Skip to content

Commit

Permalink
Added oidc authentication
Browse files Browse the repository at this point in the history 
Signed-off-by: Octavian Ionescu <[email protected]>
  • Loading branch information
@itavy
itavy committed Apr 10, 2024
1 parent 922f847 commit 93f7403
Show file tree
Hide file tree
Showing 4 changed files with 242 additions and 1 deletion.
125 changes: 125 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"dependencies": {
"debug": "^4.3.4",
"mustache": "^4.2.0",
"open": "^10.1.0",
"postman-request": "^2.88.1-postman.33",
"tv4": "^1.3.0"
},
Expand Down
69 changes: 68 additions & 1 deletion src/commands.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1258,6 +1258,73 @@ module.exports = {
res: approleResponse,
},
},
oidcAuthUrl: {
method: 'POST',
path: '/auth/oidc/oidc/auth_url',
schema: {
req: {
type: 'object',
properties: {
redirect_uri: {
type: 'string'
},
client_nonce: {
type: 'string'
},
role: {
type: 'string'
}
},
required: ['redirect_uri']
},
res: {
type: 'object',
properties: {
request_id: {
type: 'string'
},
data: {
type: 'object',
properties: {
auth_url: {
type: 'string'
}
},
required: ['auth_url']
}
},
required: ['request_id', 'data']
}
}
},
oidcCallback: {
method: 'GET',
path: '/auth/oidc/oidc/callback',
tokenSource: true,
schema: {
query: {
type: 'object',
properties: {
state: {
type: 'string',
},
code: {
type: 'string',
},
client_nonce: {
type: 'string'
}
},
required: ['state', 'code']
},
res: {
type: 'object',
properties: {
auth,
}
}
}
},
health: {
method: 'GET',
path: '/sys/health',
Expand Down Expand Up @@ -1334,4 +1401,4 @@ module.exports = {
method: 'PUT',
path: '/sys/step-down',
},
}
}
48 changes: 48 additions & 0 deletions src/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ const originalCommands = require('./commands.js');
const originalMustache = require('mustache');
const util = require('util');
const request = require('postman-request');
const { randomBytes } = require('crypto');
const http = require('http');

class VaultError extends Error {}

Expand Down Expand Up @@ -244,5 +246,51 @@ module.exports = (config = {}) => {
const assignFunctions = (commandName) => generateFunction(commandName, commands[commandName]);
Object.keys(commands).forEach(assignFunctions);

client['oidcFlow'] = () => import('open')
.then(({default: open}) => {
const oidcCallbackPath = '/oidc/callback';
const serverConfig = {
host: 'localhost',
port: 8250,
protocol: 'http'
}
return new Promise((done, reject) => {
const client_nonce = randomBytes(20).toString('hex').slice(20);

const server = http.createServer((req, res) => {
const responseUrl = new URL(req.url, `${serverConfig.protocol}://${serverConfig.host}`)
if (responseUrl.pathname === oidcCallbackPath) {
res.write('Signed in via your OIDC provider\nYou can now close this window and start using Vault.');
res.end();
const code = responseUrl.searchParams.get('code')
const state = responseUrl.searchParams.get('state')
client.oidcCallback({
state,
code,
client_nonce,
})
.then(() => {
server.close(done);
})
.catch(reject)
}
if (!res.writableEnded) {
res.end();
}
});

server.listen(serverConfig.port, serverConfig.host, () => {});

client.oidcAuthUrl({
redirect_uri: `${serverConfig.protocol}://${serverConfig.host}:${serverConfig.port}${oidcCallbackPath}`,
client_nonce,
})
.then((r) => {
open(r.data.auth_url)
})
.catch(reject)
})
})

return client;
};

0 comments on commit 93f7403

Please sign in to comment.