-
Notifications
You must be signed in to change notification settings - Fork 6.3k
Feature/openid connect #3093
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Feature/openid connect #3093
Changes from 3 commits
Commits
Show all changes
25 commits
Select commit
Hold shift + click to select a range
d189ffc
added openid auth support
5f59e99
merged in changes from main
dylanturn e1abd86
scrubbed some small changes that I didn't mean to include
dylanturn 906e7b6
Updated the yarn lockfile. Updated the OIDC user console log with debug.
dylanturn 12c813f
ran yarn fmt, and made sure yarn lint, _audit, test:unit would pass.
dylanturn 0440796
made the oidc group claim optional
dylanturn 4fcfab2
Added documentation that explains how to configure and OpenID-Connect...
dylanturn a11d9a9
added markdown to reduce the image sizes
dylanturn 1532cb5
resized the images
dylanturn 2a0c448
updated the doc images
dylanturn 6add98b
updated the doc images
dylanturn 3ac81d9
updated the doc images
dylanturn aabfded
Updated the documentation with a couple extra steps after testing it out
dylanturn c3c305c
updated the screenshot to make sure the code-server endpoint url is c...
dylanturn 153e89b
Merge pull request #4 from turnbros/feature/openid-connect-remove-cla...
dylanturn d5ffe24
Merge pull request #5 from turnbros/documentation/openid-setup-guides
dylanturn 9e2b4f3
replace console.debug with logger.debug
dylanturn af31604
updated the logger.debug and ran yarn fmt
dylanturn 793817b
Merge pull request #6 from turnbros/fix/openid-connect-logging
dylanturn d503138
updated the logger format to match what was actually requested
dylanturn f2f731a
Merge pull request #7 from turnbros/fix/openid-connect-logging
dylanturn becd7da
Merge branch 'main' into feature/openid-connect
dylanturn ed29b32
bumped the jose version to appease the audit gods
dylanturn cf1ad0d
Apply suggestions from code review
dylanturn ab718f1
update the documentation to better conform to the style guide
dylanturn File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| import { field, logger } from "@coder/logger" | ||
| import * as express from "express" | ||
| import * as expressCore from "express-serve-static-core" | ||
| import { RequestContext } from "express-openid-connect" | ||
| import qs from "qs" | ||
| import safeCompare from "safe-compare" | ||
| import { HttpCode, HttpError } from "../common/http" | ||
|
|
@@ -16,6 +17,7 @@ declare global { | |
| export interface Request { | ||
| args: DefaultedArgs | ||
| heart: Heart | ||
| oidc: RequestContext | ||
| } | ||
| } | ||
| } | ||
|
|
@@ -69,6 +71,29 @@ export const authenticated = (req: express.Request): boolean => { | |
| ? safeCompare(req.cookies.key, req.args["hashed-password"]) | ||
| : req.args.password && safeCompare(req.cookies.key, hash(req.args.password))) | ||
| ) | ||
| case AuthType.Openid: | ||
| console.log(req.oidc.user) | ||
|
||
| console.log(req.oidc.isAuthenticated()) | ||
|
|
||
| const groupClaim = req.args["openid-group-claim"] | ||
| const userGroup = req.args["openid-user-group"] | ||
|
|
||
| if (req.oidc.isAuthenticated()){ | ||
| for (const key in req.oidc.idTokenClaims) { | ||
| var claims = <string[]>req.oidc.idTokenClaims[key] | ||
| if (key == groupClaim) { | ||
| for (const value in claims) { | ||
| if(userGroup == claims[value]) { | ||
| return true | ||
| } | ||
| } | ||
| } | ||
| } | ||
| throw new HttpError("Unauthorized", HttpCode.Unauthorized) | ||
| } | ||
|
|
||
| return false | ||
|
|
||
| default: | ||
| throw new Error(`Unsupported auth type ${req.args.auth}`) | ||
| } | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.