Fix oauth flow and remove go-oidc library (#1063)

- Update transport to use the same from Console in IDP Auth - Validate provided idp URL Co-authored-by: Harshavardhana <harsha@minio.io> Signed-off-by: Ricardo Katz <rkatz@vmware.com> Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com> Co-authored-by: Ricardo Katz <rkatz@vmware.com> Co-authored-by: Harshavardhana <harsha@minio.io>
2021-09-20 16:13:16 -07:00
parent 64e38ca8d3
commit 2b6d5e5128
28 changed files with 85 additions and 113 deletions
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
@@ -1970,7 +1970,6 @@ func init() {
          "type": "object",
          "required": [
            "configuration_url",
-            "url",
            "client_id",
            "secret_id",
            "claim_name"
@@ -1993,9 +1992,6 @@ func init() {
            },
            "secret_id": {
              "type": "string"
-            },
-            "url": {
-              "type": "string"
            }
          }
        }
@@ -4763,7 +4759,6 @@ func init() {
      "type": "object",
      "required": [
        "configuration_url",
-        "url",
        "client_id",
        "secret_id",
        "claim_name"
@@ -4786,9 +4781,6 @@ func init() {
        },
        "secret_id": {
          "type": "string"
-        },
-        "url": {
-          "type": "string"
        }
      }
    },
@@ -5713,7 +5705,6 @@ func init() {
          "type": "object",
          "required": [
            "configuration_url",
-            "url",
            "client_id",
            "secret_id",
            "claim_name"
@@ -5736,9 +5727,6 @@ func init() {
            },
            "secret_id": {
              "type": "string"
-            },
-            "url": {
-              "type": "string"
            }
          }
        }
--- a/operatorapi/operator_login.go
+++ b/operatorapi/operator_login.go
@@ -180,15 +180,13 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E

 // getLoginDetailsResponse returns information regarding the Console authentication mechanism.
 func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
-	defer cancel()
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""

 	if oauth2.IsIDPEnabled() {
 		loginStrategy = models.LoginDetailsLoginStrategyRedirect
 		// initialize new oauth2 client
-		oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, restapi.GetConsoleHTTPClient())
+		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, restapi.GetConsoleHTTPClient())
 		if err != nil {
 			return nil, prepareError(err)
 		}
--- a/operatorapi/operator_tenants.go
+++ b/operatorapi/operator_tenants.go
@@ -1058,13 +1058,13 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		} else if tenantReq.Idp.Oidc != nil {
 			tenantExternalIDPConfigured = true
 			// Enable IDP (OIDC) for MinIO
-			url := *tenantReq.Idp.Oidc.ConfigurationURL
+			configurationURL := *tenantReq.Idp.Oidc.ConfigurationURL
 			clientID := *tenantReq.Idp.Oidc.ClientID
 			secretID := *tenantReq.Idp.Oidc.SecretID
 			claimName := *tenantReq.Idp.Oidc.ClaimName
 			scopes := tenantReq.Idp.Oidc.Scopes
 			callbackURL := tenantReq.Idp.Oidc.CallbackURL
-			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = url
+			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = configurationURL
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_ID"] = clientID
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_SECRET"] = secretID
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLAIM_NAME"] = claimName