Skip to content

Commit

Permalink
feat(service): no IdP
Browse files Browse the repository at this point in the history
  • Loading branch information
@arkavo-com
arkavo-com committed Apr 28, 2024
1 parent bc0e1b2 commit 5f6e425
Showing 1 changed file with 1 addition and 44 deletions.
45 changes: 1 addition & 44 deletions service/kas/kas.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,55 +3,13 @@ package kas
import (
"context"
"fmt"
"log/slog"
"net/url"
"os"

kaspb "github.com/arkavo-org/opentdf-platform/protocol/go/kas"
"github.com/arkavo-org/opentdf-platform/service/kas/access"
"github.com/arkavo-org/opentdf-platform/service/pkg/serviceregistry"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"golang.org/x/oauth2"
"net/url"
)

func loadIdentityProvider() *oidc.IDTokenVerifier {
oidcIssuerURL := "http://localhost:8888/auth/realms/master"
discoveryBaseURL := "http://localhost:8888/auth/realms/master"
ctx := context.Background()
if discoveryBaseURL != "" {
ctx = oidc.InsecureIssuerURLContext(ctx, oidcIssuerURL)
} else {
discoveryBaseURL = oidcIssuerURL
}
provider, err := oidc.NewProvider(ctx, discoveryBaseURL)
if err != nil {
slog.Error("OIDC_ISSUER_URL provider fail", "err", err, "OIDC_ISSUER_URL", oidcIssuerURL, "OIDC_DISCOVERY_BASE_URL", os.Getenv("OIDC_DISCOVERY_BASE_URL"))
panic(err)
}
// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
ClientID: "",
ClientSecret: "",
RedirectURL: "",
// Discovery returns the OAuth2 endpoints.
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID},
}
slog.Debug("oauth configuring", "oauth2Config", oauth2Config)
oidcConfig := oidc.Config{
ClientID: "",
SupportedSigningAlgs: nil,
SkipClientIDCheck: true,
SkipExpiryCheck: false,
SkipIssuerCheck: false,
Now: nil,
InsecureSkipSignatureCheck: false,
}
return provider.Verifier(&oidcConfig)
}

func NewRegistration() serviceregistry.Registration {
return serviceregistry.Registration{
Namespace: "kas",
Expand All @@ -68,7 +26,6 @@ func NewRegistration() serviceregistry.Registration {
URI: *kasURI,
AttributeSvc: nil,
CryptoProvider: srp.OTDF.CryptoProvider,
OIDCVerifier: loadIdentityProvider(),
}
return &p, func(ctx context.Context, mux *runtime.ServeMux, server any) error {
kas, ok := server.(*access.Provider)
Expand Down

0 comments on commit 5f6e425

Please sign in to comment.