Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7d07a4ba96 | |||
| 4b325fd588 | |||
| 9686823812 |
@@ -1,6 +1,6 @@
|
|||||||
module oidc-demo
|
module oidc-demo
|
||||||
|
|
||||||
go 1.23.0
|
go 1.25.0
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/coreos/go-oidc/v3 v3.11.0
|
github.com/coreos/go-oidc/v3 v3.11.0
|
||||||
@@ -8,6 +8,9 @@ require (
|
|||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/alexedwards/scs/v2 v2.9.0 // indirect
|
||||||
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
|
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
|
||||||
|
github.com/valkey-io/valkey-go v1.0.76 // indirect
|
||||||
golang.org/x/crypto v0.25.0 // indirect
|
golang.org/x/crypto v0.25.0 // indirect
|
||||||
|
golang.org/x/sys v0.43.0 // indirect
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
github.com/alexedwards/scs/v2 v2.9.0 h1:xa05mVpwTBm1iLeTMNFfAWpKUm4fXAW7CeAViqBVS90=
|
||||||
|
github.com/alexedwards/scs/v2 v2.9.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
|
||||||
github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
|
github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
|
||||||
github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
|
github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
@@ -6,13 +8,18 @@ github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0
|
|||||||
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
|
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
|
||||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||||
|
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
|
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
|
||||||
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||||
|
github.com/valkey-io/valkey-go v1.0.76 h1:Rcown7FFseVhG9b0+4MWfMs4xWu8otPzHjrsK044ET4=
|
||||||
|
github.com/valkey-io/valkey-go v1.0.76/go.mod h1:6X581PhgfeMkJmyfjIsa2eFdq6dy3Qkkg9zwjM1p42M=
|
||||||
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
|
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
|
||||||
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
|
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
|
||||||
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
|
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
|
||||||
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
||||||
|
golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
|
||||||
|
golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"time"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
@@ -24,10 +25,10 @@ const (
|
|||||||
var (
|
var (
|
||||||
oauthConfig *oauth2.Config
|
oauthConfig *oauth2.Config
|
||||||
verifier *oidc.IDTokenVerifier
|
verifier *oidc.IDTokenVerifier
|
||||||
|
sessionManager *scs.SessionManager
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
||||||
http.DefaultTransport.(*http.Transport).TLSClientConfig =
|
http.DefaultTransport.(*http.Transport).TLSClientConfig =
|
||||||
&tls.Config{
|
&tls.Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
@@ -35,6 +36,27 @@ func main() {
|
|||||||
|
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
|
// valkey session
|
||||||
|
client, err := valkey.NewClient(
|
||||||
|
valkey.ClientOption{
|
||||||
|
InitAddress: []string{
|
||||||
|
"valkey:6379",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
sessionManager = scs.New()
|
||||||
|
sessionManager.Store = valkeystore.New(client)
|
||||||
|
sessionManager.Lifetime = 24 * time.Hour
|
||||||
|
sessionManager.Cookie.HttpOnly = true
|
||||||
|
sessionManager.Cookie.Secure = true
|
||||||
|
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
|
||||||
|
// valkey session end
|
||||||
|
|
||||||
// OIDC Discovery (.well-known/openid-configuration)
|
// OIDC Discovery (.well-known/openid-configuration)
|
||||||
provider, err := oidc.NewProvider(ctx, keycloakURL)
|
provider, err := oidc.NewProvider(ctx, keycloakURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -65,7 +87,12 @@ func main() {
|
|||||||
http.HandleFunc("/logout", logout)
|
http.HandleFunc("/logout", logout)
|
||||||
|
|
||||||
log.Println("running :8080")
|
log.Println("running :8080")
|
||||||
log.Fatal(http.ListenAndServe(":8080", nil))
|
log.Fatal(
|
||||||
|
http.ListenAndServe(
|
||||||
|
":8080",
|
||||||
|
sessionManager.LoadAndSave(http.DefaultServeMux),
|
||||||
|
),
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -75,11 +102,11 @@ func login(w http.ResponseWriter, r *http.Request) {
|
|||||||
// CSRF-Schutz: State erzeugen
|
// CSRF-Schutz: State erzeugen
|
||||||
state := randomString()
|
state := randomString()
|
||||||
|
|
||||||
http.SetCookie(w, &http.Cookie{
|
sessionManager.Put(
|
||||||
Name: "oidc_state",
|
r.Context(),
|
||||||
Value: state,
|
"user",
|
||||||
Path: "/",
|
claims.Username,
|
||||||
})
|
)
|
||||||
|
|
||||||
url := oauthConfig.AuthCodeURL(
|
url := oauthConfig.AuthCodeURL(
|
||||||
state,
|
state,
|
||||||
@@ -153,12 +180,16 @@ func callback(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
func home(w http.ResponseWriter, r *http.Request) {
|
func home(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
cookie, err := r.Cookie("user")
|
user := sessionManager.GetString(
|
||||||
|
r.Context(),
|
||||||
|
"user",
|
||||||
|
)
|
||||||
|
|
||||||
if err != nil {
|
if user == "" {
|
||||||
|
|
||||||
fmt.Fprint(w, `
|
fmt.Fprint(w, `
|
||||||
<h1>OIDC Demo</h1>
|
<h1>OIDC Demo</h1>
|
||||||
|
|
||||||
<a href="/login">
|
<a href="/login">
|
||||||
<button>Anmeldung über OIDC</button>
|
<button>Anmeldung über OIDC</button>
|
||||||
</a>
|
</a>
|
||||||
@@ -167,27 +198,31 @@ func home(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fmt.Fprintf(
|
||||||
fmt.Fprintf(w, `
|
w,
|
||||||
|
`
|
||||||
<h1>Hallo %s</h1>
|
<h1>Hallo %s</h1>
|
||||||
|
|
||||||
<form action="/logout" method="post">
|
<form action="/logout" method="post">
|
||||||
<button>Abmelden</button>
|
<button>Abmelden</button>
|
||||||
</form>
|
</form>
|
||||||
`, cookie.Value)
|
`,
|
||||||
|
user,
|
||||||
|
)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
func logout(w http.ResponseWriter, r *http.Request) {
|
func logout(w http.ResponseWriter, r *http.Request) {
|
||||||
|
sessionManager.Destroy(
|
||||||
http.SetCookie(w, &http.Cookie{
|
r.Context(),
|
||||||
Name: "user",
|
)
|
||||||
Value: "",
|
http.Redirect(
|
||||||
Path: "/",
|
w,
|
||||||
MaxAge: -1,
|
r,
|
||||||
})
|
"/",
|
||||||
|
http.StatusFound,
|
||||||
http.Redirect(w, r, "/", 302)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user