diff --git a/cmd/auth-rest/startcmd/start.go b/cmd/auth-rest/startcmd/start.go index f1a7651..439a898 100644 --- a/cmd/auth-rest/startcmd/start.go +++ b/cmd/auth-rest/startcmd/start.go @@ -516,6 +516,7 @@ func startAuthService(parameters *authRestParameters, srv server) error { Providers: parameters.oidcParams.providers, }, TransientStoreProvider: provider, + TLSConfig: &tls.Config{RootCAs: rootCAs}, //nolint:gosec }) if err != nil { return err diff --git a/cmd/auth-vue/src/views/ProviderPopup.vue b/cmd/auth-vue/src/views/ProviderPopup.vue index 50fac1d..cfdf2f7 100644 --- a/cmd/auth-vue/src/views/ProviderPopup.vue +++ b/cmd/auth-vue/src/views/ProviderPopup.vue @@ -10,7 +10,7 @@ const props = defineProps({ }); onMounted(() => { - window.location.href = `/oauth2/login?provider=${props.providerID}`; + window.location.href = `/oidc/login?provider=${props.providerID}`; }); diff --git a/cmd/auth-vue/src/views/SignIn.vue b/cmd/auth-vue/src/views/SignIn.vue index 1ea2f3b..35c0d73 100644 --- a/cmd/auth-vue/src/views/SignIn.vue +++ b/cmd/auth-vue/src/views/SignIn.vue @@ -20,7 +20,7 @@ const { t, locale } = useI18n(); onMounted(async () => { try { - const rawProviders = await axios.get('/oauth2/providers'); + const rawProviders = await axios.get('/oidc/providers'); providers.value = rawProviders.data.authProviders.sort( (prov1, prov2) => prov1.order - prov2.order ); diff --git a/cmd/auth-vue/src/views/SignUp.vue b/cmd/auth-vue/src/views/SignUp.vue index b008091..d79ef0b 100644 --- a/cmd/auth-vue/src/views/SignUp.vue +++ b/cmd/auth-vue/src/views/SignUp.vue @@ -20,7 +20,7 @@ const { t, locale } = useI18n(); onMounted(async () => { try { - const rawProviders = await axios.get('/oauth2/providers'); + const rawProviders = await axios.get('/oidc/providers'); providers.value = rawProviders.data.authProviders.sort( (prov1, prov2) => prov1.order - prov2.order ); diff --git a/pkg/restapi/gnap/operations.go b/pkg/restapi/gnap/operations.go index f21239b..ccdc257 100644 --- a/pkg/restapi/gnap/operations.go +++ b/pkg/restapi/gnap/operations.go @@ -86,6 +86,7 @@ type Config struct { OIDC *oidcmodel.Config StartupTimeout uint64 TransientStoreProvider storage.Provider + TLSConfig *tls.Config } // New creates GNAP operation handler. @@ -124,6 +125,7 @@ func New(config *Config) (*Operation, error) { cachedOIDCProviders: make(map[string]oidcProvider), timeout: config.StartupTimeout, transientStore: transientStore, + tlsConfig: config.TLSConfig, }, nil } diff --git a/test/bdd/fixtures/auth-rest/hydra-config/thirdparty_hydra_configure.sh b/test/bdd/fixtures/auth-rest/hydra-config/thirdparty_hydra_configure.sh index 60295d7..a039b88 100755 --- a/test/bdd/fixtures/auth-rest/hydra-config/thirdparty_hydra_configure.sh +++ b/test/bdd/fixtures/auth-rest/hydra-config/thirdparty_hydra_configure.sh @@ -32,7 +32,7 @@ hydra clients create \ --response-types code,id_token \ --scope openid,profile,email \ --skip-tls-verify \ - --callbacks https://auth.trustbloc.local:8070/oauth2/callback + --callbacks https://auth.trustbloc.local:8070/oidc/callback # TODO it would be great to check the exit status of the hydra command # https://github.com/trustbloc/auth/issues/67 echo "Finished creating oidc client for gnap flow!" diff --git a/test/bdd/pkg/gnap/steps.go b/test/bdd/pkg/gnap/steps.go index a2b03e9..b6c0306 100644 --- a/test/bdd/pkg/gnap/steps.go +++ b/test/bdd/pkg/gnap/steps.go @@ -27,8 +27,8 @@ const ( authServerURL = "https://auth.trustbloc.local:8070" expectedInteractURL = authServerURL + "/gnap/interact" - oidcProviderSelectorURL = authServerURL + "/oauth2/login" - oidcCallbackURLURL = authServerURL + "/oauth2/callback" + oidcProviderSelectorURL = authServerURL + "/oidc/login" + oidcCallbackURLURL = authServerURL + "/oidc/callback" authServerSignUpURL = authServerURL + "/ui/sign-up" mockOIDCProviderName = "mockbank1" // providers.yaml @@ -156,15 +156,14 @@ func (s *Steps) interactRedirect() error { return err } - if !strings.HasPrefix(loginResp.Request.URL.String(), oidcCallbackURLURL) { + // TODO validate the client finishURL + if !strings.HasPrefix(loginResp.Request.URL.String(), authServerURL) { return fmt.Errorf( "invalid oidc callbackURL prefix expected=%s actual=%s", oidcCallbackURLURL, loginResp.Request.URL.String(), ) } - // TODO get the redirect back - return nil }