-
Notifications
You must be signed in to change notification settings - Fork 0
/
oauth-sqlite.wick
149 lines (149 loc) · 4.75 KB
/
oauth-sqlite.wick
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
kind: wick/component@v1
name: oauth-sqlite
metadata:
version: 0.3.3
description: Oauth composite middleware component. This requires a postgres database with specific schema. You can see the schema here - https://github.com/candlecorp/wick-components/tree/main/components/oauth/db
licenses:
- Apache-2.0
package:
registry:
host: registry.candle.dev
namespace: common
import:
- name: OAUTHDB
component:
kind: wick/component/manifest@v1
ref: ./oauth-db-sqlite.wick
with:
db_url: '{{ ctx.root_config.db_url }}'
- name: OAUTHHTTP
component:
kind: wick/component/manifest@v1
ref: ./oauth-http.wick
with:
token_endpoint: '{{ ctx.root_config.token_endpoint }}'
client_id: '{{ ctx.root_config.client_id }}'
client_secret: '{{ ctx.root_config.client_secret }}'
- name: oauth_engine
component:
kind: wick/component/manifest@v1
ref: ./component.wick
with:
client_id: '{{ ctx.root_config.client_id }}'
auth_endpoint: '{{ ctx.root_config.auth_endpoint }}'
logout_endpoint: '{{ ctx.root_config.logout_endpoint }}'
redirect_uri: '{{ ctx.root_config.redirect_uri }}'
session_cookie_name: '{{ ctx.root_config.session_cookie_name }}'
session_cookie_duration_minutes: '{{ ctx.root_config.session_cookie_duration_minutes | output }}'
scope: '{{ ctx.root_config.scope }}'
email_claim: '{{ ctx.root_config.email_claim }}'
logout_redirect_uri: '{{ ctx.root_config.logout_redirect_uri }}'
redirect_logout: '{{ ctx.root_config.redirect_logout }}'
groups_claim: '{% if ctx.root_config contains "group_claims" %}{{ ctx.root_config.group_claims | output }}{% endif %}{% unless ctx.root_config contains "group_claims" %}{{ nil | output }}{% endunless %}'
provide:
dbclient: OAUTHDB
httpclient: OAUTHHTTP
component:
kind: wick/component/composite@v1
with:
- name: auth_endpoint
type: string
- name: logout_endpoint
type: string
- name: token_endpoint
type: string
- name: redirect_uri
type: string
- name: session_cookie_name
type: string
- name: session_cookie_duration_minutes
type: u32
- name: client_id
type: string
- name: client_secret
type: string
- name: scope
type: string
- name: db_url
type: string
- name: email_claim
type: string
- name: logout_redirect_uri
type: string
- name: redirect_logout
type: bool
- name: groups_claim
type: string?
operations:
- name: initialize_db
uses:
- name: INITIALIZE
operation: OAUTHDB::initialize
flow:
- <>.request -> drop
- INITIALIZE.output -> <>.output
- name: auth
uses:
- name: AUTH
operation: oauth_engine::auth
flow:
- <>.request -> AUTH.request
- AUTH.output -> <>.output
- name: oidc
uses:
- name: OIDC
operation: oauth_engine::oidc
flow:
- <>.request -> OIDC.request
- OIDC.output -> <>.output
- name: get_user
uses:
- name: GETUSER
operation: oauth_engine::get_user
flow:
- <>.request -> GETUSER.request
- <>.body -> drop
- GETUSER.response -> <>.response
- GETUSER.body -> <>.body
tests:
- name: auth
with:
auth_endpoint: https://login.microsoftonline.com/organizations/oauth2/authorize
token_endpoint: https://login.microsoftonline.com/organizations/oauth2/v2.0/token
redirect_uri: http://localhost:8081/oidc/callback
session_cookie_name: sid
client_id: '{{ ctx.env.OAUTH_CLIENT_ID }}'
client_secret: '{{ ctx.env.OAUTH_CLIENT_SECRET }}'
scope: 'openid profile email'
db_url: '{{ ctx.env.OAUTH_DB_URL }}'
cases:
- name: no cookie
operation: auth
inputs:
- name: request
value:
method: Get
scheme: Http
path: '/'
uri: 'http://localhost:8080/'
version: Http11
authority: 'localhost:8080'
query_parameters: {}
headers:
host:
- 'localhost:8080'
user-agent:
- 'curl/7.64.1'
accept:
- '*/*'
outputs:
- name: output
value:
version: '1.1'
status: '307'
headers:
location:
- 'https://login.microsoftonline.com/organizations/oauth2/authorize?response_type=code&client_id=1234567&redirect_uri=http://localhost:8080/oidc/callback&scope=openid%20profile%20email'
- name: output
flags:
done: true