2021-09-09 10:00:58 +01:00
|
|
|
package application
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
2022-03-03 09:40:07 +00:00
|
|
|
"goauthentik.io/api/v3"
|
2021-09-09 10:00:58 +01:00
|
|
|
"golang.org/x/oauth2"
|
|
|
|
)
|
|
|
|
|
|
|
|
type OIDCEndpoint struct {
|
|
|
|
oauth2.Endpoint
|
|
|
|
EndSessionEndpoint string
|
2022-01-21 12:29:51 +00:00
|
|
|
JwksUri string
|
2021-09-09 10:00:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoint {
|
|
|
|
authUrl := p.OidcConfiguration.AuthorizationEndpoint
|
|
|
|
endUrl := p.OidcConfiguration.EndSessionEndpoint
|
2022-01-21 12:29:51 +00:00
|
|
|
jwksUrl := p.OidcConfiguration.JwksUri
|
2021-09-26 11:00:51 +01:00
|
|
|
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
|
2021-09-09 10:00:58 +01:00
|
|
|
host := os.Getenv("AUTHENTIK_HOST")
|
|
|
|
authUrl = strings.ReplaceAll(authUrl, host, browserHost)
|
|
|
|
endUrl = strings.ReplaceAll(endUrl, host, browserHost)
|
2022-01-21 12:29:51 +00:00
|
|
|
jwksUrl = strings.ReplaceAll(jwksUrl, host, browserHost)
|
2021-09-09 10:00:58 +01:00
|
|
|
}
|
|
|
|
ep := OIDCEndpoint{
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
AuthURL: authUrl,
|
|
|
|
TokenURL: p.OidcConfiguration.TokenEndpoint,
|
|
|
|
AuthStyle: oauth2.AuthStyleInParams,
|
|
|
|
},
|
|
|
|
EndSessionEndpoint: endUrl,
|
2022-01-21 12:29:51 +00:00
|
|
|
JwksUri: jwksUrl,
|
2021-09-09 10:00:58 +01:00
|
|
|
}
|
|
|
|
authU, err := url.Parse(authUrl)
|
|
|
|
if err != nil {
|
|
|
|
return ep
|
|
|
|
}
|
|
|
|
endU, err := url.Parse(endUrl)
|
|
|
|
if err != nil {
|
|
|
|
return ep
|
|
|
|
}
|
2022-01-21 12:29:51 +00:00
|
|
|
jwksU, err := url.Parse(jwksUrl)
|
|
|
|
if err != nil {
|
|
|
|
return ep
|
|
|
|
}
|
2021-09-09 10:00:58 +01:00
|
|
|
if authU.Host != "localhost:8000" {
|
|
|
|
return ep
|
|
|
|
}
|
|
|
|
if authentikHost == "" {
|
|
|
|
log.Warning("Outpost has localhost/blank API Connection but no authentik_host is configured.")
|
|
|
|
return ep
|
|
|
|
}
|
|
|
|
aku, err := url.Parse(authentikHost)
|
|
|
|
if err != nil {
|
|
|
|
return ep
|
|
|
|
}
|
|
|
|
authU.Host = aku.Host
|
|
|
|
authU.Scheme = aku.Scheme
|
|
|
|
endU.Host = aku.Host
|
|
|
|
endU.Scheme = aku.Scheme
|
2022-01-21 12:29:51 +00:00
|
|
|
jwksU.Host = aku.Host
|
|
|
|
jwksU.Scheme = aku.Scheme
|
2021-09-09 10:00:58 +01:00
|
|
|
ep.AuthURL = authU.String()
|
|
|
|
ep.EndSessionEndpoint = endU.String()
|
2022-01-21 12:29:51 +00:00
|
|
|
ep.JwksUri = jwksU.String()
|
2021-09-09 10:00:58 +01:00
|
|
|
return ep
|
|
|
|
}
|