Skip to content

Commit

Permalink
fix: added oidc redirect url option for fulcio (in-toto#76)
Browse files Browse the repository at this point in the history
* fix: added oidc redirect url option for fulcio

Signed-off-by: Patrick Kwiatkowski <[email protected]>

* Update fulcio.go

---------

Signed-off-by: Patrick Kwiatkowski <[email protected]>
Signed-off-by: Tom Meadows <[email protected]>
Co-authored-by: Tom Meadows <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
  • Loading branch information
pkwiatkowski1 and ChaosInTheCRD committed Jan 16, 2024
1 parent 0824d9c commit 9684b66
Showing 1 changed file with 28 additions and 6 deletions.
34 changes: 28 additions & 6 deletions signer/fulcio/fulcio.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,20 @@ func init() {
return fsp, nil
},
),
registry.StringConfigOption(
"oidc-redirect-url",
"OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.",
"",
func(sp signer.SignerProvider, oidcRedirectUrl string) (signer.SignerProvider, error) {
fsp, ok := sp.(FulcioSignerProvider)
if !ok {
return sp, fmt.Errorf("provided signer provider is not a fulcio signer provider")
}

WithOidcRedirectUrl(oidcRedirectUrl)(&fsp)
return fsp, nil
},
),
registry.StringConfigOption(
"token-path",
"Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)",
Expand All @@ -123,11 +137,12 @@ func init() {
}

type FulcioSignerProvider struct {
FulcioURL string
OidcIssuer string
OidcClientID string
Token string
TokenPath string
FulcioURL string
OidcIssuer string
OidcClientID string
Token string
TokenPath string
OidcRedirectUrl string
}

type Option func(*FulcioSignerProvider)
Expand Down Expand Up @@ -156,6 +171,13 @@ func WithToken(tokenOption string) Option {
}
}


func WithOidcRedirectUrl(oidcRedirectUrl string) Option {
return func(fsp *FulcioSignerProvider) {
fsp.OidcRedirectUrl = oidcRedirectUrl
}
}

func WithTokenPath(tokenPathOption string) Option {
return func(fsp *FulcioSignerProvider) {
fsp.TokenPath = tokenPathOption
Expand Down Expand Up @@ -243,7 +265,7 @@ func (fsp FulcioSignerProvider) Signer(ctx context.Context) (cryptoutil.Signer,

raw = string(f)
case fsp.Token == "" && isatty.IsTerminal(os.Stdin.Fd()):
tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", "", oauthflow.DefaultIDTokenGetter)
tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", fsp.OidcRedirectUrl, oauthflow.DefaultIDTokenGetter)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 9684b66

Please sign in to comment.