Host Credential Issuer Metadata in a separate executable #330
Conversation
andresuribe87
requested review from
decentralgabe and
nitro-neal
as code owners
Codecov Report
@@ Coverage Diff @@
## main #330 +/- ##
==========================================
+ Coverage 18.77% 19.11% +0.33%
==========================================
Files 36 38 +2
Lines 4356 4379 +23
==========================================
+ Hits 818 837 +19
- Misses 3416 3418 +2
- Partials 122 124 +2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
| oauth2.WriteAuthorizeError(ctx, rw, ar, err) | ||
| return nil | ||
| } | ||
| if req.PostForm.Get("username") != "peter" { |
There was a problem hiding this comment.
did you mean to leave this?
There was a problem hiding this comment.
this is where we plug in our auth logic
There was a problem hiding this comment.
This is removed now. Will be part of a separate PR.
pkg/authorizationserver/oauth2.go
Outdated
| "github.com/tbd54566975/ssi-service/pkg/server/middleware" | ||
| ) | ||
|
|
||
| // fosite requires four parameters for the server to get up and running: |
There was a problem hiding this comment.
Are these official oauth files and we should't change them?
There was a problem hiding this comment.
It was scaffolding from https://github.com/ory/fosite-example
I will be modifying this a bunch in subsequent PRs. I've simplified this now to be the bare minimum for hosting the issuer metadata.
pkg/authorizationserver/oauth2.go
Outdated
| // If you require this to key to be stable, for example, when running multiple fosite servers, you can generate the | ||
| // 32byte random key as above and push it out to a base64 encoded string. | ||
| // This can then be injected and decoded as the `var secret []byte` on server start. | ||
| secret = []byte("some-cool-secret-that-is-32bytes") |
There was a problem hiding this comment.
can read this from config
There was a problem hiding this comment.
This has been removed now.
|
copilot:summary |
| // Allow retrieval of credential issuer metadata according to https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-issuer-metadata | ||
| func credentialIssuerMetadata(config *AuthConfig) func(ctx context.Context, w http.ResponseWriter, r *http.Request) error { | ||
| // It's ok to panic inside this function because this is only called during startup. | ||
| jsonData, err := os.ReadFile(config.CredentialIssuerFile) |
There was a problem hiding this comment.
if this is the same file being retrieved over and over we can cache it in memory?
There was a problem hiding this comment.
It is actually cached! This function is only run once, during the setup of the server. If you look closely, this function returns another function. The latter uses the already read file.
copilot:all
Overview
This PR does two things:
2. Hosts the credential issuer metadata in
/.well-known/openid-credential-issuer.3. Enabled users of the service to specify a path where they want to have their own custom metadata.
Description
I intentionally tried to keep this simple.
How Has This Been Tested?
Added a simple unit test that fetches from the endpoint.
Checklist
Before submitting this PR, please make sure:
References
https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-issuer-metadata-