Skip to content

Commit a658a44

Browse files
deo002deo002
committed
feat(oidc_auth): Add backend support for OIDC Auth
Signed-off-by: deo002 <[email protected]>
1 parent d3058ba commit a658a44

18 files changed

+1228
-159
lines changed

.env.example

+16-1
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,19 @@
55
TOKEN_HOUR_LIFESPAN=24
66
# Secret key to sign tokens (openssl rand -hex 32)
77
API_SECRET=some-random-string
8-
READ_API_AUTHENTICATION_ENABLED=false
8+
READ_API_AUTHENTICATION_ENABLED=false
9+
10+
PORT=8080
11+
12+
# OIDC Provider
13+
# The URL for retrieving keys for Token Parsing
14+
JWKS_URI=https://provider/keys
15+
16+
# The field in ID Token that is to be used as username
17+
OIDC_USERNAME_KEY=display_name
18+
19+
# The field in ID Token that is to be used as email
20+
OIDC_EMAIL_KEY=mail
21+
22+
# The issuer url
23+
OIDC_ISSUER=https://provider

cmd/laas/docs/docs.go

+214-19
Original file line numberDiff line numberDiff line change
@@ -790,6 +790,12 @@ const docTemplate = `{
790790
}
791791
}
792792
}
793+
},
794+
"409": {
795+
"description": "User registered only with OIDC authentication",
796+
"schema": {
797+
"$ref": "#/definitions/models.LicenseError"
798+
}
793799
}
794800
}
795801
}
@@ -1859,6 +1865,12 @@ const docTemplate = `{
18591865
"summary": "Get users",
18601866
"operationId": "GetAllUsers",
18611867
"parameters": [
1868+
{
1869+
"type": "boolean",
1870+
"description": "Active user only",
1871+
"name": "active",
1872+
"in": "query"
1873+
},
18621874
{
18631875
"type": "integer",
18641876
"description": "Page number",
@@ -1912,7 +1924,54 @@ const docTemplate = `{
19121924
"in": "body",
19131925
"required": true,
19141926
"schema": {
1915-
"$ref": "#/definitions/models.UserInput"
1927+
"$ref": "#/definitions/models.UserCreate"
1928+
}
1929+
}
1930+
],
1931+
"responses": {
1932+
"201": {
1933+
"description": "Created",
1934+
"schema": {
1935+
"$ref": "#/definitions/models.UserResponse"
1936+
}
1937+
},
1938+
"400": {
1939+
"description": "Invalid json body",
1940+
"schema": {
1941+
"$ref": "#/definitions/models.LicenseError"
1942+
}
1943+
},
1944+
"409": {
1945+
"description": "User already exists",
1946+
"schema": {
1947+
"$ref": "#/definitions/models.LicenseError"
1948+
}
1949+
}
1950+
}
1951+
}
1952+
},
1953+
"/users/oidc": {
1954+
"post": {
1955+
"description": "Create a new service user via oidc",
1956+
"consumes": [
1957+
"application/json"
1958+
],
1959+
"produces": [
1960+
"application/json"
1961+
],
1962+
"tags": [
1963+
"Users"
1964+
],
1965+
"summary": "Create new user via oidc",
1966+
"operationId": "CreateOidcUser",
1967+
"parameters": [
1968+
{
1969+
"description": "User to create",
1970+
"name": "user",
1971+
"in": "body",
1972+
"required": true,
1973+
"schema": {
1974+
"$ref": "#/definitions/models.OidcUserCreate"
19161975
}
19171976
}
19181977
],
@@ -1938,14 +1997,14 @@ const docTemplate = `{
19381997
}
19391998
}
19401999
},
1941-
"/users/{id}": {
2000+
"/users/{username}": {
19422001
"get": {
19432002
"security": [
19442003
{
19452004
"ApiKeyAuth": []
19462005
}
19472006
],
1948-
"description": "Get a single user by ID",
2007+
"description": "Get a single user by username",
19492008
"consumes": [
19502009
"application/json"
19512010
],
@@ -1959,9 +2018,9 @@ const docTemplate = `{
19592018
"operationId": "GetUser",
19602019
"parameters": [
19612020
{
1962-
"type": "integer",
1963-
"description": "User ID",
1964-
"name": "id",
2021+
"type": "string",
2022+
"description": "Username",
2023+
"name": "username",
19652024
"in": "path",
19662025
"required": true
19672026
}
@@ -1986,6 +2045,102 @@ const docTemplate = `{
19862045
}
19872046
}
19882047
}
2048+
},
2049+
"delete": {
2050+
"security": [
2051+
{
2052+
"ApiKeyAuth": []
2053+
}
2054+
],
2055+
"description": "Deactivate an user",
2056+
"consumes": [
2057+
"application/json"
2058+
],
2059+
"produces": [
2060+
"application/json"
2061+
],
2062+
"tags": [
2063+
"Users"
2064+
],
2065+
"summary": "Deactivate user",
