Add additional query config for authentication request

openstandia · Oct 15, 2018 · b57e718 · b57e718
1 parent 4f626b7
commit b57e718
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 NAME := aws-cli-oidc
-VERSION := v0.1.0
+VERSION := v0.2.0
 REVISION := $(shell git rev-parse --short HEAD)
 
 SRCS := $(shell find . -type f -name '*.go')

diff --git a/cmd/get_cred.go b/cmd/get_cred.go
@@ -5,6 +5,7 @@ import (
  "fmt"
  "net"
  "net/http"
+ "strings"
  "time"
 
  "github.com/beevik/etree"
@@ -248,13 +249,29 @@ func doLogin(client *OIDCClient) (*TokenResponse, error) {
  challenge := v.CodeChallengeS256()
  verifier := v.String()
 
- url := client.Authorization().
+ authReq := client.Authorization().
  QueryParam("response_type", "code").
  QueryParam("client_id", clientId).
  QueryParam("redirect_uri", redirect).
  QueryParam("code_challenge", challenge).
  QueryParam("code_challenge_method", "S256").
- QueryParam("scope", "openid").Url()
+ QueryParam("scope", "openid")
+
+ additionalQuery := client.config.GetString(OIDC_AUTHENTICATION_REQUEST_ADDITIONAL_QUERY)
+ if additionalQuery != "" {
+ queries := strings.Split(additionalQuery, "&")
+ for _, q := range queries {
+ kv := strings.Split(q, "=")
+ if len(kv) == 1 {
+ authReq = authReq.QueryParam(kv[0], "")
+ } else if len(kv) == 2 {
+ authReq = authReq.QueryParam(kv[0], kv[1])
+ } else {
+ return nil, errors.Errorf("Invalid additional query: %s", q)
+ }
+ }
+ }
+ url := authReq.Url()
 
  code := launch(client, url.String(), listener)
  if code != "" {

diff --git a/cmd/root.go b/cmd/root.go
@@ -26,6 +26,7 @@ func Execute() {
 var configdir string
 
 const OIDC_PROVIDER_METADATA_URL = "oidc_provider_metadata_url"
+const OIDC_AUTHENTICATION_REQUEST_ADDITIONAL_QUERY = "oidc_authentication_request_additional_query"
 const SUCCESSFUL_REDIRECT_URL = "successful_redirect_url"
 const FAILURE_REDIRECT_URL = "failure_redirect_url"
 const CLIENT_ID = "client_id"

diff --git a/cmd/setup.go b/cmd/setup.go
@@ -34,6 +34,10 @@ func runSetup() {
  Required: true,
  Loop: true,
  })
+ additionalQuery, _ := ui.Ask("Additional query for OIDC authentication request (Default: none):", &input.Options{
+ Default: "",
+ Required: false,
+ })
  successfulRedirectURL, _ := ui.Ask("Successful redirect URL (Default: none):", &input.Options{
  Default: "",
  Required: false,
@@ -64,6 +68,7 @@ func runSetup() {
  config := map[string]string{}
 
  config[OIDC_PROVIDER_METADATA_URL] = server
+ config[OIDC_AUTHENTICATION_REQUEST_ADDITIONAL_QUERY] = additionalQuery
  config[SUCCESSFUL_REDIRECT_URL] = successfulRedirectURL
  config[FAILURE_REDIRECT_URL] = failureRedirectURL
  config[CLIENT_ID] = clientID