Add a conf flag to enforce server certificate validation

fixes descope/etc#4996
descope · Dec 15, 2023 · 8f2119d · 8f2119d
1 parent e0ee921
commit 8f2119d
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/descope/api/client.go b/descope/api/client.go
@@ -787,11 +787,11 @@ type sdkInfo struct {
 }
 
 type ClientParams struct {
-	BaseURL              string
-	DefaultClient        IHttpClient
-	CustomDefaultHeaders map[string]string
-
-	ProjectID string
+	BaseURL                 string
+	DefaultClient           IHttpClient
+	CustomDefaultHeaders    map[string]string
+	VerifyServerCertificate bool
+	ProjectID               string
 }
 
 type IHttpClient interface {
@@ -826,7 +826,7 @@ func NewClient(conf ClientParams) *Client {
 		t.MaxIdleConns = 100
 		t.MaxConnsPerHost = 100
 		t.MaxIdleConnsPerHost = 100
-		t.TLSClientConfig.InsecureSkipVerify = true
+		t.TLSClientConfig.InsecureSkipVerify = !conf.VerifyServerCertificate
 		httpClient = &http.Client{
 			Timeout:   time.Second * 10,
 			Transport: t,

diff --git a/descope/client/client.go b/descope/client/client.go
@@ -49,7 +49,7 @@ func NewWithConfig(config *Config) (*DescopeClient, error) {
 	}
 	config.setManagementKey()
 
-	c := api.NewClient(api.ClientParams{BaseURL: config.DescopeBaseURL, CustomDefaultHeaders: config.CustomDefaultHeaders, DefaultClient: config.DefaultClient, ProjectID: config.ProjectID})
+	c := api.NewClient(api.ClientParams{BaseURL: config.DescopeBaseURL, CustomDefaultHeaders: config.CustomDefaultHeaders, DefaultClient: config.DefaultClient, ProjectID: config.ProjectID, VerifyServerCertificate: config.VerifyServerCertificate})
 
 	authService, err := auth.NewAuth(auth.AuthParams{
 		ProjectID:           config.ProjectID,

diff --git a/descope/client/config.go b/descope/client/config.go
@@ -24,6 +24,8 @@ type Config struct {
 	DescopeBaseURL string
 	// DefaultClient (optional, http.DefaultClient) - override the default client used to Do the actual http request.
 	DefaultClient api.IHttpClient
+	// VerifyServerCertificate (optional) - verify the server certificate
+	VerifyServerCertificate bool
 	// CustomDefaultHeaders (optional, nil) - add custom headers to all requests used to communicate with descope services.
 	CustomDefaultHeaders map[string]string
 	// LogLevel (optional, LogNone) - set a log level (Debug/Info/None) for the sdk to use when logging.