oidc @main -
refs -
log -
-
https://git.jolheiser.com/oidc.git
Signature
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY
oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQNeZrdv5m/TWBtnX0EZlp06KjyzGwTwxLHXBpf9B4xyyABDPWfRlrGeMzMnqTgRBik
sj1JCBD1OUfZJ6lqLhQgs=
-----END SSH SIGNATURE-----
diff --git a/main.go b/main.go
index b88756f357cadcea45a58785e79cb5dc3b3c851a..2932e4f5d32cfd9a01cb1fb109dd5124556b0937 100644
--- a/main.go
+++ b/main.go
@@ -11,6 +11,7 @@ "io"
"log"
"net/http"
"os"
+ "strings"
"time"
"github.com/coreos/go-oidc/v3/oidc"
@@ -37,12 +38,22 @@ }
http.SetCookie(w, c)
}
+type args struct {
+ clientProvider string
+ clientID string
+ clientSecret string
+ port int
+ scopes string
+}
+
func main() {
+ var args args
fs := flag.NewFlagSet("oidc", flag.ExitOnError)
- clientProvider := fs.String("client-provider", "", "Client provider (e.g. https://accounts.google.com)")
- clientID := fs.String("client-id", "", "Client ID")
- clientSecret := fs.String("client-secret", "", "Client secret")
- port := fs.Int("port", 8000, "Port to run on")
+ fs.StringVar(&args.clientProvider, "client-provider", "", "Client provider (e.g. https://accounts.google.com)")
+ fs.StringVar(&args.clientID, "client-id", "", "Client ID")
+ fs.StringVar(&args.clientSecret, "client-secret", "", "Client secret")
+ fs.IntVar(&args.port, "port", 8000, "Port to run on")
+ fs.StringVar(&args.scopes, "scopes", "profile,email", "Comma-delimited scopes")
fs.String("config", ".env", "Env config")
if err := ff.Parse(fs, os.Args[1:],
ff.WithEnvVarPrefix("OIDC"),
@@ -53,22 +64,23 @@ ); err != nil {
log.Fatal(err)
}
ctx := context.Background()
+ scopes := strings.Split(args.scopes, ",")
- provider, err := oidc.NewProvider(ctx, *clientProvider)
+ provider, err := oidc.NewProvider(ctx, args.clientProvider)
if err != nil {
log.Fatal(err)
}
oidcConfig := &oidc.Config{
- ClientID: *clientID,
+ ClientID: args.clientID,
}
verifier := provider.Verifier(oidcConfig)
config := oauth2.Config{
- ClientID: *clientID,
- ClientSecret: *clientSecret,
+ ClientID: args.clientID,
+ ClientSecret: args.clientSecret,
Endpoint: provider.Endpoint(),
- RedirectURL: fmt.Sprintf("http://localhost:%d/callback", *port),
- Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
+ RedirectURL: fmt.Sprintf("http://localhost:%d/callback", args.port),
+ Scopes: append([]string{oidc.ScopeOpenID}, scopes...),
}
mux := http.NewServeMux()
@@ -154,7 +166,7 @@ http.Error(w, err.Error(), http.StatusInternalServerError)
}
})
- bind := fmt.Sprintf(":%d", *port)
+ bind := fmt.Sprintf(":%d", args.port)
log.Println("listening on http://localhost" + bind)
log.Fatal(http.ListenAndServe(bind, mux))
}