From 0ea034a1434c4a10e22acc2f754e7b5e4bff9a84 Mon Sep 17 00:00:00 2001 From: Devon Bautista Date: Fri, 15 Mar 2024 16:01:15 -0600 Subject: [PATCH 1/2] Change base URL for /oauth2/auth to be public instead of admin --- cmd/boot-script-service/oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/boot-script-service/oauth.go b/cmd/boot-script-service/oauth.go index 102fda5..c4d7617 100644 --- a/cmd/boot-script-service/oauth.go +++ b/cmd/boot-script-service/oauth.go @@ -193,7 +193,7 @@ func (client *OAuthClient) RequestClientCreds() (accessToken string, err error) log.Printf("Successfully registered OAuth2 client") debugf("Client ID: %s", client.Id) - url = oauth2AdminBaseURL + "/oauth2/auth" + url = oauth2PublicBaseURL + "/oauth2/auth" log.Printf("Attempting to authorize OAuth2 client") debugf("Sending request to %s", url) _, err = client.AuthorizeOAuthClient(url) From dd57f99c9d57fd344fa461e4aeb7636a827272cd Mon Sep 17 00:00:00 2001 From: Devon Bautista Date: Fri, 15 Mar 2024 17:22:58 -0600 Subject: [PATCH 2/2] Remove AuthorizeOAuthClient() --- cmd/boot-script-service/oauth.go | 44 -------------------------------- 1 file changed, 44 deletions(-) diff --git a/cmd/boot-script-service/oauth.go b/cmd/boot-script-service/oauth.go index c4d7617..2a7f9c1 100644 --- a/cmd/boot-script-service/oauth.go +++ b/cmd/boot-script-service/oauth.go @@ -91,39 +91,6 @@ func (client *OAuthClient) CreateOAuthClient(registerUrl string) ([]byte, error) return b, nil } -func (client *OAuthClient) AuthorizeOAuthClient(authorizeUrl string) ([]byte, error) { - // encode ID and secret for authorization header basic authentication - // basicAuth := base64.StdEncoding.EncodeToString( - // []byte(fmt.Sprintf("%s:%s", - // url.QueryEscape(client.Id), - // url.QueryEscape(client.Secret), - // )), - // ) - body := []byte("grant_type=client_credentials&scope=read&client_id=" + client.Id + - "&client_secret=" + client.Secret + - "&redirect_uri=" + url.QueryEscape("http://hydra:5555/callback") + - "&response_type=token" + - "&state=12345678910", - ) - headers := map[string][]string{ - "Authorization": {"Bearer " + client.RegistrationAccessToken}, - "Content-Type": {"application/x-www-form-urlencoded"}, - } - - req, err := http.NewRequest(http.MethodPost, authorizeUrl, bytes.NewBuffer(body)) - req.Header = headers - if err != nil { - return nil, fmt.Errorf("failed to make request: %v", err) - } - res, err := client.Do(req) - if err != nil { - return nil, fmt.Errorf("failed to do request: %v", err) - } - defer res.Body.Close() - - return io.ReadAll(res.Body) -} - func (client *OAuthClient) PerformTokenGrant(remoteUrl string) (string, error) { // hydra endpoint: /oauth/token body := "grant_type=" + url.QueryEscape("client_credentials") + @@ -193,17 +160,6 @@ func (client *OAuthClient) RequestClientCreds() (accessToken string, err error) log.Printf("Successfully registered OAuth2 client") debugf("Client ID: %s", client.Id) - url = oauth2PublicBaseURL + "/oauth2/auth" - log.Printf("Attempting to authorize OAuth2 client") - debugf("Sending request to %s", url) - _, err = client.AuthorizeOAuthClient(url) - if err != nil { - err = fmt.Errorf("Failed to authorize OAuth2 client: %v", err) - debugf("Response: %v", string(resp)) - return - } - log.Printf("Successfully authorized OAuth2 client") - url = oauth2PublicBaseURL + "/oauth2/token" log.Printf("Attempting to fetch token from authorization server") debugf("Sending request to %s", url)