mirror of
https://gitee.com/IrisVega/frp.git
synced 2024-11-01 22:31:29 +08:00
feat: support add additional params for OIDC (#2814)
* feat: support add additional params and test access by auth0 * fix: config name Co-authored-by: blizard863 <760076784@qq.com>
This commit is contained in:
parent
19739ed31a
commit
cd31359a27
@ -51,6 +51,12 @@ oidc_audience =
|
|||||||
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
|
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
|
||||||
oidc_token_endpoint_url =
|
oidc_token_endpoint_url =
|
||||||
|
|
||||||
|
# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.
|
||||||
|
# For example, if you want to specify the "audience" parameter, you can set as follow.
|
||||||
|
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
|
||||||
|
# oidc_additional_audience = https://dev.auth.com/api/v2/
|
||||||
|
# oidc_additional_var1 = foobar
|
||||||
|
|
||||||
# set admin address for control frpc's action by http api such as reload
|
# set admin address for control frpc's action by http api such as reload
|
||||||
admin_addr = 127.0.0.1
|
admin_addr = 127.0.0.1
|
||||||
admin_port = 7400
|
admin_port = 7400
|
||||||
|
@ -40,6 +40,11 @@ type OidcClientConfig struct {
|
|||||||
// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
|
// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
|
||||||
// By default, this value is "".
|
// By default, this value is "".
|
||||||
OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
|
OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
|
||||||
|
|
||||||
|
// OidcAdditionalEndpointParams specifies additional parameters to be sent
|
||||||
|
// this field will be transfer to map[string][]string in OIDC token generator
|
||||||
|
// The field will be set by prefix "oidc_additional_"
|
||||||
|
OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func getDefaultOidcClientConf() OidcClientConfig {
|
func getDefaultOidcClientConf() OidcClientConfig {
|
||||||
@ -48,6 +53,7 @@ func getDefaultOidcClientConf() OidcClientConfig {
|
|||||||
OidcClientSecret: "",
|
OidcClientSecret: "",
|
||||||
OidcAudience: "",
|
OidcAudience: "",
|
||||||
OidcTokenEndpointURL: "",
|
OidcTokenEndpointURL: "",
|
||||||
|
OidcAdditionalEndpointParams: make(map[string]string),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -88,11 +94,17 @@ type OidcAuthProvider struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
|
func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
|
||||||
|
eps := make(map[string][]string)
|
||||||
|
for k, v := range cfg.OidcAdditionalEndpointParams {
|
||||||
|
eps[k] = []string{v}
|
||||||
|
}
|
||||||
|
|
||||||
tokenGenerator := &clientcredentials.Config{
|
tokenGenerator := &clientcredentials.Config{
|
||||||
ClientID: cfg.OidcClientID,
|
ClientID: cfg.OidcClientID,
|
||||||
ClientSecret: cfg.OidcClientSecret,
|
ClientSecret: cfg.OidcClientSecret,
|
||||||
Scopes: []string{cfg.OidcAudience},
|
Scopes: []string{cfg.OidcAudience},
|
||||||
TokenURL: cfg.OidcTokenEndpointURL,
|
TokenURL: cfg.OidcTokenEndpointURL,
|
||||||
|
EndpointParams: eps,
|
||||||
}
|
}
|
||||||
|
|
||||||
return &OidcAuthProvider{
|
return &OidcAuthProvider{
|
||||||
|
@ -261,6 +261,8 @@ func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_")
|
common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_")
|
||||||
|
common.ClientConfig.OidcAdditionalEndpointParams = GetMapWithoutPrefix(s.KeysHash(), "oidc_additional_")
|
||||||
|
|
||||||
return common, nil
|
return common, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user