Merge pull request #581 from indigo-dc/feat/custom_parameters

Feat/custom parameters

CHANGELOG.md

@@ -12,7 +12,12 @@
 <!-- ### Dependencies -->
 <!-- -->
 
-## oidc-agent 5.1.1
+## oidc-agent 5.2.0
+
+### Features
+
+- Added possibility to add custom request parameters to requests done by the agent. This is done through
+ a `custom_parameters.config` file placed in the agent dir or `/etc/oidc-agent`
 
 ### Change / Enhancement / Bugfix
 

VERSION

@@ -1 +1 @@
-5.1.1
+5.2.0

config/custom_parameters.config.example

@@ -0,0 +1,23 @@
+[
+ {
+ "parameter": "key",
+ "value": "value / $VALUE / /home/user/value",
+ "for_issuer": [
+ "https://example.com"
+ ],
+ "for_account": [
+ "iam",
+ "example"
+ ],
+ "request": [
+ "refresh",
+ "auth_url",
+ "code-exchange",
+ "device-init",
+ "device-polling",
+ "registration",
+ "revocation",
+ "password"
+ ]
+ }
+]

config/custom_parameters.config.unity

@@ -0,0 +1,13 @@
+[
+ {
+ "parameter": "claims_in_tokens",
+ "value": "id_token token",
+ "for_issuer": [
+ "https://login.helmholtz.de/oauth2",
+ "https://login-dev.helmholtz.de/oauth2"
+ ],
+ "request": [
+ "auth_url"
+ ]
+ }
+]

gitbook/configuration/custom-parameters.md

@@ -0,0 +1,18 @@
+# Custom Request Parameter
+
+Since version `5.2.0` it is possible to customize the requests send by the agent to the OPs and add custom request
+parameters.
+
+Custom parameters can be configured in a config file named `custom_parameters.config`. As usual the file can be placed
+in `/etc/oidc-agent` or the agent directory. If both are present parameters are merged together.
+
+The `custom_parameters.config` contains a json array of parameter specifications. A parameter specification is a json
+object that can have the following fields:
+
+| Field Name | Description |
+|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `parameter` | The name of the parameter to be added to the request |
+| `value` | The value that should be used. The value can be given in different ways. If the value starts with a `$` the following characters are interpreted as an environment variable and the value is read from this variable. If the given value starts with an `/` it is interpreted as a file path and the first line from that file is used as the value. Otherwise the value is used directly. |
+| `for_issuer` | A JSON array of issuer urls for which this parameter should be used |
+| `for_account` | A JSON array of account shortnames for which this parameter should be used |
+| `request` | A JSON array of requests for which this parameter should be used. Possible values are `refresh`, `auth_url`, `code-exchange`,`device-init`,`device-polling`,`registration`,`revocation`,`password` |

gitbook/configuration/default-accounts.md

@@ -1,9 +1,6 @@
 ## Default Account Configuration for a Provider
+
 The `issuer.config` file in the [oidc-agent directory](directory.md) can also
-be used to set an default account configuration file for each provider by adding
-the shortname of this account configuration after the issuer url.
-A line in the `issuer.config` file should look the following:
-```
-<issuer_url>[<space><shortname>]
-```
+be used to set a default account configuration file for each provider by using the `default_account` claim. for more
+details please refer to the [documentations about issuer.config](issuers.md).
 

gitbook/provider/known-issues.md

@@ -1,11 +1,14 @@
 ## Known Issues
+
 ### Expiring Refresh Tokens
+
 oidc-agent assumes that refresh tokens do not expire. But some providers might
 use refresh tokens that expire after a certain time or when they are not used
 for a specific time. To prevent the latter use oidc-agent / oidc-token regularly
-(you also can use a cron job). 
+(you can also use a cron job).
 
 oidc-agent is able to
 update a stored refresh token. However, therefore it has to receive a new
-refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that token), use `oidc-gen --reauthenticate <short_name>` to re-authenticate and update the refresh token.
+refresh token from the provider. If a refresh token expired (e.g. because the token was used within the lifetime of that
+token), use `oidc-gen --reauthenticate <short_name>` to re-authenticate and update the refresh token.
 

src/defines/agent_values.h

@@ -54,6 +54,12 @@
 #define CONFIG_KEY_LEGACYAUDMODE "legacy_aud_mode"
 #define CONFIG_KEY_PLAINADD "skip-check"
 
+#define CUSTOMPARAMETERS_KEY_PARAMETER "parameter"
+#define CUSTOMPARAMETERS_KEY_VALUE "value"
+#define CUSTOMPARAMETERS_KEY_ISSUERS "for_issuer"
+#define CUSTOMPARAMETERS_KEY_ACCOUNTS "for_account"
+#define CUSTOMPARAMETERS_KEY_REQUESTS "request"
+
 #define ACCOUNTINFO_KEY_HASPUBCLIENT "pubclient"
 