2066+
"operationId": "DeleteUser",
2067+
"parameters": [
2068+
{
2069+
"type": "string",
2070+
"description": "Username of the user to be marked as inactive",
2071+
"name": "username",
2072+
"in": "path",
2073+
"required": true
2074+
}
2075+
],
2076+
"responses": {
2077+
"204": {
2078+
"description": "No Content"
2079+
},
2080+
"404": {
2081+
"description": "No user with given username found",
2082+
"schema": {
2083+
"$ref": "#/definitions/models.LicenseError"
2084+
}
2085+
}
2086+
}
2087+
},
2088+
"patch": {
2089+
"security": [
2090+
{
2091+
"ApiKeyAuth": []
2092+
}
2093+
],
2094+
"description": "Update a service user",
2095+
"consumes": [
2096+
"application/json"
2097+
],
2098+
"produces": [
2099+
"application/json"
2100+
],
2101+
"tags": [
2102+
"Users"
2103+
],
2104+
"summary": "Update user",
2105+
"operationId": "UpdateUser",
2106+
"parameters": [
2107+
{
2108+
"type": "string",
2109+
"description": "username of the user to be updated",
2110+
"name": "username",
2111+
"in": "path",
2112+
"required": true
2113+
},
2114+
{
2115+
"description": "User to update",
2116+
"name": "user",
2117+
"in": "body",
2118+
"required": true,
2119+
"schema": {
2120+
"$ref": "#/definitions/models.UserUpdate"
2121+
}
2122+
}
2123+
],
2124+
"responses": {
2125+
"200": {
2126+
"description": "OK",
2127+
"schema": {
2128+
"$ref": "#/definitions/models.UserResponse"
2129+
}
2130+
},
2131+
"400": {
2132+
"description": "Invalid json body",
2133+
"schema": {
2134+
"$ref": "#/definitions/models.LicenseError"
2135+
}
2136+
},
2137+
"403": {
2138+
"description": "This resource requires elevated access rights",
2139+
"schema": {
2140+
"$ref": "#/definitions/models.LicenseError"
2141+
}
2142+
}
2143+
}
19892144
}
19902145
}
19912146
},
@@ -2756,6 +2911,14 @@ const docTemplate = `{
27562911
}
27572912
}
27582913
},
2914+
"models.OidcUserCreate": {
2915+
"type": "object",
2916+
"properties": {
2917+
"token": {
2918+
"type": "string"
2919+
}
2920+
}
2921+
},
27592922
"models.PaginationMeta": {
27602923
"type": "object",
27612924
"properties": {
@@ -2829,40 +2992,49 @@ const docTemplate = `{
28292992
},
28302993
"models.User": {
28312994
"type": "object",
2832-
"required": [
2833-
"userlevel",
2834-
"username"
2835-
],
28362995
"properties": {
28372996
"id": {
28382997
"type": "integer",
28392998
"example": 123
28402999
},
2841-
"userlevel": {
3000+
"user_email": {
28423001
"type": "string",
2843-
"example": "admin"
3002+
"example": "[email protected]"
3003+
},
3004+
"user_level": {
3005+
"type": "string",
3006+
"example": "USER"
28443007
},
28453008
"username": {
28463009
"type": "string",
28473010
"example": "fossy"
28483011
}
28493012
}
28503013
},
2851-
"models.UserInput": {
3014+
"models.UserCreate": {
28523015
"type": "object",
28533016
"required": [
2854-
"password",
2855-
"userlevel",
3017+
"user_email",
3018+
"user_level",
3019+
"user_password",
28563020
"username"
28573021
],
28583022
"properties": {
2859-
"password": {
3023+
"user_email": {
28603024
"type": "string",
2861-
"example": "fossy"
3025+
"example": "fossy@org.com"
28623026
},
2863-
"userlevel": {
3027+
"user_level": {
28643028
"type": "string",
2865-
"example": "admin"
3029+
"enum": [
3030+
"USER",
3031+
"ADMIN"
3032+
],
3033+
"example": "ADMIN"
3034+
},
3035+
"user_password": {
3036+
"type": "string",
3037+
"example": "fossy"
28663038
},
28673039
"username": {
28683040
"type": "string",
@@ -2904,6 +3076,29 @@ const docTemplate = `{
29043076
"example": 200
29053077
}
29063078
}
3079+
},
3080+
"models.UserUpdate": {
3081+
"type": "object",
3082+
"properties": {
3083+
"active": {
3084+
"type": "boolean"
3085+
},
3086+
"user_level": {
3087+
"type": "string",
3088+
"enum": [
3089+
"USER",
3090+
"ADMIN"
3091+
],
3092+
"example": "ADMIN"
3093+
},
3094+
"user_password": {
3095+
"type": "string"
3096+
},
3097+
"username": {
3098+
"type": "string",
3099+
"example": "fossy"
3100+
}
3101+
}
29073102
}
29083103
},
29093104
"securityDefinitions": {

0 commit comments

Comments
 (0)