feat(oidc_auth): Add backend support for OIDC Auth

Signed-off-by: deo002 <oberoidearsh@gmail.com>
fossology · Dec 20, 2024 · 8541110 · 8541110
1 parent d8a5f49
commit 8541110
Show file tree

Hide file tree

Showing 22 changed files with 1,891 additions and 309 deletions.
diff --git a/.env.example b/.env.example
@@ -5,4 +5,31 @@
 TOKEN_HOUR_LIFESPAN=24
 # Secret key to sign tokens (openssl rand -hex 32)
 API_SECRET=some-random-string
-READ_API_AUTHENTICATION_ENABLED=false
+READ_API_AUTHENTICATION_ENABLED=false
+
+PORT=8080
+
+# OIDC Provider (To be set if OIDC Authentication support required)
+# The URL for retrieving keys for Token Parsing
+JWKS_URI=https://provider/keys
+
+# The field in ID Token that is to be used as username
+OIDC_USERNAME_KEY=employee_id
+
+# The field in ID Token that is to be used as email
+OIDC_EMAIL_KEY=mail
+
+# The issuer url
+OIDC_ISSUER=https://provider
+
+# The field in ID Token that is used as display name
+OIDC_DISPLAYNAME_KEY=display_name
+
+# Some OIDC providers do not provide the "alg" header in their key set(ex. AzureAD)
+# This env variable, if set, will be used for signing while verifying the JWT signature
+# (Make sure it's same as the signing algorithm used by the provider)
+# If not set, there will be multiple verify attempts done with all the algorithms in the
+# family of algorithms mentioned in the "kty" field till a match is found
+#
+# For OIDC providers that provide the "alg" header in their key set, there is no need for this to be set
+OIDC_SIGNING_ALG=RS256
diff --git a/.github/workflows/api-swagger.yml b/.github/workflows/api-swagger.yml
@@ -19,7 +19,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.20'
+        go-version: '1.22'
         check-latest: true
         cache: true
 
@@ -54,7 +54,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: '1.22'
           check-latest: true
           cache: true
 

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -20,7 +20,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.20'
+        go-version: '1.22'
         check-latest: true
         cache: true
 

diff --git a/.github/workflows/golangci.yml b/.github/workflows/golangci.yml
@@ -18,20 +18,20 @@ jobs:
   golangci-lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: '1.20'
+        go-version: '1.22'
         check-latest: true
         cache: true
 
     - name: Code Generation
       run: cp external_ref_fields.example.yaml external_ref_fields.yaml && go generate ./...
 
     - name: lint
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v6
       with:
-          version: v1.55
+          version: v1.62.2
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-FileCopyrightText: 2024 Kaushlendra Pratap <kaushlendra-pratap.singh@siemens.com>
 # SPDX-License-Identifier: GPL-2.0-only
-FROM golang:1.20 AS build
+FROM golang:1.22 AS build
 
 WORKDIR /LicenseDb