feat: support add additional params for OIDC (#2814)

* feat: support add additional params and test access by auth0 * fix: config name Co-authored-by: blizard863 <760076784@qq.com>
2024-11-01 22:31:29 +08:00 · 2022-03-07 14:23:49 +08:00 · 2022-03-07 14:23:49 +08:00 · cd31359a27
commit cd31359a27
parent 19739ed31a
3 changed files with 28 additions and 8 deletions
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@ -51,6 +51,12 @@ oidc_audience =
 # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
 oidc_token_endpoint_url =
 # oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.
 # For example, if you want to specify the "audience" parameter, you can set as follow.
 # frp will add "audience=<value>" "var1=<value>" to the additional parameters.
 # oidc_additional_audience = https://dev.auth.com/api/v2/
 # oidc_additional_var1 = foobar
 # set admin address for control frpc's action by http api such as reload
 admin_addr = 127.0.0.1
 admin_port = 7400
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@ -40,14 +40,20 @@ type OidcClientConfig struct {
 	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
 	// By default, this value is "".
 	OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
 	// OidcAdditionalEndpointParams specifies additional parameters to be sent
 	// this field will be transfer to map[string][]string in OIDC token generator
 	// The field will be set by prefix "oidc_additional_"
 	OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"`
 }
 func getDefaultOidcClientConf() OidcClientConfig {
 	return OidcClientConfig{
-		OidcClientID:         "",
+		OidcClientID:                 "",
-		OidcClientSecret:     "",
+		OidcClientSecret:             "",
-		OidcAudience:         "",
+		OidcAudience:                 "",
-		OidcTokenEndpointURL: "",
+		OidcTokenEndpointURL:         "",
 		OidcAdditionalEndpointParams: make(map[string]string),
 	}
 }
@ -88,11 +94,17 @@ type OidcAuthProvider struct {
 }
 func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
 	eps := make(map[string][]string)
 	for k, v := range cfg.OidcAdditionalEndpointParams {
 		eps[k] = []string{v}
 	}
 	tokenGenerator := &clientcredentials.Config{
-		ClientID:     cfg.OidcClientID,
+		ClientID:       cfg.OidcClientID,
-		ClientSecret: cfg.OidcClientSecret,
+		ClientSecret:   cfg.OidcClientSecret,
-		Scopes:       []string{cfg.OidcAudience},
+		Scopes:         []string{cfg.OidcAudience},
-		TokenURL:     cfg.OidcTokenEndpointURL,
+		TokenURL:       cfg.OidcTokenEndpointURL,
 		EndpointParams: eps,
 	}
 	return &OidcAuthProvider{
--- a/pkg/config/client.go
+++ b/pkg/config/client.go
@ -261,6 +261,8 @@ func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) {
 	}
 	common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_")
 	common.ClientConfig.OidcAdditionalEndpointParams = GetMapWithoutPrefix(s.KeysHash(), "oidc_additional_")
 	return common, nil
 }