From ced4d19b5eaa608c08753698eb4e1eed4475fd25 Mon Sep 17 00:00:00 2001 From: Patrick Kwiatkowski Date: Sun, 19 Nov 2023 11:01:44 -0500 Subject: [PATCH] fix: added oidc redirect url option for fulcio Signed-off-by: Patrick Kwiatkowski --- signer/fulcio/fulcio.go | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go index 8983f8c0..7b9e7966 100644 --- a/signer/fulcio/fulcio.go +++ b/signer/fulcio/fulcio.go @@ -105,14 +105,29 @@ func init() { return fsp, nil }, ), + registry.StringConfigOption( + "oidc-redirect-url", + "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.", + "", + func(sp signer.SignerProvider, oidcRedirectUrl string) (signer.SignerProvider, error) { + fsp, ok := sp.(FulcioSignerProvider) + if !ok { + return sp, fmt.Errorf("provided signer provider is not a fulcio signer provider") + } + + WithOidcRedirectUrl(oidcRedirectUrl)(&fsp) + return fsp, nil + }, + ), ) } type FulcioSignerProvider struct { - FulcioURL string - OidcIssuer string - OidcClientID string - Token string + FulcioURL string + OidcIssuer string + OidcClientID string + Token string + OidcRedirectUrl string } type Option func(*FulcioSignerProvider) @@ -141,6 +156,12 @@ func WithToken(tokenOption string) Option { } } +func WithOidcRedirectUrl(oidcRedirectUrl string) Option { + return func(fsp *FulcioSignerProvider) { + fsp.OidcRedirectUrl = oidcRedirectUrl + } +} + func New(opts ...Option) FulcioSignerProvider { fsp := FulcioSignerProvider{} for _, opt := range opts { @@ -214,7 +235,7 @@ func (fsp FulcioSignerProvider) Signer(ctx context.Context) (cryptoutil.Signer, raw = fsp.Token case fsp.Token == "" && isatty.IsTerminal(os.Stdin.Fd()): - tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", "", oauthflow.DefaultIDTokenGetter) + tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", fsp.OidcRedirectUrl, oauthflow.DefaultIDTokenGetter) if err != nil { return nil, err }