 // INTERNAL / CLI FLOW VALUES

src/defines/settings.c

@@ -12,12 +12,13 @@
  // one is appended later
 #endif
 
-char* _config_path = NULL;
-char* _cert_file = NULL;
-char* _etc_issuer_config_file = NULL;
-char* _etc_issuer_config_dir = NULL;
-char* _etc_config_file = NULL;
-char* _etc_mytoken_base = NULL;
+char* _config_path = NULL;
+char* _cert_file = NULL;
+char* _etc_issuer_config_file = NULL;
+char* _etc_issuer_config_dir = NULL;
+char* _etc_custom_parameter_file = NULL;
+char* _etc_config_file = NULL;
+char* _etc_mytoken_base = NULL;
 
 static const char* config_path() {
  if (_config_path == NULL) {
@@ -49,6 +50,14 @@ const char* ETC_ISSUER_CONFIG_DIR() {
  return _etc_issuer_config_dir;
 }
 
+const char* ETC_CUSTOM_PARAMETERS_FILE() {
+ if (_etc_custom_parameter_file == NULL) {
+ _etc_custom_parameter_file =
+ oidc_pathcat(config_path(), "oidc-agent/" CUSTOM_PARAMETERS_FILENAME);
+ }
+ return _etc_custom_parameter_file;
+}
+
 const char* ETC_CONFIG_FILE() {
  if (_etc_config_file == NULL) {
  _etc_config_file = oidc_pathcat(config_path(), "oidc-agent/config");

src/defines/settings.h

@@ -39,11 +39,13 @@
 // file names
 #define ISSUER_CONFIG_FILENAME "issuer.config"
 #define ISSUER_CONFIG_DIRNAME ISSUER_CONFIG_FILENAME ".d"
+#define CUSTOM_PARAMETERS_FILENAME "custom_parameters.config"
 
 #ifdef ANY_MSYS
 const char* CERT_FILE();
 const char* ETC_ISSUER_CONFIG_FILE();
 const char* ETC_ISSUER_CONFIG_DIR();
+const char* ETC_CUSTOM_PARAMETERS_FILE();
 const char* _MYTOKEN_GLOBAL_BASE();
 const char* ETC_CONFIG_FILE();
 
@@ -56,6 +58,8 @@ const char* ETC_CONFIG_FILE();
 
 #define ETC_ISSUER_CONFIG_FILE CONFIG_PATH "/oidc-agent/" ISSUER_CONFIG_FILENAME
 #define ETC_ISSUER_CONFIG_DIR CONFIG_PATH "/oidc-agent/" ISSUER_CONFIG_DIRNAME
+#define ETC_CUSTOM_PARAMETERS_FILE \
+ CONFIG_PATH "/oidc-agent/" CUSTOM_PARAMETERS_FILENAME
 #define ETC_CONFIG_FILE CONFIG_PATH "/oidc-agent/config"
 #endif
 

src/oidc-agent/oidc/flows/code.c

@@ -7,6 +7,7 @@
 #include "oidc-agent/httpserver/startHttpserver.h"
 #include "oidc.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/config/issuerConfig.h"
 #include "utils/crypt/crypt.h"
 #include "utils/listUtils.h"
@@ -37,6 +38,7 @@ oidc_error_t codeExchange(struct oidc_account* account, const char* code,
  list_rpush(postData, list_node_new(account_getClientSecret(account)));
  }
  }
+ addCustomParameters(postData, account, OIDC_REQUEST_TYPE_CODEEXCHANGE);
  char* data = generatePostDataFromList(postData);
  list_destroy(postData);
  if (data == NULL) {
@@ -146,6 +148,7 @@ char* buildCodeFlowUri(const struct oidc_account* account, char** state_ptr,
  addAudienceRFC8707ToList(postData, aud_tmp);
  }
  }
+ addCustomParameters(postData, account, OIDC_REQUEST_TYPE_AUTHURL);
  char* uri_parameters = generatePostDataFromList(postData);
  secFree(code_challenge);
  secFree(scope);

src/oidc-agent/oidc/flows/device.c

@@ -6,14 +6,16 @@
 #include "oidc-agent/oidcd/deviceCodeEntry.h"
 #include "oidc.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/config/issuerConfig.h"
 #include "utils/db/deviceCode_db.h"
 #include "utils/errorUtils.h"
 #include "utils/string/stringUtils.h"
 
 char* generateDeviceCodePostData(const struct oidc_account* a) {
- return generatePostData(OIDC_KEY_CLIENTID, account_getClientId(a),
- OIDC_KEY_SCOPE, account_getAuthScope(a), NULL);
+ return generatePostData(OIDC_REQUEST_TYPE_DEVICEINIT, a, OIDC_KEY_CLIENTID,
+ account_getClientId(a), OIDC_KEY_SCOPE,
+ account_getAuthScope(a), NULL);
 }
 
