Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow supplying extra login params to cli.CodeFlow #659

Open
2 tasks done
dovholuknf opened this issue Oct 4, 2024 · 4 comments
Open
2 tasks done

allow supplying extra login params to cli.CodeFlow #659

dovholuknf opened this issue Oct 4, 2024 · 4 comments
Labels
auth improvement

Comments

@dovholuknf
Copy link

Preflight Checklist

  • I could not find a solution in the existing issues, docs, nor discussions
  • I have joined the ZITADEL chat

Describe your problem

Auth0 requires you to send an audience during the login token request. If you don't supply the audience, you will get an "Opaque Token" Doc: https://auth0.com/docs/secure/tokens/access-tokens

These tokens are JWTs without the body, making them useless for assertions on claims in the JWT. I can see no way using the library to accomplish this. I asked in the chat and was asked to file an issue here by "ffo/fforootd"

Describe your ideal solution

I was using cli.CodeFlow, but cli.CodeFlow already adds a handler for "/login". I wanted to supply my own AuthURLHandler. It would have been handy if i could.

Instead I just copied the whole function as it's relatively trivial (10 lines or so) and replced the http.Handle(loginPath, rp.AuthURLHandler(stateProvider, relyingParty)) call with my own implementation

Version

github.com/zitadel/oidc/v2 v2.12.2

Environment

ZITADEL Cloud

Additional Context

No response
@fforootd
Copy link
Member

fforootd commented Oct 4, 2024

Relates to https://discord.com/channels/927474939156643850/1291421601258147881

@muhlemmer muhlemmer added the auth label Oct 4, 2024
@muhlemmer muhlemmer moved this to 🧐 Investigating in Product Management Oct 4, 2024
@dovholuknf
Copy link
Author

dovholuknf commented Oct 4, 2024
edited
Loading

While I have your attention, it'd be swell to add something like:

<body onload=\"window.close()\">You may close this window</body>";

as on optino too, no need to keep that window around if javascript is supported/allowed?

for example in my implementation it has something like :

	callback := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[C], state string, rp rp.RelyingParty) {
		tokenChan <- tokens
		msg := "<body onload=\"window.close()\">You may close this window</body><p><strong>Success!</strong></p>"
		msg = msg + "<p>You are authenticated and can now return to the CLI.</p>"
		w.Write([]byte(msg))
	}

@muhlemmer
Copy link
Collaborator

We would need to create some kind of struct type which holds options and have a constructor function which takes option function. Much like we do with the rp.NewRelyingPartyOIDC.

This way you/we can be flexible in the choices of what we want to be able to configure. Body, hander, path etc.

We are open to a PR, it shouldn't be too much work I recon. Just make sure you keep the original function untouched, so we don't have a breaking change.

@muhlemmer muhlemmer moved this from 🧐 Investigating to 📨 Product Backlog in Product Management Oct 8, 2024
@dovholuknf
Copy link
Author

That was exactly how I'd implemented it as well. I'll try to put a PR up at some point when I remember she have a few minutes. Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth improvement
Projects
Product Management
Status: 📨 Product Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@muhlemmer @fforootd @dovholuknf