From 4a147838fcf70b472b72618e6ce97c9e59c59a1c Mon Sep 17 00:00:00 2001
From: "David J. Allen" <allend@lanl.gov>
Date: Tue, 27 Feb 2024 17:10:20 -0700
Subject: [PATCH] Added initial implementation of OAuth registration and token
 fetch

---
 cmd/boot-script-service/main.go  |  5 +++
 cmd/boot-script-service/oauth.go | 73 ++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 cmd/boot-script-service/oauth.go

diff --git a/cmd/boot-script-service/main.go b/cmd/boot-script-service/main.go
index 2878fa8..d29917f 100644
--- a/cmd/boot-script-service/main.go
+++ b/cmd/boot-script-service/main.go
@@ -443,6 +443,11 @@ func main() {
 		}
 	}
 
+	// register oauth client and receive
+	var client OAuthClient
+	client.RegisterOAuthClient("http://127.0.0.1:4444/oauth2/register", []string{})
+	client.FetchTokenFromAuthorizationServer("http://127.0.0.1:4444/oauth2/token", []string{})
+
 	var svcOpts string
 	if insecure {
 		svcOpts = "insecure,"
diff --git a/cmd/boot-script-service/oauth.go b/cmd/boot-script-service/oauth.go
new file mode 100644
index 0000000..e31a9a5
--- /dev/null
+++ b/cmd/boot-script-service/oauth.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// NOTE: Triad License goes here
+
+type OAuthClient struct {
+	http.Client
+	Id           string
+	Secret       string
+	RedirectUris []string
+}
+
+func (client *OAuthClient) RegisterOAuthClient(registerUrl string, audience []string) ([]byte, error) {
+	// hydra endpoint: POST /clients
+	audience = QuoteArrayStrings(audience)
+	data := []byte(fmt.Sprintf(`{
+		"client_name":                "%s",
+		"token_endpoint_auth_method": "client_secret_post",
+		"scope":                      "openid email profile",
+		"grant_types":                ["client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
+		"response_types":             ["token"],
+		"audience":                   [%s]
+	}`, client.Id, client.Secret, strings.Join(audience, ",")))
+
+	req, err := http.NewRequest("POST", registerUrl, bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("failed to make request: %v", err)
+	}
+	req.Header.Add("Content-Type", "application/json")
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to do request: %v", err)
+	}
+	defer res.Body.Close()
+
+	return io.ReadAll(res.Body)
+}
+
+func (client *OAuthClient) FetchTokenFromAuthorizationServer(remoteUrl string, scope []string) ([]byte, error) {
+	// hydra endpoint: /oauth/token
+	data := "grant_type=" + url.QueryEscape("urn:ietf:params:oauth:grant-type:jwt-bearer") +
+		"&client_id=" + client.Id +
+		"&client_secret=" + client.Secret +
+		"&scope=" + strings.Join(scope, "+")
+	fmt.Printf("encoded params: %v\n\n", data)
+	req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer([]byte(data)))
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	if err != nil {
+		return nil, fmt.Errorf("failed to make request: %s", err)
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to do request: %v", err)
+	}
+	defer res.Body.Close()
+
+	return io.ReadAll(res.Body)
+}
+
+func QuoteArrayStrings(arr []string) []string {
+	for i, v := range arr {
+		arr[i] = "\"" + v + "\""
+	}
+	return arr
+}