,18 @@ type Config struct { } func NewConfig() Config { - return Config{ + config := Config{ Version: goutil.GetCommit(), Server: server.Server{ Host: "127.0.0.1", Port: 3333, + Issuer: server.IdentityProviderServer{ + Endpoints: oidc.Endpoints{ + Authorization: "http://127.0.0.1/oauth/authorize", + Token: "http://127.0.0.1/oauth/token", + JwksUri: "http://127.0.0.1/.well-known/jwks.json", + }, + }, }, Options: Options{ RunOnce: true, @@ -99,6 +107,7 @@ func NewConfig() Config { }, }, } + return config } func LoadConfig(path string) Config { diff --git a/internal/new.go b/internal/new.go index ce20aee..7e3e35c 100644 --- a/internal/new.go +++ b/internal/new.go @@ -91,8 +91,9 @@ func NewServerWithConfig(conf *Config) *server.Server { Host: host, Port: port, Issuer: server.IdentityProviderServer{ - Host: conf.Server.Issuer.Host, - Port: conf.Server.Issuer.Port, + Host: conf.Server.Issuer.Host, + Port: conf.Server.Issuer.Port, + Endpoints: conf.Server.Issuer.Endpoints, }, } return server diff --git a/internal/oidc/oidc.go b/internal/oidc/oidc.go index f3382fc..206f68f 100644 --- a/internal/oidc/oidc.go +++ b/internal/oidc/oidc.go @@ -171,18 +171,19 @@ func (p *IdentityProvider) UpdateEndpoints(other *IdentityProvider) { func UpdateEndpoints(eps *Endpoints, other *Endpoints) { // only update endpoints that are not empty - var UpdateIf = func(ep *string, s string) { + var UpdateIfEmpty = func(ep *string, s string) { if ep != nil { - if *ep != "" { + if *ep == "" { *ep = s + fmt.Printf("updated %s\n", s) } } } - UpdateIf(&eps.Config, other.Config) - UpdateIf(&eps.Authorization, other.Authorization) - UpdateIf(&eps.Token, other.Token) - UpdateIf(&eps.Revocation, other.Revocation) - UpdateIf(&eps.Introspection, other.Introspection) - UpdateIf(&eps.UserInfo, other.UserInfo) - UpdateIf(&eps.JwksUri, other.JwksUri) + UpdateIfEmpty(&eps.Config, other.Config) + UpdateIfEmpty(&eps.Authorization, other.Authorization) + UpdateIfEmpty(&eps.Token, other.Token) + UpdateIfEmpty(&eps.Revocation, other.Revocation) + UpdateIfEmpty(&eps.Introspection, other.Introspection) + UpdateIfEmpty(&eps.UserInfo, other.UserInfo) + UpdateIfEmpty(&eps.JwksUri, other.JwksUri) } diff --git a/internal/server/idp.go b/internal/server/idp.go index 4822e91..f763778 100644 --- a/internal/server/idp.go +++ b/internal/server/idp.go @@ -22,7 +22,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwt" ) -func (s *Server) StartIdentityProvider(eps oidc.Endpoints) error { +func (s *Server) StartIdentityProvider() error { // NOTE: this example does NOT implement CSRF tokens nor use them // create an example identity provider @@ -44,7 +44,7 @@ func (s *Server) StartIdentityProvider(eps oidc.Endpoints) error { Token: "http://" + s.Addr + "/oauth/token", JwksUri: "http://" + s.Addr + "/.well-known/jwks.json", } - oidc.UpdateEndpoints(&eps, &defaultEps) + oidc.UpdateEndpoints(&s.Issuer.Endpoints, &defaultEps) // generate key pair used to sign JWKS and create JWTs privateKey, err := rsa.GenerateKey(rand.Reader, 2048) @@ -84,9 +84,9 @@ func (s *Server) StartIdentityProvider(eps oidc.Endpoints) error { // create config JSON to serve with GET request config := map[string]any{ "issuer": "http://" + s.Addr, - "authorization_endpoint": eps.Authorization, - "token_endpoint": eps.Token, - "jwks_uri": eps.JwksUri, + "authorization_endpoint": s.Issuer.Endpoints.Authorization, + "token_endpoint": s.Issuer.Endpoints.Token, + "jwks_uri": s.Issuer.Endpoints.JwksUri, "scopes_supported": []string{ "openid", "profile",