oidc icon indicating copy to clipboard operation
oidc copied to clipboard
verified publisher icon zitadel

allow supplying extra login params to cli.CodeFlow

Open dovholuknf opened this issue 1 year ago • 4 comments

Preflight Checklist

  • [x] I could not find a solution in the existing issues, docs, nor discussions
  • [x] I have joined the ZITADEL chat

Describe your problem

Auth0 requires you to send an audience during the login token request. If you don't supply the audience, you will get an "Opaque Token" Doc: https://auth0.com/docs/secure/tokens/access-tokens

These tokens are JWTs without the body, making them useless for assertions on claims in the JWT. I can see no way using the library to accomplish this. I asked in the chat and was asked to file an issue here by "ffo/fforootd"

Describe your ideal solution

I was using cli.CodeFlow, but cli.CodeFlow already adds a handler for "/login". I wanted to supply my own AuthURLHandler. It would have been handy if i could.

Instead I just copied the whole function as it's relatively trivial (10 lines or so) and replced the http.Handle(loginPath, rp.AuthURLHandler(stateProvider, relyingParty)) call with my own implementation

Version

github.com/zitadel/oidc/v2 v2.12.2

Environment

ZITADEL Cloud

Additional Context

No response

dovholuknf avatar Oct 04 '24 13:10 dovholuknf

Relates to https://discord.com/channels/927474939156643850/1291421601258147881

fforootd avatar Oct 04 '24 13:10 fforootd

While I have your attention, it'd be swell to add something like:

<body onload=\"window.close()\">You may close this window</body>";

as on optino too, no need to keep that window around if javascript is supported/allowed?

for example in my implementation it has something like :

	callback := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[C], state string, rp rp.RelyingParty) {
		tokenChan <- tokens
		msg := "<body onload=\"window.close()\">You may close this window</body><p><strong>Success!</strong></p>"
		msg = msg + "<p>You are authenticated and can now return to the CLI.</p>"
		w.Write([]byte(msg))
	}

dovholuknf avatar Oct 04 '24 14:10 dovholuknf

We would need to create some kind of struct type which holds options and have a constructor function which takes option function. Much like we do with the rp.NewRelyingPartyOIDC.

This way you/we can be flexible in the choices of what we want to be able to configure. Body, hander, path etc.

We are open to a PR, it shouldn't be too much work I recon. Just make sure you keep the original function untouched, so we don't have a breaking change.

muhlemmer avatar Oct 08 '24 09:10 muhlemmer

That was exactly how I'd implemented it as well. I'll try to put a PR up at some point when I remember she have a few minutes. Cheers

dovholuknf avatar Oct 08 '24 10:10 dovholuknf