remove secret indirection and fetch AC conf once for all
This commit is contained in:
simon lehericey
parent
4997a81639
commit
916407ec95
3 changed files with 18 additions and 23 deletions
|
|
@ -27,21 +27,9 @@ class AgentConnectService
|
|||
|
||||
access_token = client.access_token!(client_auth_method: :secret)
|
||||
|
||||
discover = find_discover
|
||||
id_token = ResponseObject::IdToken.decode(access_token.id_token, discover.jwks)
|
||||
|
||||
id_token.verify!(
|
||||
client_id: Rails.application.secrets.agent_connect[:identifier],
|
||||
issuer: discover.issuer,
|
||||
nonce: nonce
|
||||
)
|
||||
id_token = ResponseObject::IdToken.decode(access_token.id_token, AGENT_CONNECT[:jwks])
|
||||
id_token.verify!(AGENT_CONNECT.merge(nonce: nonce))
|
||||
|
||||
[access_token.userinfo!.raw_attributes, access_token.id_token]
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def self.find_discover
|
||||
Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1 +1,16 @@
|
|||
AGENT_CONNECT = Rails.application.secrets.agent_connect
|
||||
if ENV['AGENT_CONNECT_BASE_URL'].present?
|
||||
discover = OpenIDConnect::Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")
|
||||
|
||||
AGENT_CONNECT = {
|
||||
issuer: discover.issuer,
|
||||
jwks: discover.jwks,
|
||||
authorization_endpoint: discover.authorization_endpoint,
|
||||
token_endpoint: discover.token_endpoint,
|
||||
userinfo_endpoint: discover.userinfo_endpoint,
|
||||
end_session_endpoint: discover.end_session_endpoint,
|
||||
client_id: ENV.fetch('AGENT_CONNECT_ID'),
|
||||
identifier: ENV.fetch('AGENT_CONNECT_ID'),
|
||||
secret: ENV.fetch('AGENT_CONNECT_SECRET'),
|
||||
redirect_uri: ENV.fetch('AGENT_CONNECT_REDIRECT')
|
||||
}
|
||||
end
|
||||
|
|
|
|||
|
|
@ -27,14 +27,6 @@ defaults: &defaults
|
|||
token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
|
||||
userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
|
||||
logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
|
||||
agent_connect:
|
||||
identifier: <%= ENV['AGENT_CONNECT_ID'] %>
|
||||
secret: <%= ENV['AGENT_CONNECT_SECRET'] %>
|
||||
redirect_uri: <%= ENV['AGENT_CONNECT_REDIRECT'] %>
|
||||
authorization_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/authorize
|
||||
token_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/token
|
||||
userinfo_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/userinfo
|
||||
logout_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/session/end
|
||||
dolist:
|
||||
username: <%= ENV['DOLIST_USERNAME'] %>
|
||||
password: <%= ENV['DOLIST_PASSWORD'] %>
|
||||
|
|
|
|||
Loading…
Reference in a new issue