mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-09 01:13:41 +08:00
Merge into one origin config.
This commit is contained in:
@ -14,5 +14,4 @@ httpProxy = "127.0.0.1:10808"
|
|||||||
verificationCodeTimeout = 10
|
verificationCodeTimeout = 10
|
||||||
initScore = 2000
|
initScore = 2000
|
||||||
logPostOnly = true
|
logPostOnly = true
|
||||||
oidcOrigin = "https://door.casbin.com"
|
origin = "https://door.casbin.com"
|
||||||
samlOrigin = "http://localhost:8000"
|
|
@ -19,9 +19,8 @@ import (
|
|||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
jose "gopkg.in/square/go-jose.v2"
|
|
||||||
|
|
||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
|
"gopkg.in/square/go-jose.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
type OidcDiscovery struct {
|
type OidcDiscovery struct {
|
||||||
@ -44,7 +43,7 @@ type OidcDiscovery struct {
|
|||||||
var oidcDiscovery OidcDiscovery
|
var oidcDiscovery OidcDiscovery
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
oidcOrigin := beego.AppConfig.String("oidcOrigin")
|
origin := beego.AppConfig.String("origin")
|
||||||
|
|
||||||
// Examples:
|
// Examples:
|
||||||
// https://login.okta.com/.well-known/openid-configuration
|
// https://login.okta.com/.well-known/openid-configuration
|
||||||
@ -52,11 +51,11 @@ func init() {
|
|||||||
// https://accounts.google.com/.well-known/openid-configuration
|
// https://accounts.google.com/.well-known/openid-configuration
|
||||||
// https://access.line.me/.well-known/openid-configuration
|
// https://access.line.me/.well-known/openid-configuration
|
||||||
oidcDiscovery = OidcDiscovery{
|
oidcDiscovery = OidcDiscovery{
|
||||||
Issuer: oidcOrigin,
|
Issuer: origin,
|
||||||
AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", oidcOrigin),
|
AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", origin),
|
||||||
TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", oidcOrigin),
|
TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", origin),
|
||||||
UserinfoEndpoint: fmt.Sprintf("%s/api/get-account", oidcOrigin),
|
UserinfoEndpoint: fmt.Sprintf("%s/api/get-account", origin),
|
||||||
JwksUri: fmt.Sprintf("%s/api/certs", oidcOrigin),
|
JwksUri: fmt.Sprintf("%s/api/certs", origin),
|
||||||
ResponseTypesSupported: []string{"id_token"},
|
ResponseTypesSupported: []string{"id_token"},
|
||||||
ResponseModesSupported: []string{"login", "code", "link"},
|
ResponseModesSupported: []string{"login", "code", "link"},
|
||||||
GrantTypesSupported: []string{"password", "authorization_code"},
|
GrantTypesSupported: []string{"password", "authorization_code"},
|
||||||
|
@ -60,7 +60,7 @@ func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvide
|
|||||||
certStore := dsig.MemoryX509CertificateStore{
|
certStore := dsig.MemoryX509CertificateStore{
|
||||||
Roots: []*x509.Certificate{},
|
Roots: []*x509.Certificate{},
|
||||||
}
|
}
|
||||||
samlOrigin := beego.AppConfig.String("samlOrigin")
|
origin := beego.AppConfig.String("origin")
|
||||||
certEncodedData := ""
|
certEncodedData := ""
|
||||||
if samlResponse != "" {
|
if samlResponse != "" {
|
||||||
de, err := base64.StdEncoding.DecodeString(samlResponse)
|
de, err := base64.StdEncoding.DecodeString(samlResponse)
|
||||||
@ -84,8 +84,8 @@ func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvide
|
|||||||
}
|
}
|
||||||
certStore.Roots = append(certStore.Roots, idpCert)
|
certStore.Roots = append(certStore.Roots, idpCert)
|
||||||
sp := &saml2.SAMLServiceProvider{
|
sp := &saml2.SAMLServiceProvider{
|
||||||
ServiceProviderIssuer: fmt.Sprintf("%s/api/acs", samlOrigin),
|
ServiceProviderIssuer: fmt.Sprintf("%s/api/acs", origin),
|
||||||
AssertionConsumerServiceURL: fmt.Sprintf("%s/api/acs", samlOrigin),
|
AssertionConsumerServiceURL: fmt.Sprintf("%s/api/acs", origin),
|
||||||
IDPCertificateStore: &certStore,
|
IDPCertificateStore: &certStore,
|
||||||
}
|
}
|
||||||
if provider != nil {
|
if provider != nil {
|
||||||
|
@ -43,7 +43,7 @@ func generateJwtToken(application *Application, user *User) (string, error) {
|
|||||||
claims := Claims{
|
claims := Claims{
|
||||||
User: *user,
|
User: *user,
|
||||||
RegisteredClaims: jwt.RegisteredClaims{
|
RegisteredClaims: jwt.RegisteredClaims{
|
||||||
Issuer: beego.AppConfig.String("oidcOrigin"),
|
Issuer: beego.AppConfig.String("origin"),
|
||||||
Subject: user.Id,
|
Subject: user.Id,
|
||||||
Audience: []string{application.ClientId},
|
Audience: []string{application.ClientId},
|
||||||
ExpiresAt: jwt.NewNumericDate(expireTime),
|
ExpiresAt: jwt.NewNumericDate(expireTime),
|
||||||
|
Reference in New Issue
Block a user