reclaim-oidc 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/reclaim-oidc +154 -0
- data/lib/reclaim_oidc.rb +104 -0
- metadata +46 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 8457ee899a43a473780d2e48d89d8f5d91448749c1f1d12426ce1f37170db612
|
4
|
+
data.tar.gz: '08e4e088fe5d3e5cab0ae7ac176863721fe8e32e8f6135d5e8233aa824ac52bb'
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: aeb2aea87d30407080a8220c8d733070c44e624c02c502d8fe73ec26c60b3703c485d0f7292a107ee9340567917c092988bd635aeb1eab6cf7cb1fb002c6ffd5
|
7
|
+
data.tar.gz: a6da4bb73e033ca1508b516c7c03fdbe55148c3f9483579b5436e5456473b740e724b4e748ed25aa4550bbb29087307d30e545737814b43274d11f4cc7fe673f
|
data/bin/reclaim-oidc
ADDED
@@ -0,0 +1,154 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'optparse'
|
3
|
+
require 'reclaim_oidc'
|
4
|
+
|
5
|
+
class OptParser
|
6
|
+
class ScriptOptions
|
7
|
+
attr_accessor :name, :add, :delete, :list, :description, :redirect_uri,
|
8
|
+
:verbose
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
self.delete = false
|
12
|
+
self.add = false
|
13
|
+
self.list = false
|
14
|
+
self.verbose = false
|
15
|
+
end
|
16
|
+
|
17
|
+
def define_options(parser)
|
18
|
+
parser.banner = "Usage: reclaim-oidc [options]"
|
19
|
+
parser.separator ""
|
20
|
+
parser.separator "Specific options:"
|
21
|
+
|
22
|
+
# add additional options
|
23
|
+
add_option(parser)
|
24
|
+
delete_option(parser)
|
25
|
+
list_option(parser)
|
26
|
+
client_name_option(parser)
|
27
|
+
client_redirect_option(parser)
|
28
|
+
client_description_option(parser)
|
29
|
+
boolean_verbose_option(parser)
|
30
|
+
|
31
|
+
parser.separator ""
|
32
|
+
parser.separator "Common options:"
|
33
|
+
# No argument, shows at tail. This will print an options summary.
|
34
|
+
parser.on_tail("-h", "--help", "Show this message") do
|
35
|
+
puts parser
|
36
|
+
exit
|
37
|
+
end
|
38
|
+
# Another typical switch to print the version.
|
39
|
+
parser.on_tail("--version", "Show version") do
|
40
|
+
puts ReclaimOidc.version
|
41
|
+
exit
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def client_name_option(parser)
|
46
|
+
parser.on("-n", "--client-name [NAME]",
|
47
|
+
"Name of the OIDC client") do |n|
|
48
|
+
self.name = n
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def client_redirect_option(parser)
|
53
|
+
parser.on("-r", "--redirect-uri [URI]",
|
54
|
+
"The OIDC redirect_uri parameter") do |n|
|
55
|
+
self.redirect_uri = n
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def client_description_option(parser)
|
60
|
+
parser.on("-D", "--description [DESCRIPTION]",
|
61
|
+
"The OIDC client description") do |n|
|
62
|
+
self.description = n
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def add_option(parser)
|
67
|
+
parser.on("-a", "--add", "Add a client") do |v|
|
68
|
+
self.add = v
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def delete_option(parser)
|
73
|
+
parser.on("-d", "--delete", "Delete a client") do |v|
|
74
|
+
self.delete = v
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def list_option(parser)
|
79
|
+
parser.on("-l", "--list", "List clients") do |v|
|
80
|
+
self.list = v
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
def boolean_verbose_option(parser)
|
85
|
+
# Boolean switch.
|
86
|
+
parser.on("-v", "--[no-]verbose", "Run verbosely") do |v|
|
87
|
+
self.verbose = v
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
#
|
93
|
+
# Return a structure describing the options.
|
94
|
+
#
|
95
|
+
def parse(args)
