feat: Add option to override jwk #6

vdbulcke · Jan 24, 2022 · e801e24 · e801e24
1 parent 8931de1
commit e801e24
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/oidc-client/config.go b/oidc-client/config.go
@@ -23,7 +23,7 @@ type OIDCClientConfig struct {
 	TokenEndpoint     string `yaml:"token_endpoint"  `
 	AuthorizeEndpoint string `yaml:"authorize_endpoint"  `
 	UserinfoEndpoint  string `yaml:"userinfo_endpoint" `
-	// JwksEndpoint      string `yaml:"jwks_endpoint"`
+	JwksEndpoint      string `yaml:"jwks_endpoint"`
 
 	TokenSigningAlg []string `yaml:"token_signing_alg" validate:"required"`
 

diff --git a/oidc-client/info.go b/oidc-client/info.go
@@ -10,7 +10,7 @@ func (c *OIDCClient) Info() {
 
 	conf := fmt.Sprintf("ClientID: %s\nClient_Secret: %s\nRedirect_Uri: %s\nScopes: %s\nIssuer: %s", c.config.ClientID, "************", c.config.RedirectUri, strings.Join(c.config.Scopes, ","), c.config.Issuer)
 
-	advanced := fmt.Sprintf("AcrValues: %s\nTokenEndpoint: %s\nAuthorizeEndpoint: %s\nUserinfoEndpoint: %s\nTokenSigningAlg: %s\nSkipTLSVerification: %t", c.config.AcrValues, c.config.TokenEndpoint, c.config.AuthorizeEndpoint, c.config.UserinfoEndpoint, c.config.TokenSigningAlg, c.config.SkipTLSVerification)
+	advanced := fmt.Sprintf("AcrValues: %s\nTokenEndpoint: %s\nAuthorizeEndpoint: %s\nUserinfoEndpoint: %s\nTokenSigningAlg: %s\nSkipTLSVerification: %t\nJwksEndpoint: %s", c.config.AcrValues, c.config.TokenEndpoint, c.config.AuthorizeEndpoint, c.config.UserinfoEndpoint, c.config.TokenSigningAlg, c.config.SkipTLSVerification, c.config.JwksEndpoint)
 
 	c.logger.Info("OIDC Client", "Config", conf, "Advanced", advanced, "Amrs", c.config.AMRWhitelist)
 }
diff --git a/oidc-client/main.go b/oidc-client/main.go
@@ -54,7 +54,19 @@ func NewOIDCClient(c *OIDCClientConfig, l hclog.Logger) (*OIDCClient, error) {
 		SupportedSigningAlgs: c.TokenSigningAlg,
 	}
 
-	verifier := provider.Verifier(oidcConfig)
+	var verifier *oidc.IDTokenVerifier
+	if c.JwksEndpoint != "" {
+
+		keySet := oidc.NewRemoteKeySet(ctx, c.JwksEndpoint)
+		verifier = oidc.NewVerifier(c.Issuer, keySet, oidcConfig)
+
+		if l.IsDebug() {
+			l.Debug("Using Custom JWK endpoint", "jwk_endpoint", c.JwksEndpoint)
+		}
+
+	} else {
+		verifier = provider.Verifier(oidcConfig)
+	}
 
 	// new OAuth2 Config
 	oAuthConfig := oauth2.Config{