@owlmeans/server-oidc-provider 0.1.0

package/src/utils/client.ts

@@ -0,0 +1,40 @@
+import { randomBytes } from '@noble/hashes/utils'
+import { hex } from '@scure/base'
+import type { ClientMetadata } from 'oidc-provider'
+import type { Config, Context } from '../types.js'
+import { makeSecurityHelper } from '@owlmeans/config'
+import type { SecurityHelper } from '@owlmeans/config'
+import { SEP } from '@owlmeans/route'
+
+export const updateClient = (context: Context, client: ClientMetadata): ClientMetadata => {
+  if (client.client_secret == null) {
+    if (!context.cfg.debug.all && !context.cfg.debug.oidc) {
+      throw new SyntaxError('Client secret is required')
+    }
+    client.client_secret = hex.encode(randomBytes(32))
+
+    console.info('\n')
+    console.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
+    console.warn('IT IS EXCEPTIONALY UNSECURE, BUT WE GENEREATED A CLIENT SECRET FOR YOU', client.client_secret)
+    console.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
+    console.info('\n')
+  }
+
+  const helper = makeSecurityHelper<Config, Context>(context)
+  const updateUri = makeUriUpdater(context, helper)
+  client.redirect_uris = client.redirect_uris?.map(updateUri) ?? []
+  client.post_logout_redirect_uris = client.post_logout_redirect_uris?.map(updateUri) ?? []
+  
+  return client
+}
+
+const makeUriUpdater = (context: Context, helper: SecurityHelper) => (uri: string): string => {
+  if (uri.startsWith('{{')) {
+    const [host, ...parts] = uri.split(SEP)
+    
+    const service = context.cfg.services[host.slice(2, -2)]
+    return helper.makeUrl(service, parts.join(SEP))
+  }
+
+  return uri
+}

package/src/utils/config.ts

@@ -0,0 +1,43 @@
+import type { Context } from '../types.js'
+import type { Configuration } from 'oidc-provider'
+import { updateClient } from './client.js'
+import * as jose from 'jose'
+
+export const combineConfig = async (context: Context, _unsecure: boolean): Promise<Configuration> => {
+  const cfg = context.cfg.oidc
+
+  const configuration: Configuration = {
+    ...cfg.customConfiguration,
+    clients: [
+      ...cfg.clients,
+      ...(cfg.customConfiguration?.clients ?? [])
+    ].map(client => updateClient(context, client)),
+    claims: {
+      email: ['email', 'email_verified', ...cfg.customConfiguration?.claims?.email ?? []],
+      profile: [
+        'username', 'family_name', 'given_name', 'locale', 'name', 'nickname', 'preferred_username',
+        ...cfg.customConfiguration?.claims?.profile ?? []
+      ],
+      ...cfg.customConfiguration?.claims,
+    },
+    scopes: ['openid', 'profile', 'offline_access', ...cfg.customConfiguration?.scopes ?? []],
+    features: {
+      ...cfg.customConfiguration?.features,
+      devInteractions: { enabled: false }
+      // devInteractions: {
+      //   enabled: (
+      //     (context.cfg.debug.all && context.cfg.debug.oidc !== false)
+      //     || context.cfg.debug.oidc
+      //   ) && unsecure,
+      //   ...cfg.customConfiguration?.features?.devInteractions,
+      // },
+    },
+    jwks: {
+      keys: [
+        await jose.exportJWK(await jose.importPKCS8(cfg.defaultKeys.RS256.pk, 'RS256'))
+      ]
+    }
+  }
+
+  return configuration
+}

package/src/utils/index.ts

@@ -0,0 +1,3 @@
+
+export * from './config.js'
+export * from './client.js'

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "extends": [
+    "../tsconfig.default.json",
+  ],
+  "compilerOptions": {
+    "rootDir": "./src/", /* Specify the root folder within your source files. */
+    "outDir": "./build/", /* Specify an output folder for all emitted files. */
+    "moduleResolution": "Bundler",
+  },
+  "exclude": [
+    "./dist/**/*",
+    "./build/**/*",
+    "./*.ts"
+  ]
+}