starred/unifi-voucher-site
1
0
Fork 0
mirror of https://github.com/glenndehaan/unifi-voucher-site.git synced 2026-04-05 08:54:17 -04:00
Code Issues Packages Projects Releases Wiki Activity

Implemented OIDC confidential client type support. Updated README.md. Added missing environment variables to docker-compose.yml

Browse Source
This commit is contained in:
Glenn de Haan
2024-08-26 19:32:31 +02:00
parent 36468b4588
commit cb6ed67c9c
3 changed files with 71 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/oidc.js
View File

@@ -12,15 +12,21 @@ const log = require('./log');
/**
* OIDC Settings
*
* @type {{baseURL: string, idpLogout: boolean, authRequired: boolean, clientID: string, issuerBaseURL: string, secret: string}}
* @type {{baseURL: string, idpLogout: boolean, authRequired: boolean, clientID: string, issuerBaseURL: string, clientSecret: string, secret: string, authorizationParams: {scope: string, response_type: (string), response_mode: (string)}}}
*/
const settings = {
issuerBaseURL: process.env.AUTH_OIDC_ISSUER_BASE_URL,
baseURL: process.env.AUTH_OIDC_APP_BASE_URL,
clientID: process.env.AUTH_OIDC_CLIENT_ID,
clientSecret: process.env.AUTH_OIDC_CLIENT_SECRET,
secret: '',
idpLogout: true,
authRequired: false
authRequired: false,
authorizationParams: {
response_type: (process.env.AUTH_OIDC_CLIENT_TYPE === 'confidential') ? 'code' : 'id_token',
response_mode: (process.env.AUTH_OIDC_CLIENT_TYPE === 'confidential') ? 'query' : 'form_post',
scope: 'openid profile email'
}
};
/**
@@ -36,6 +42,6 @@ module.exports = {
settings.secret = crypto.randomBytes(20).toString('hex');
log.info(`[OIDC] Set secret: ${settings.secret}`);
app.use(oidc.auth(settings));
log.info(`[OIDC] Issuer: ${settings.issuerBaseURL}, Client: ${settings.clientID}`);
log.info(`[OIDC] Issuer: ${settings.issuerBaseURL}, Client: ${settings.clientID}, Type: ${process.env.AUTH_OIDC_CLIENT_TYPE || 'public'}`);
}
};