Compare commits

...

8 Commits

Author SHA1 Message Date
ds 12fb4b28b1 fix service namespace 2026-07-11 04:38:15 +00:00
ds 51fb4dc29f fix var userinfo 2026-07-11 04:32:32 +00:00
ds 22ccb85b7b struct claims global 2026-07-11 04:30:32 +00:00
ds 0396982cda fix import 2026-07-11 04:16:48 +00:00
ds 0a89c35b32 main.go aktualisiert 2026-07-11 04:12:04 +00:00
ds 7d07a4ba96 add valkey session 2026-07-11 06:08:41 +02:00
ds 4b325fd588 main.go aktualisiert 2026-07-11 03:46:49 +00:00
ds 9686823812 add imports 2026-07-11 03:30:47 +00:00
3 changed files with 83 additions and 29 deletions
+4 -1
View File
@@ -1,6 +1,6 @@
module oidc-demo module oidc-demo
go 1.23.0 go 1.25.0
require ( require (
github.com/coreos/go-oidc/v3 v3.11.0 github.com/coreos/go-oidc/v3 v3.11.0
@@ -8,6 +8,9 @@ require (
) )
require ( require (
github.com/alexedwards/scs/v2 v2.9.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-jose/go-jose/v4 v4.0.2 // indirect
github.com/valkey-io/valkey-go v1.0.76 // indirect
golang.org/x/crypto v0.25.0 // indirect golang.org/x/crypto v0.25.0 // indirect
golang.org/x/sys v0.43.0 // indirect
) )
+7
View File
@@ -1,3 +1,5 @@
github.com/alexedwards/scs/v2 v2.9.0 h1:xa05mVpwTBm1iLeTMNFfAWpKUm4fXAW7CeAViqBVS90=
github.com/alexedwards/scs/v2 v2.9.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -6,13 +8,18 @@ github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/valkey-io/valkey-go v1.0.76 h1:Rcown7FFseVhG9b0+4MWfMs4xWu8otPzHjrsK044ET4=
github.com/valkey-io/valkey-go v1.0.76/go.mod h1:6X581PhgfeMkJmyfjIsa2eFdq6dy3Qkkg9zwjM1p42M=
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+70 -26
View File
@@ -5,11 +5,15 @@ import (
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"time"
"log" "log"
"net/http" "net/http"
"crypto/tls" "crypto/tls"
"github.com/coreos/go-oidc/v3/oidc" "github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"github.com/alexedwards/scs/v2"
"github.com/debarbarinantoine/valkeystore"
"github.com/valkey-io/valkey-go"
) )
const ( const (
@@ -24,10 +28,16 @@ const (
var ( var (
oauthConfig *oauth2.Config oauthConfig *oauth2.Config
verifier *oidc.IDTokenVerifier verifier *oidc.IDTokenVerifier
sessionManager *scs.SessionManager
) )
func main() { // Userinformationen aus Token lesen
var claims struct {
Username string `json:"preferred_username"`
Email string `json:"email"`
}
func main() {
http.DefaultTransport.(*http.Transport).TLSClientConfig = http.DefaultTransport.(*http.Transport).TLSClientConfig =
&tls.Config{ &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
@@ -35,6 +45,27 @@ func main() {
ctx := context.Background() ctx := context.Background()
// valkey session
client, err := valkey.NewClient(
valkey.ClientOption{
InitAddress: []string{
"valkey.cloud-session.svc.cluster.local:6379",
},
},
)
if err != nil {
log.Fatal(err)
}
sessionManager = scs.New()
sessionManager.Store = valkeystore.New(client)
sessionManager.Lifetime = 24 * time.Hour
sessionManager.Cookie.HttpOnly = true
sessionManager.Cookie.Secure = true
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
// valkey session end
// OIDC Discovery (.well-known/openid-configuration) // OIDC Discovery (.well-known/openid-configuration)
provider, err := oidc.NewProvider(ctx, keycloakURL) provider, err := oidc.NewProvider(ctx, keycloakURL)
if err != nil { if err != nil {
@@ -65,7 +96,12 @@ func main() {
http.HandleFunc("/logout", logout) http.HandleFunc("/logout", logout)
log.Println("running :8080") log.Println("running :8080")
log.Fatal(http.ListenAndServe(":8080", nil)) log.Fatal(
http.ListenAndServe(
":8080",
sessionManager.LoadAndSave(http.DefaultServeMux),
),
)
} }
@@ -75,11 +111,11 @@ func login(w http.ResponseWriter, r *http.Request) {
// CSRF-Schutz: State erzeugen // CSRF-Schutz: State erzeugen
state := randomString() state := randomString()
http.SetCookie(w, &http.Cookie{ sessionManager.Put(
Name: "oidc_state", r.Context(),
Value: state, "user",
Path: "/", claims.Username,
}) )
url := oauthConfig.AuthCodeURL( url := oauthConfig.AuthCodeURL(
state, state,
@@ -132,10 +168,10 @@ func callback(w http.ResponseWriter, r *http.Request) {
// Userinformationen aus Token lesen // Userinformationen aus Token lesen
var claims struct { //var claims struct {
Username string `json:"preferred_username"` // Username string `json:"preferred_username"`
Email string `json:"email"` // Email string `json:"email"`
} //}
idToken.Claims(&claims) idToken.Claims(&claims)
@@ -153,41 +189,49 @@ func callback(w http.ResponseWriter, r *http.Request) {
func home(w http.ResponseWriter, r *http.Request) { func home(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("user") user := sessionManager.GetString(
r.Context(),
"user",
)
if err != nil { if user == "" {
fmt.Fprint(w, ` fmt.Fprint(w, `
<h1>OIDC Demo</h1> <h1>OIDC Demo</h1>
<a href="/login"> <a href="/login">
<button>Anmeldung über OIDC</button> <button>Anmeldung über OIDC</button>
</a> </a>
`) `)
return return
} }
fmt.Fprintf(
fmt.Fprintf(w, ` w,
`
<h1>Hallo %s</h1> <h1>Hallo %s</h1>
<form action="/logout" method="post"> <form action="/logout" method="post">
<button>Abmelden</button> <button>Abmelden</button>
</form> </form>
`, cookie.Value) `,
user,
)
} }
func logout(w http.ResponseWriter, r *http.Request) { func logout(w http.ResponseWriter, r *http.Request) {
sessionManager.Destroy(
http.SetCookie(w, &http.Cookie{ r.Context(),
Name: "user", )
Value: "", http.Redirect(
Path: "/", w,
MaxAge: -1, r,
}) "/",
http.StatusFound,
http.Redirect(w, r, "/", 302) )
} }