mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-03 11:38:23 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
6900a805119bee403c1467ff73237ca18eeeeaec
opencloud/services/proxy/pkg/config/parser/parse.go
Ralf Haferkamp eb94530433 Add option to configure access token verification 
Allow to switch jwt access token verification and off. Many (most?) IDP
provide JWT encoded access tokens. If ocis is configure to assume jwt
access tokens (access_token_verify_method==jwt) we now properly verify
the tokens signature and a set of standard claims ("exp", "iat" and nbf"
by way of the jwt module's standard verification and "iss" explicitliy).

This change also allows for introduction of other access token verification
mechanism in the future (e.g. through introspection (RFC7662).
2022-08-03 12:00:31 +02:00

56 lines
1.5 KiB
Go
Raw Blame History

package parser
import (
"errors"
"fmt"
ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
"github.com/owncloud/ocis/v2/services/proxy/pkg/config"
"github.com/owncloud/ocis/v2/services/proxy/pkg/config/defaults"
"github.com/owncloud/ocis/v2/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
}
if cfg.OIDC.AccessTokenVerifyMethod != config.AccessTokenVerificationNone &&
cfg.OIDC.AccessTokenVerifyMethod != config.AccessTokenVerificationJWT {
return fmt.Errorf(
"Invalid value '%s' for 'access_token_verify_method' in service %s. Possible values are: '%s' or '%s'.",
cfg.OIDC.AccessTokenVerifyMethod, cfg.Service.Name,
config.AccessTokenVerificationJWT, config.AccessTokenVerificationNone,
)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink