mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47a48de7a1e9dedb5b022ef57bc6ee2ec676e687
object-browser/pkg/auth/idp/oauth2/config.go
Harshavardhana b6f818bdd3 fix: add support for userInfo endpoint (#1048) 
With support for GitLab OpenID service,
we need to make sure to support userInfo
endpoint for this MinIO server requires that
access_token is additionally sent along with
id_token as before to make sure we can fetch
additional claims from /userinfo endpoint.

This PR brings support on console for this
feature.

Refer https://github.com/minio/minio/pull/12469
2021-09-14 16:16:29 -07:00

82 lines
2.5 KiB
Go
Raw Blame History

// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// Package oauth2 contains all the necessary configurations to initialize the
// idp communication using oauth2 protocol
package oauth2
import (
"strings"
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/pkg/env"
)
func GetSTSEndpoint() string {
return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
}
func GetIDPURL() string {
return env.Get(ConsoleIDPURL, "")
}
func GetIDPClientID() string {
return env.Get(ConsoleIDPClientID, "")
}
func GetIDPUserInfo() bool {
return env.Get(ConsoleIDPUserInfo, "") == "on"
}
func GetIDPSecret() string {
return env.Get(ConsoleIDPSecret, "")
}
// Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
func GetIDPCallbackURL() string {
return env.Get(ConsoleIDPCallbackURL, "")
}
func IsIDPEnabled() bool {
return GetIDPURL() != "" &&
GetIDPClientID() != "" &&
GetIDPCallbackURL() != ""
}
var defaultPassphraseForIDPHmac = utils.RandomCharString(64)
// GetPassphraseForIDPHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
func getPassphraseForIDPHmac() string {
return env.Get(ConsoleIDPHmacPassphrase, defaultPassphraseForIDPHmac)
}
var defaultSaltForIDPHmac = utils.RandomCharString(64)
// GetSaltForIDPHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
func getSaltForIDPHmac() string {
return env.Get(ConsoleIDPHmacSalt, defaultSaltForIDPHmac)
}
// getIDPScopes return default scopes during the IDP login request
func getIDPScopes() string {
return env.Get(ConsoleIDPScopes, "openid,profile,email")
}
// getIDPTokenExpiration return default token expiration for access token (in seconds)
func getIDPTokenExpiration() string {
return env.Get(ConsoleIDPTokenExpiration, "3600")
}
Reference in New Issue View Git Blame Copy Permalink