sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 00:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

get OIDC configuration from proxy flags/env

Browse Source
This commit is contained in:
Alisdair MacLeod
2026-02-03 12:10:23 +00:00
parent 76a39c1dcb
commit 5243481316
7 changed files with 153 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
proxy/internal/auth/oidc.go
View File

@@ -36,16 +36,16 @@ type oidcState struct {
// OIDC implements the Scheme interface for JWT/OIDC authentication
type OIDC struct {
id, accountId string
verifier *oidc.IDTokenVerifier
oauthConfig *oauth2.Config
states map[string]*oidcState
statesMux sync.RWMutex
distributionGroups []string
id, accountId, proxyURL string
verifier *oidc.IDTokenVerifier
oauthConfig *oauth2.Config
states map[string]*oidcState
statesMux sync.RWMutex
distributionGroups []string
}
// NewOIDC creates a new OIDC authentication scheme
func NewOIDC(ctx context.Context, id, accountId string, cfg OIDCConfig) (*OIDC, error) {
func NewOIDC(ctx context.Context, id, accountId, proxyURL string, cfg OIDCConfig) (*OIDC, error) {
if cfg.OIDCProviderURL == "" || cfg.OIDCClientID == "" {
return nil, fmt.Errorf("OIDC provider URL and client ID are required")
}
@@ -63,6 +63,7 @@ func NewOIDC(ctx context.Context, id, accountId string, cfg OIDCConfig) (*OIDC,
o := &OIDC{
id: id,
accountId: accountId,
proxyURL: proxyURL,
verifier: provider.Verifier(&oidc.Config{
ClientID: cfg.OIDCClientID,
}),
@@ -111,20 +112,11 @@ func (o *OIDC) Authenticate(r *http.Request) (string, string) {
o.states[state] = &oidcState{OriginalURL: fmt.Sprintf("https://%s%s", r.Host, r.URL), CreatedAt: time.Now()}
o.statesMux.Unlock()
// Construct the redirect URL as the currently requested URL with the defined callback path added.
// The expectation is that the requested URL should reach back to the proxy and so the OAuth redirect
// will end up back here to be handled by the middleware.
redirectURL := &url.URL{
Scheme: r.URL.Scheme,
Host: r.Host,
Path: callbackPath,
}
return "", (&oauth2.Config{
ClientID: o.oauthConfig.ClientID,
ClientSecret: o.oauthConfig.ClientSecret,
Endpoint: o.oauthConfig.Endpoint,
RedirectURL: redirectURL.String(),
RedirectURL: o.proxyURL + callbackPath,
Scopes: o.oauthConfig.Scopes,
}).AuthCodeURL(state)
}