Skip to content

Commit 3594a65

Browse files
itavyitavy
committed
Added oidc authentication
Signed-off-by: Octavian Ionescu <itavyg@gmail.com>
1 parent 922f847 commit 3594a65

4 files changed

Lines changed: 237 additions & 1 deletion

File tree

package-lock.json

Lines changed: 125 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
"dependencies": {
2727
"debug": "^4.3.4",
2828
"mustache": "^4.2.0",
29+
"open": "^10.1.0",
2930
"postman-request": "^2.88.1-postman.33",
3031
"tv4": "^1.3.0"
3132
},

src/commands.js

Lines changed: 68 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1258,6 +1258,73 @@ module.exports = {
12581258
res: approleResponse,
12591259
},
12601260
},
1261+
oidcAuthUrl: {
1262+
method: 'POST',
1263+
path: '/auth/oidc/oidc/auth_url',
1264+
schema: {
1265+
req: {
1266+
type: 'object',
1267+
properties: {
1268+
redirect_uri: {
1269+
type: 'string'
1270+
},
1271+
client_nonce: {
1272+
type: 'string'
1273+
},
1274+
role: {
1275+
type: 'string'
1276+
}
1277+
},
1278+
required: ['redirect_uri']
1279+
},
1280+
res: {
1281+
type: 'object',
1282+
properties: {
1283+
request_id: {
1284+
type: 'string'
1285+
},
1286+
data: {
1287+
type: 'object',
1288+
properties: {
1289+
auth_url: {
1290+
type: 'string'
1291+
}
1292+
},
1293+
required: ['auth_url']
1294+
}
1295+
},
1296+
required: ['request_id', 'data']
1297+
}
1298+
}
1299+
},
1300+
oidcCallback: {
1301+
method: 'GET',
1302+
path: '/auth/oidc/oidc/callback',
1303+
tokenSource: true,
1304+
schema: {
1305+
query: {
1306+
type: 'object',
1307+
properties: {
1308+
state: {
1309+
type: 'string',
1310+
},
1311+
code: {
1312+
type: 'string',
1313+
},
1314+
client_nonce: {
1315+
type: 'string'
1316+
}
1317+
},
1318+
required: ['state', 'code']
1319+
},
1320+
res: {
1321+
type: 'object',
1322+
properties: {
1323+
auth,
1324+
}
1325+
}
1326+
}
1327+
},
12611328
health: {
12621329
method: 'GET',
12631330
path: '/sys/health',
@@ -1334,4 +1401,4 @@ module.exports = {
13341401
method: 'PUT',
13351402
path: '/sys/step-down',
13361403
},
1337-
}
1404+
}

src/index.js

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ const originalCommands = require('./commands.js');
66
const originalMustache = require('mustache');
77
const util = require('util');
88
const request = require('postman-request');
9+
const { randomBytes } = require('crypto');
10+
const http = require('http');
911

1012
class VaultError extends Error {}
1113

@@ -244,5 +246,46 @@ module.exports = (config = {}) => {
244246
const assignFunctions = (commandName) => generateFunction(commandName, commands[commandName]);
245247
Object.keys(commands).forEach(assignFunctions);
246248

249+
client['oidcFlow'] = () => import('open')
250+
.then(({default: open}) => {
251+
const oidcCallbackPath = '/oidc/callback';
252+
return new Promise((done, reject) => {
253+
const client_nonce = randomBytes(20).toString('hex').slice(20);
254+
255+
const server = http.createServer((req, res) => {
256+
const responseUrl = new URL(`http://localhost${req.url}`)
257+
if (responseUrl.pathname === oidcCallbackPath) {
258+
res.write('Signed in via your OIDC provider\nYou can now close this window and start using Vault.');
259+
res.end();
260+
const code = responseUrl.searchParams.get('code')
261+
const state = responseUrl.searchParams.get('state')
262+
client.oidcCallback({
263+
state,
264+
code,
265+
client_nonce,
266+
})
267+
.then(() => {
268+
server.close(done);
269+
})
270+
.catch(reject)
271+
}
272+
if (!res.writableEnded) {
273+
res.end();
274+
}
275+
});
276+
277+
server.listen(8250, 'localhost', () => {});
278+
279+
client.oidcAuthUrl({
280+
redirect_uri: `http://localhost:8250${oidcCallbackPath}`,
281+
client_nonce,
282+
})
283+
.then((r) => {
284+
open(r.data.auth_url)
285+
})
286+
.catch(reject)
287+
})
288+
})
289+
247290
return client;
248291
};

0 commit comments

Comments
 (0)