mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
78fa499c12e963362034f9998ca78997a8b63d92
object-browser/pkg/auth/idp/oauth2/config.go
Harshavardhana 373bfbfe3f feat: Support dynamic redirect_uris based on incoming requests (#1227) 
To enable this feature you need `CONSOLE_IDP_CALLBACK_DYNAMIC=on`

```
export CONSOLE_IDP_URL=https://gitlab.com/.well-known/openid-configuration
export CONSOLE_IDP_CLIENT_ID="b0088c3836bb029393942f71ed7c8ac0add7f0856e6c86e67b0ff98f85c48658"
export CONSOLE_IDP_SECRET="ed72087b37624e89816ac27c1355420902045274edd7baad2ae29b1b0e8436fe"
export CONSOLE_IDP_SCOPES="openid,profile,email"
export CONSOLE_IDP_USERINFO="on"
export CONSOLE_IDP_CALLBACK_DYNAMIC=on
console srv
```

if this becomes a common practice, we should enable this as default in future.
2021-11-15 12:45:09 -08:00

86 lines
2.6 KiB
Go
Raw Blame History

// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// Package oauth2 contains all the necessary configurations to initialize the
// idp communication using oauth2 protocol
package oauth2
import (
"strings"
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/pkg/env"
)
func GetSTSEndpoint() string {
return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
}
func GetIDPURL() string {
return env.Get(ConsoleIDPURL, "")
}
func GetIDPClientID() string {
return env.Get(ConsoleIDPClientID, "")
}
func GetIDPUserInfo() bool {
return env.Get(ConsoleIDPUserInfo, "") == "on"
}
func GetIDPSecret() string {
return env.Get(ConsoleIDPSecret, "")
}
// Public endpoint used by the identity oidcProvider when redirecting
// the user after identity verification
func GetIDPCallbackURL() string {
return env.Get(ConsoleIDPCallbackURL, "")
}
func GetIDPCallbackURLDynamic() bool {
return env.Get(ConsoleIDPCallbackURLDynamic, "") == "on"
}
func IsIDPEnabled() bool {
return GetIDPURL() != "" &&
GetIDPClientID() != ""
}
var defaultPassphraseForIDPHmac = utils.RandomCharString(64)
// GetPassphraseForIDPHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
func getPassphraseForIDPHmac() string {
return env.Get(ConsoleIDPHmacPassphrase, defaultPassphraseForIDPHmac)
}
var defaultSaltForIDPHmac = utils.RandomCharString(64)
// GetSaltForIDPHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
func getSaltForIDPHmac() string {
return env.Get(ConsoleIDPHmacSalt, defaultSaltForIDPHmac)
}
// getIDPScopes return default scopes during the IDP login request
func getIDPScopes() string {
return env.Get(ConsoleIDPScopes, "openid,profile,email")
}
// getIDPTokenExpiration return default token expiration for access token (in seconds)
func getIDPTokenExpiration() string {
return env.Get(ConsoleIDPTokenExpiration, "3600")
}
Reference in New Issue View Git Blame Copy Permalink