wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

we get closer

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2023-11-06 19:59:31 +01:00
parent 5828a9a5a2
commit ab2d527dbd
Signed by: wn
GPG Key ID: 836E9E1192A6B132
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/provider/oidc.go
View File

@ -90,6 +90,7 @@ func (o *OIDC) ExchangeCode(redirectURI, code string) (string, error) {
// GetUser uses the given token and returns a complete provider.User object // GetUser uses the given token and returns a complete provider.User object
func (o *OIDC) GetUser(token string) (User, error) { func (o *OIDC) GetUser(token string) (User, error) {
var user User var user User
var roles Roles
// Parse & Verify ID Token // Parse & Verify ID Token
idToken, err := o.verifier.Verify(o.ctx, token) idToken, err := o.verifier.Verify(o.ctx, token)
@ -104,8 +105,14 @@ func (o *OIDC) GetUser(token string) (User, error) {
if err := idToken.Claims(&user); err != nil { if err := idToken.Claims(&user); err != nil {
return user, err return user, err
} }
o.log.WithField("user", user).Debug("getUser") o.log.WithField("user", user).Debug("getUser")
return user, nil if err := idToken.Claims(&roles); err != nil {
return user, err
}
o.log.WithField("roles", roles).Debug("getUser")
return user, errors.New("access denied")
// return user, nil
} }

4
internal/provider/providers.go
View File

@ -33,6 +33,10 @@ type User struct {
Email string `json:"email"` Email string `json:"email"`
} }
type Roles struct {
Roles []string `json:"roles"`
}
// OAuthProvider is a provider using the oauth2 library // OAuthProvider is a provider using the oauth2 library
type OAuthProvider struct { type OAuthProvider struct {
Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"` Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"`