From cd31359a27305ccf6eac51ea4541fa292deb9232 Mon Sep 17 00:00:00 2001 From: Blizard Date: Mon, 7 Mar 2022 14:23:49 +0800 Subject: [PATCH] feat: support add additional params for OIDC (#2814) * feat: support add additional params and test access by auth0 * fix: config name Co-authored-by: blizard863 <760076784@qq.com> --- conf/frpc_full.ini | 6 ++++++ pkg/auth/oidc.go | 28 ++++++++++++++++++++-------- pkg/config/client.go | 2 ++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/conf/frpc_full.ini b/conf/frpc_full.ini index 01c0404..58aefde 100644 --- a/conf/frpc_full.ini +++ b/conf/frpc_full.ini @@ -51,6 +51,12 @@ oidc_audience = # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "". oidc_token_endpoint_url = +# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint. +# For example, if you want to specify the "audience" parameter, you can set as follow. +# frp will add "audience=" "var1=" to the additional parameters. +# oidc_additional_audience = https://dev.auth.com/api/v2/ +# oidc_additional_var1 = foobar + # set admin address for control frpc's action by http api such as reload admin_addr = 127.0.0.1 admin_port = 7400 diff --git a/pkg/auth/oidc.go b/pkg/auth/oidc.go index 981f758..8a9f340 100644 --- a/pkg/auth/oidc.go +++ b/pkg/auth/oidc.go @@ -40,14 +40,20 @@ type OidcClientConfig struct { // It will be used to get an OIDC token if AuthenticationMethod == "oidc". // By default, this value is "". OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"` + + // OidcAdditionalEndpointParams specifies additional parameters to be sent + // this field will be transfer to map[string][]string in OIDC token generator + // The field will be set by prefix "oidc_additional_" + OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"` } func getDefaultOidcClientConf() OidcClientConfig { return OidcClientConfig{ - OidcClientID: "", - OidcClientSecret: "", - OidcAudience: "", - OidcTokenEndpointURL: "", + OidcClientID: "", + OidcClientSecret: "", + OidcAudience: "", + OidcTokenEndpointURL: "", + OidcAdditionalEndpointParams: make(map[string]string), } } @@ -88,11 +94,17 @@ type OidcAuthProvider struct { } func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider { + eps := make(map[string][]string) + for k, v := range cfg.OidcAdditionalEndpointParams { + eps[k] = []string{v} + } + tokenGenerator := &clientcredentials.Config{ - ClientID: cfg.OidcClientID, - ClientSecret: cfg.OidcClientSecret, - Scopes: []string{cfg.OidcAudience}, - TokenURL: cfg.OidcTokenEndpointURL, + ClientID: cfg.OidcClientID, + ClientSecret: cfg.OidcClientSecret, + Scopes: []string{cfg.OidcAudience}, + TokenURL: cfg.OidcTokenEndpointURL, + EndpointParams: eps, } return &OidcAuthProvider{ diff --git a/pkg/config/client.go b/pkg/config/client.go index 9a0786f..e65e106 100644 --- a/pkg/config/client.go +++ b/pkg/config/client.go @@ -261,6 +261,8 @@ func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) { } common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_") + common.ClientConfig.OidcAdditionalEndpointParams = GetMapWithoutPrefix(s.KeysHash(), "oidc_additional_") + return common, nil }