0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-20 21:32:31 -05:00
logto/packages/core/src/oidc/init.ts

96 lines
2.8 KiB
TypeScript
Raw Normal View History

2021-08-30 11:30:54 +08:00
import { fromKeyLike } from 'jose/jwk/from_key_like';
2021-06-27 20:44:05 +08:00
import Koa from 'koa';
import mount from 'koa-mount';
import { Provider, errors } from 'oidc-provider';
2021-06-27 20:44:05 +08:00
2021-08-30 11:30:54 +08:00
import postgresAdapter from '@/oidc/adapter';
import { findResourceByIdentifier } from '@/queries/resources';
import { findAllScopesWithResourceId } from '@/queries/scopes';
2021-07-02 22:55:14 +08:00
import { findUserById } from '@/queries/user';
2021-08-11 22:37:21 +08:00
import { routes } from '@/routes/consts';
2021-08-30 11:30:54 +08:00
2021-08-15 23:39:03 +08:00
import { issuer, privateKey } from './consts';
2021-06-27 20:44:05 +08:00
export default async function initOidc(app: Koa): Promise<Provider> {
2021-06-27 20:44:05 +08:00
const keys = [await fromKeyLike(privateKey)];
2021-07-04 15:01:02 +08:00
const cookieConfig = Object.freeze({
sameSite: 'lax',
path: '/',
signed: true,
} as const);
2021-08-15 23:39:03 +08:00
const oidc = new Provider(issuer, {
2021-06-27 20:44:05 +08:00
adapter: postgresAdapter,
renderError: (ctx, out, error) => {
2021-07-04 15:01:02 +08:00
console.log('OIDC error', error);
throw error;
2021-06-27 20:44:05 +08:00
},
cookies: {
// V2: Rotate this when necessary
// https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#cookieskeys
keys: ['LOGTOSEKRIT1'],
2021-07-04 15:01:02 +08:00
long: cookieConfig,
short: cookieConfig,
2021-06-27 20:44:05 +08:00
},
jwks: {
keys,
},
features: {
revocation: { enabled: true },
introspection: { enabled: true },
devInteractions: { enabled: false },
2021-08-15 23:39:03 +08:00
resourceIndicators: {
enabled: true,
getResourceServerInfo: async (ctx, indicator) => {
const resourceServer = await findResourceByIdentifier(indicator);
if (!resourceServer) {
throw new errors.InvalidTarget();
}
const { id, accessTokenFormat, accessTokenTtl: accessTokenTTl } = resourceServer;
const scopes = await findAllScopesWithResourceId(id);
const scope = scopes.map(({ name }) => name).join(' ');
return {
scope,
accessTokenFormat,
accessTokenTTl,
};
},
2021-08-15 23:39:03 +08:00
},
},
interactions: {
2021-07-04 15:01:02 +08:00
url: (_, interaction) => {
switch (interaction.prompt.name) {
case 'login':
return routes.signIn.credentials;
case 'consent':
return routes.signIn.consent;
default:
throw new Error(`Prompt not supported: ${interaction.prompt.name}`);
}
},
},
clientBasedCORS: (_, origin) => {
console.log('origin', origin);
2021-06-29 22:58:59 +08:00
return origin.startsWith('http://localhost:3000');
},
findAccount: async (ctx, sub) => {
await findUserById(sub);
2021-06-27 20:44:05 +08:00
return {
accountId: sub,
claims: async (use, scope, claims, rejected) => {
console.log('use:', use);
console.log('scope:', scope);
console.log('claims:', claims);
console.log('rejected:', rejected);
2021-06-27 20:44:05 +08:00
return { sub };
},
};
},
});
app.use(mount('/oidc', oidc.app));
return oidc;
2021-06-27 20:44:05 +08:00
}