wonderwall/pkg/openid/config/client.go

package config

import (
	"fmt"

	"github.com/lestrrat-go/jwx/v2/jwk"

	"github.com/nais/wonderwall/pkg/config"
	"github.com/nais/wonderwall/pkg/openid/scopes"
)

type Client interface {
	ACRValues() string
	Audiences() map[string]bool
	ClientID() string
	ClientJWK() jwk.Key
	PostLogoutRedirectURI() string
	ResourceIndicator() string
	Scopes() scopes.Scopes
	UILocales() string
	WellKnownURL() string
}

type client struct {
	config.OpenID
	clientJwk        jwk.Key
	trustedAudiences map[string]bool
}

func (in *client) ACRValues() string {
	return in.OpenID.ACRValues
}

func (in *client) Audiences() map[string]bool {
	return in.trustedAudiences
}

func (in *client) ClientID() string {
	return in.OpenID.ClientID
}

func (in *client) ClientJWK() jwk.Key {
	return in.clientJwk
}

func (in *client) PostLogoutRedirectURI() string {
	return in.OpenID.PostLogoutRedirectURI
}

func (in *client) ResourceIndicator() string {
	return in.OpenID.ResourceIndicator
}

func (in *client) Scopes() scopes.Scopes {
	return scopes.DefaultScopes().WithAdditional(in.OpenID.Scopes...)
}

func (in *client) UILocales() string {
	return in.OpenID.UILocales
}

func (in *client) WellKnownURL() string {
	return in.OpenID.WellKnownURL
}

func NewClientConfig(cfg *config.Config) (Client, error) {
	clientJwkString := cfg.OpenID.ClientJWK
	if len(clientJwkString) == 0 {
		return nil, fmt.Errorf("missing required config %s", config.OpenIDClientJWK)
	}

	clientJwk, err := jwk.ParseKey([]byte(clientJwkString))
	if err != nil {
		return nil, fmt.Errorf("parsing client JWK: %w", err)
	}

	c := &client{
		OpenID:           cfg.OpenID,
		clientJwk:        clientJwk,
		trustedAudiences: cfg.OpenID.TrustedAudiences(),
	}

	var clientConfig Client
	switch cfg.OpenID.Provider {
	case config.ProviderIDPorten:
		clientConfig = c.IDPorten()
	case config.ProviderAzure:
		clientConfig = c.Azure()
	case "":
		return nil, fmt.Errorf("missing required config %s", config.OpenIDProvider)
	default:
		clientConfig = c
	}

	if len(clientConfig.ClientID()) == 0 {
		return nil, fmt.Errorf("missing required config %s", config.OpenIDClientID)
	}

	if len(clientConfig.WellKnownURL()) == 0 {
		return nil, fmt.Errorf("missing required config %s", config.OpenIDWellKnownURL)
	}

	return clientConfig, nil
}

type azure struct {
	*client
}

func (in *client) Azure() *azure {
	return &azure{
		client: in,
	}
}

func (in *azure) Scopes() scopes.Scopes {
	return scopes.DefaultScopes().
		WithAzureScope(in.OpenID.ClientID).
		WithOfflineAccess().
		WithAdditional(in.OpenID.Scopes...)
}

type idporten struct {
	*client
}

func (in *client) IDPorten() *idporten {
	return &idporten{
		client: in,
	}
}