Skip to content

Commit

Permalink
feat: implement jwks_uri handler in oidc discovery (casdoor#334)
Browse files Browse the repository at this point in the history 
Signed-off-by: Товарищ <[email protected]>
  • Loading branch information
@ComradeProgrammer
ComradeProgrammer authored Nov 22, 2021
1 parent 44b59d8 commit bddd57c
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 1 deletion.
1 change: 1 addition & 0 deletions authz/authz.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ p, *, *, GET, /api/get-human-check, *, *
p, *, *, POST, /api/reset-email-or-phone, *, *
p, *, *, POST, /api/upload-resource, *, *
p, *, *, GET, /.well-known/openid-configuration, *, *
p, *, *, *, /api/certs, *, *
`

sa := stringadapter.NewAdapter(ruleText)
Expand Down
10 changes: 10 additions & 0 deletions controllers/oidc_discovery.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,13 @@ func (c *ApiController) GetOidcDiscovery() {
c.Data["json"] = object.GetOidcDiscovery()
c.ServeJSON()
}

func (c *ApiController) GetOidcCert() {
jwks, err := object.GetJSONWebKeySet()
if err != nil {
c.ResponseError(err.Error())
return
}
c.Data["json"] = jwks
c.ServeJSON()
}
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ require (
github.com/satori/go.uuid v1.2.0 // indirect
github.com/smartystreets/goconvey v1.6.4 // indirect
github.com/thanhpk/randstr v1.0.4
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0
xorm.io/core v0.7.2
xorm.io/xorm v1.0.3
)
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,8 @@ gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
Expand Down
21 changes: 21 additions & 0 deletions object/oidc_discovery.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,12 @@
package object

import (
"crypto/x509"
"encoding/pem"
"fmt"

jose "gopkg.in/square/go-jose.v2"

"github.com/astaxie/beego"
)

Expand Down Expand Up @@ -68,3 +72,20 @@ func init() {
func GetOidcDiscovery() OidcDiscovery {
return oidcDiscovery
}

func GetJSONWebKeySet() (jose.JSONWebKeySet, error) {
//follows the protocol rfc 7517(draft)
//link here: https://self-issued.info/docs/draft-ietf-jose-json-web-key.html
//or https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key
certPEMBlock := []byte(tokenJwtPublicKey)
certDERBlock, _ := pem.Decode(certPEMBlock)
x509Cert, _ := x509.ParseCertificate(certDERBlock.Bytes)

var jwk jose.JSONWebKey
jwk.Key = x509Cert.PublicKey
jwk.Certificates = []*x509.Certificate{x509Cert}

var jwks jose.JSONWebKeySet
jwks.Keys = []jose.JSONWebKey{jwk}
return jwks, nil
}
1 change: 1 addition & 0 deletions routers/router.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,4 +119,5 @@ func initAPI() {
beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")

beego.Router("/.well-known/openid-configuration", &controllers.ApiController{}, "GET:GetOidcDiscovery")
beego.Router("/api/certs",&controllers.ApiController{},"*:GetOidcCert")
}

0 comments on commit bddd57c

Please sign in to comment.