Added AuthorizeClient function to flow

OpenCHAMI · Feb 28, 2024 · b2d5188 · b2d5188
1 parent 0265295
commit b2d5188
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 5 deletions.
diff --git a/cmd/boot-script-service/main.go b/cmd/boot-script-service/main.go
@@ -451,6 +451,10 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to register OAuth client: %v", err)
 	}
+	_, err = client.AuthorizeClient("http://127.0.0.1:4444/oauth2/auth")
+	if err != nil {
+		log.Fatalf("failed to authorize OAuth client: %v", err)
+	}
 	res, err := client.FetchTokenFromAuthorizationServer("http://127.0.0.1:4444/oauth2/token", []string{})
 	if err != nil {
 		log.Fatalf("failed to fetch token from authorization server: %v", err)
@@ -460,6 +464,7 @@ func main() {
 	var resJson map[string]any
 	json.Unmarshal(res, &resJson)
 	accessToken = resJson["access_token"].(string)
+	log.Printf("Access Token: %v\n", accessToken)
 
 	var svcOpts string
 	if insecure {

diff --git a/cmd/boot-script-service/oauth.go b/cmd/boot-script-service/oauth.go
@@ -1,16 +1,16 @@
+// NOTE: Triad License goes here
 package main
 
 import (
 	"bytes"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 )
 
-// NOTE: Triad License goes here
-
 type OAuthClient struct {
 	http.Client
 	Id           string
@@ -26,9 +26,8 @@ func (client *OAuthClient) RegisterOAuthClient(registerUrl string, audience []st
 		"token_endpoint_auth_method": "client_secret_post",
 		"scope":                      "openid email profile",
 		"grant_types":                ["client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
-		"response_types":             ["token"],
-		"audience":                   [%s]
-	}`, client.Id, client.Secret, strings.Join(audience, ",")))
+		"response_types":             ["token"]
+	}`, client.Id))
 
 	req, err := http.NewRequest("POST", registerUrl, bytes.NewBuffer(data))
 	if err != nil {
@@ -44,6 +43,35 @@ func (client *OAuthClient) RegisterOAuthClient(registerUrl string, audience []st
 	return io.ReadAll(res.Body)
 }
 
+func (client *OAuthClient) AuthorizeClient(authorizeUrl string) ([]byte, error) {
+	// encode ID and secret for authorization header basic authentication
+	basicAuth := base64.StdEncoding.EncodeToString(
+		[]byte(fmt.Sprintf("%s:%s",
+			url.QueryEscape(client.Id),
+			url.QueryEscape(client.Secret),
+		)),
+	)
+	body := []byte("grant_type=client_credentials&scope=read")
+	headers := map[string][]string{
+		"Authorization": {basicAuth},
+		"Content-Type":  {"application/x-www-form-urlencoded"},
+	}
+
+	req, err := http.NewRequest("POST", authorizeUrl, bytes.NewBuffer(body))
+	req.Header = headers
+	if err != nil {
+		return nil, fmt.Errorf("failed to make request: %v", err)
+	}
+	req.Header.Add("Content-Type", "application/json")
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to do request: %v", err)
+	}
+	defer res.Body.Close()
+
+	return io.ReadAll(res.Body)
+}
+
 func (client *OAuthClient) FetchTokenFromAuthorizationServer(remoteUrl string, scope []string) ([]byte, error) {
 	// hydra endpoint: /oauth/token
 	data := "grant_type=" + url.QueryEscape("urn:ietf:params:oauth:grant-type:jwt-bearer") +