 char* generateDeviceCodeLookupPostData(const struct oidc_account* a,
@@ -41,6 +43,7 @@ char* generateDeviceCodeLookupPostData(const struct oidc_account* a,
  addAudienceRFC8707ToList(postDataList, aud_tmp);
  }
  }
+ addCustomParameters(postDataList, a, OIDC_REQUEST_TYPE_DEVICEPOLLING);
  char* str = generatePostDataFromList(postDataList);
  list_destroy(postDataList);
  secFree(tmp_devicecode);

src/oidc-agent/oidc/flows/oidc.c

@@ -11,6 +11,7 @@
 #include "oidc-agent/http/http_ipc.h"
 #include "oidc-agent/oidcd/internal_request_handler.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/errorUtils.h"
 #include "utils/json.h"
 #include "utils/key_value.h"
@@ -21,7 +22,9 @@
 /**
  * last argument has to be NULL
  */
-char* generatePostData(char* k1, char* v1, ...) {
+char* generatePostData(const char* request_type,
+ const struct oidc_account* account, char* k1, char* v1,
+ ...) {
  va_list args;
  va_start(args, v1);
  list_t* list = list_new();
@@ -32,6 +35,7 @@ char* generatePostData(char* k1, char* v1, ...) {
  list_rpush(list, list_node_new(s));
  }
  va_end(args);
+ addCustomParameters(list, account, request_type);
  char* data = generatePostDataFromList(list);
  list_destroy(list);
  return data;

src/oidc-agent/oidc/flows/oidc.h

@@ -11,7 +11,9 @@
 #define TOKENPARSEMODE_RETURN_MT 0x08
 #define TOKENPARSEMODE_SAVE_MT 0x08
 
-char* generatePostData(char* k1, char* v1, ...);
+char* generatePostData(const char* request_type,
+ const struct oidc_account* account, char* k1, char* v1,
+ ...);
 char* generatePostDataFromList(list_t* list);
 char* parseTokenResponse(unsigned char mode, const char* res,
  struct oidc_account* a, struct ipcPipe pipes,

src/oidc-agent/oidc/flows/password.c

@@ -7,6 +7,7 @@
 #include "oidc-agent/http/http_ipc.h"
 #include "oidc.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/config/issuerConfig.h"
 #include "utils/oidc_error.h"
 #include "utils/string/stringUtils.h"
@@ -40,6 +41,7 @@ char* generatePasswordPostData(const struct oidc_account* a,
  addAudienceRFC8707ToList(postDataList, aud_tmp);
  }
  }
+ addCustomParameters(postDataList, a, OIDC_REQUEST_TYPE_PASSWORD);
  char* str = generatePostDataFromList(postDataList);
  secFree(aud_tmp);
  list_destroy(postDataList);

src/oidc-agent/oidc/flows/refresh.c

@@ -7,6 +7,7 @@
 #include "oidc-agent/http/http_ipc.h"
 #include "oidc.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/config/issuerConfig.h"
 #include "utils/string/stringUtils.h"
 
@@ -57,6 +58,7 @@ char* generateRefreshPostData(const struct oidc_account* a, const char* scope,
  addAudienceRFC8707ToList(postDataList, aud_tmp);
  }
  }
+ addCustomParameters(postDataList, a, OIDC_REQUEST_TYPE_REFRESH);
  char* str = generatePostDataFromList(postDataList);
  list_destroy(postDataList);
  secFree(aud_tmp);

src/oidc-agent/oidc/flows/revoke.c

@@ -5,6 +5,7 @@
 #include "oidc-agent/http/http_ipc.h"
 #include "oidc.h"
 #include "utils/agentLogger.h"
+#include "utils/config/custom_parameter.h"
 #include "utils/parseJson.h"
 #include "utils/string/stringUtils.h"
 
@@ -18,8 +19,9 @@ oidc_error_t _revokeToken(struct oidc_account* account,
  }
  char* refresh_token = account_getRefreshToken(account);
  char* data = generatePostData(
- OIDC_KEY_TOKENTYPE_HINT, OIDC_TOKENTYPE_REFRESH, OIDC_KEY_TOKEN,
- refresh_token, withClientId ? OIDC_KEY_CLIENTID : NULL,
+ OIDC_REQUEST_TYPE_REVOKE, account, OIDC_KEY_TOKENTYPE_HINT,
+ OIDC_TOKENTYPE_REFRESH, OIDC_KEY_TOKEN, refresh_token,
+ withClientId ? OIDC_KEY_CLIENTID : NULL,
  withClientId ? account_getClientId(account) : NULL, NULL);
  if (data == NULL) {
  return oidc_errno;