Skip to content

Commit

Permalink
feat: add customizable authorization (#29)
Browse files Browse the repository at this point in the history
  • Loading branch information
rdubigny authored Oct 18, 2024
1 parent bceb37d commit bf97b8e
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 15 deletions.
48 changes: 33 additions & 15 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import { Issuer } from "openid-client";
import session from "express-session";
import morgan from "morgan";
import * as crypto from "crypto";
import bodyParser from "body-parser";

const port = parseInt(process.env.PORT, 10) || 3000;
const origin = `${process.env.HOST}`;
Expand Down Expand Up @@ -35,6 +36,24 @@ const getMcpClient = async () => {
});
};

const acr_values = process.env.ACR_VALUES
? process.env.ACR_VALUES.split(",")
: null;
const login_hint = process.env.LOGIN_HINT || null;
const scope = process.env.MCP_SCOPES;
const AUTHORIZATION_DEFAULT_PARAMS = {
scope,
login_hint,
acr_values,
claims: {
id_token: {
amr: {
essential: true,
},
},
},
};

app.get("/", async (req, res, next) => {
try {
res.render("index", {
Expand All @@ -43,6 +62,7 @@ app.get("/", async (req, res, next) => {
userinfo: JSON.stringify(req.session.userinfo, null, 2),
idtoken: JSON.stringify(req.session.idtoken, null, 2),
oauth2token: JSON.stringify(req.session.oauth2token, null, 2),
defaultParamsValue: JSON.stringify(AUTHORIZATION_DEFAULT_PARAMS, null, 2),
});
} catch (e) {
next(e);
Expand All @@ -53,30 +73,16 @@ const getAuthorizationControllerFactory = (extraParams) => {
return async (req, res, next) => {
try {
const client = await getMcpClient();
const acr_values = process.env.ACR_VALUES
? process.env.ACR_VALUES.split(",")
: null;
const login_hint = process.env.LOGIN_HINT || null;
const scope = process.env.MCP_SCOPES;
const nonce = crypto.randomBytes(16).toString("hex");
const state = crypto.randomBytes(16).toString("hex");

req.session.state = state;
req.session.nonce = nonce;

const redirectUrl = client.authorizationUrl({
scope,
login_hint,
acr_values,
nonce,
state,
claims: {
id_token: {
amr: {
essential: true,
},
},
},
...AUTHORIZATION_DEFAULT_PARAMS,
...extraParams,
});

Expand Down Expand Up @@ -130,6 +136,18 @@ app.post(
}),
);

app.post(
"/custom-connection",
bodyParser.urlencoded({ extended: false }),
(req, res, next) => {
console.log(req.body['custom-params'])
const customParams = JSON.parse(req.body['custom-params'])
console.dir(customParams, { depth: null });

return getAuthorizationControllerFactory(customParams)(req, res, next);
},
);

app.get(process.env.CALLBACK_URL, async (req, res, next) => {
try {
const client = await getMcpClient();
Expand Down
1 change: 1 addition & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
"test": "echo \"Error: no test specified\" && exit 1"
},
"dependencies": {
"body-parser": "^1.20.3",
"dotenv": "^16.4.5",
"ejs": "^3.1.10",
"express": "^4.21.1",
Expand Down
14 changes: 14 additions & 0 deletions views/index.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,20 @@
<form action="/force-2fa" method="post">
<button id="force-2fa">Forcer une connexion a deux facteurs</button>
</form>
<br>
<details>
<summary id="open-custom-configuration">Usage avancé</summary>

<form action="/custom-connection" method="post">
<textarea
name="custom-params"
cols="50"
rows="12"
><%= locals.defaultParamsValue %></textarea>
<br>
<button id="custom-connection">Connexion personnalisée</button>
</form>
</details>
</main>
<footer>
<p>Source: <a href="https://github.com/numerique-gouv/moncomptepro-test-client">github.com/numerique-gouv/moncomptepro-test-client</a></p>
Expand Down

0 comments on commit bf97b8e

Please sign in to comment.