|
96
|
+
# The options specified on the command line will be collected in
|
97
|
+
# *options*.
|
98
|
+
|
99
|
+
@options = ScriptOptions.new
|
100
|
+
@args = OptionParser.new do |parser|
|
101
|
+
@options.define_options(parser)
|
102
|
+
parser.parse!(args)
|
103
|
+
end
|
104
|
+
@options
|
105
|
+
end
|
106
|
+
|
107
|
+
attr_reader :parser, :options
|
108
|
+
end # class OptparseExample
|
109
|
+
|
110
|
+
op = OptParser.new
|
111
|
+
options = op.parse(ARGV)
|
112
|
+
#pp options
|
113
|
+
#pp ARGV
|
114
|
+
|
115
|
+
roidc = ReclaimOidc.new(options.verbose)
|
116
|
+
|
117
|
+
if (options.list)
|
118
|
+
op = roidc.get_op_info
|
119
|
+
puts "OpenID Connect Provider Information:"
|
120
|
+
puts "------------------------------------"
|
121
|
+
puts "Authorize Endpoint: #{op['authz_endpoint']}"
|
122
|
+
puts "Token Endpoint: #{op['token_endpoint']}"
|
123
|
+
puts "JSON-Web-Token Algorithm: #{op['jwt_algo']}"
|
124
|
+
puts "JSON-Web-Token key: #{op['jwt_key']}"
|
125
|
+
puts "Example Authorization Redirect:"
|
126
|
+
puts "https://api.reclaim/openid/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=email%20full_name&nonce=1234"
|
127
|
+
puts ""
|
128
|
+
puts "Registered Clients:"
|
129
|
+
puts "-------------------"
|
130
|
+
clients = roidc.get_clients
|
131
|
+
clients.each do |client|
|
132
|
+
puts "name: #{client.name}"
|
133
|
+
puts "client_id: #{client.key}"
|
134
|
+
puts "client_secret: #{client.secret}"
|
135
|
+
puts "description: #{client.description}"
|
136
|
+
puts "redirect_uri: #{client.redirect_uri}"
|
137
|
+
puts "---"
|
138
|
+
end
|
139
|
+
exit
|
140
|
+
end
|
141
|
+
if (options.add)
|
142
|
+
if options.name.nil? or options.redirect_uri.nil?
|
143
|
+
puts "ERROR: Missing options"
|
144
|
+
exit
|
145
|
+
end
|
146
|
+
roidc.add_client(options.name,options.redirect_uri,options.description)
|
147
|
+
puts "OK"
|
148
|
+
exit
|
149
|
+
end
|
150
|
+
if (options.delete)
|
151
|
+
roidc.delete_client(options.name)
|
152
|
+
puts "OK"
|
153
|
+
end
|
154
|
+
|
data/lib/reclaim_oidc.rb
ADDED
@@ -0,0 +1,104 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
class ReclaimOidc
|
5
|
+
def initialize(verbose=false, url='http://localhost:7776')
|
6
|
+
@verbose = verbose
|
7
|
+
@url = url
|
8
|
+
@client_secret = get_client_secret()
|
9
|
+
end
|
10
|
+
def self.hello
|
11
|
+
puts "Hello World!"
|
12
|
+
end
|
13
|
+
def parse_identities_from_http(body)
|
14
|
+
arr = JSON.parse(body)
|
15
|
+
ids = []
|
16
|
+
arr.each do |obj|
|
17
|
+
obj["secret"] = @client_secret
|
18
|
+
ids << ReclaimOidc::Client.from_json(obj)
|
19
|
+
end
|
20
|
+
ids
|
21
|
+
end
|
22
|
+
|
23
|
+
def get_client_secret
|
24
|
+
uri = URI(@url + '/config/reclaim-rest-plugin')
|
25
|
+
resp = JSON.parse Net::HTTP.get(uri)
|
26
|
+
return resp["PSW"]
|
27
|
+
end
|
28
|
+
|
29
|
+
def get_clients
|
30
|
+
uri = URI(@url + '/identity/all')
|
31
|
+
ids = parse_identities_from_http(Net::HTTP.get(uri))
|
32
|
+
result = []
|
33
|
+
ids.each do |id|
|
34
|
+
uri = URI(@url + "/namestore/#{id.name}")
|
35
|
+
id.parse_client_info(JSON.parse(Net::HTTP.get(uri)))
|
36
|
+
next if id.redirect_uri.nil?
|
37
|
+
result << id
|
38
|
+
end
|
39
|
+
result
|
40
|
+
end
|
41
|
+
def add_client(name,redirect_uri,description)
|
42
|
+
raise if redirect_uri.nil? or description.nil? or name.nil?
|
43
|
+
uri = URI(@url + '/identity')
|
44
|
+
payload = {'name' => "#{name}"}.to_json
|
45
|
+
resp = Net::HTTP.post(uri, payload)
|
46
|
+
uri = URI(@url + "/namestore/#{name}")
|
47
|
+
record = {'record_type' => "RECLAIM_OIDC_CLIENT",
|
48
|
+
'value' => description,
|
49
|
+
'record_name' => "@",
|
50
|
+
'expiration_time' => "1d",
|
51
|
+
'flag' => 8}
|
52
|
+
resp = Net::HTTP.post(uri,record.to_json)
|
53
|
+
record = {'record_type' => "RECLAIM_OIDC_REDIRECT",
|
54
|
+
'value' => redirect_uri,
|
55
|
+
'record_name' => "@",
|
56
|
+
'expiration_time' => "1d",
|
57
|
+
'flag' => 8}
|
58
|
+
resp = Net::HTTP.post(uri,record.to_json)
|
59
|
+
end
|
60
|
+
def delete_client(name)
|
61
|
+
raise if name.nil?
|
62
|
+
uri = URI(@url + "/identity/name/#{name}")
|
63
|
+
Net::HTTP.start(uri.host, uri.port) do |http|
|
64
|
+
request = Net::HTTP::Delete.new uri
|
65
|
+
resp = http.request request # Net::HTTPResponse object
|
66
|
+
end
|
67
|
+
end
|
68
|
+
def get_op_info
|
69
|
+
uri = URI(@url + '/config/reclaim-rest-plugin')
|
70
|
+
resp = JSON.parse Net::HTTP.get(uri)
|
71
|
+
op = {}
|
72
|
+
op['jwt_key'] = resp["JWT_SECRET"]
|
73
|
+
op['jwt_algo'] = 'HS512' # FIXME
|
74
|
+
host = 'http://localhost:7776'
|
75
|
+
op['authz_endpoint'] = host + '/openid/authorize'
|
76
|
+
op['token_endpoint'] = host + '/openid/token'
|
77
|
+
op
|
78
|
+
end
|
79
|
+
def set_jwt_secret
|
80
|
+
raise
|
81
|
+
end
|
82
|
+
|
83
|
+
class Client
|
84
|
+
attr_reader :name, :key, :description, :redirect_uri, :secret
|
85
|
+
def initialize(name, key, secret)
|
86
|
+
@name = name
|
87
|
+
@key = key
|
88
|
+
@secret = secret
|
89
|
+
end
|
90
|
+
def self.from_json(obj)
|
91
|
+
id = Client.new(obj['name'], obj['pubkey'], obj['secret'])
|
92
|
+
end
|
93
|
+
def parse_client_info(obj)
|
94
|
+
obj.each do |record|
|
95
|
+
if (record['record_type'] == 'RECLAIM_OIDC_CLIENT')
|
96
|
+
@description = record['value']
|
97
|
+
end
|
98
|
+
if (record['record_type'] == 'RECLAIM_OIDC_REDIRECT')
|
99
|
+
@redirect_uri = record['value']
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
metadata
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: reclaim-oidc
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Martin Schanzenbach
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-04-25 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Used to manage re:claimID OpenID Connect clients and OpenID Connect Provider
|
14
|
+
configuration(s)
|
15
|
+
email: mschanzenbach@posteo.de
|
16
|
+
executables:
|
17
|
+
- reclaim-oidc
|
18
|
+
extensions: []
|
19
|
+
extra_rdoc_files: []
|
20
|
+
files:
|
21
|
+
- bin/reclaim-oidc
|
22
|
+
- lib/reclaim_oidc.rb
|
23
|
+
homepage: https://gitlab.com/reclaimid/reclaim-oidc
|
24
|
+
licenses:
|
25
|
+
- AGPL-3.0
|
26
|
+
metadata: {}
|
27
|
+
post_install_message:
|
28
|
+
rdoc_options: []
|
29
|
+
require_paths:
|
30
|
+
- lib
|
31
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - ">="
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '0'
|
36
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
requirements: []
|
42
|
+
rubygems_version: 3.0.3
|
43
|
+
signing_key:
|
44
|
+
specification_version: 4
|
45
|
+
summary: re:claimID OpenID Connect CLI
|
46
|
+
test_files: []
|