added examples

Signed-off-by: Matteo Collina <[email protected]>
platformatic · Feb 21, 2024 · 5f99bc3 · 5f99bc3
1 parent 9de07ad
commit 5f99bc3
Show file tree

Hide file tree

Showing 3 changed files with 141 additions and 0 deletions.
diff --git a/examples/client.mjs b/examples/client.mjs
@@ -0,0 +1,26 @@
+import { Agent, setGlobalDispatcher } from 'undici'
+import { createOidcInterceptor } from '../oidc-interceptor.js'
+
+const dispatcher = new Agent({
+  interceptors: {
+    Pool: [createOidcInterceptor({
+      // The paramerts for the cliend_credentials grant of OIDC
+      clientId: 'foo',
+      clientSecret: 'bar',
+      idpTokenUrl: 'http://localhost:3001/token',
+
+      // Set an array of status codes that the interceptor should refresh and
+      // retry the request on
+      retryOnStatusCodes: [401],
+
+      // The origins that this interceptor will add the `Authorization` header
+      // automatically
+      origins: ['http://localhost:3002']
+    })]
+  }
+})
+
+setGlobalDispatcher(dispatcher)
+
+const res = await fetch('http://localhost:3002')
+console.log(res.status, await res.text())
diff --git a/examples/idp.mjs b/examples/idp.mjs
@@ -0,0 +1,76 @@
+import Provider from 'oidc-provider'
+
+class MemoryAdapter {}
+
+const port = process.env.PORT || 3001
+
+const config = {
+  ttl: { 
+    ClientCredentials(ctx, token, client) {
+      return token.resourceServer?.accessTokenTTL || 10 * 60;
+    }
+  },
+  clients: [
+    {
+      client_id: 'foo',
+      client_secret: 'bar',
+      token_endpoint_auth_method: 'client_secret_post',
+      grant_types: ['client_credentials'],
+      redirect_uris: [],
+      response_types: [],
+    },
+  ],
+  cookies: {
+    keys: ['mysecret123']
+  },
+  adapter: MemoryAdapter,
+  jwks: {
+    // Copied from oidc-provider test suite
+    // https://github.com/panva/node-oidc-provider/blob/270af1da83dda4c49edb4aaab48908f737d73379/example/support/configuration.js#L31C3-L52C7
+    keys: [
+      {
+        d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GSgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',
+        dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',
+        dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtCWpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',
+        e: 'AQAB',
+        kty: 'RSA',
+        n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',
+        p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjrI-9w46l_vFuRtjL6XEeFfHEZFaNJpz-lcnb3w0okrbM',
+        q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4CUA3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',
+        qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',
+        use: 'sig',
+      }, {
+        crv: 'P-256',
+        d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',
+        kty: 'EC',
+        use: 'sig',
+        x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',
+        y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',
+      },
+    ],
+  },
+  features: {
+    devInteractions: { enabled: false },
+    clientCredentials: {
+      enabled: true,
+    },
+    resourceIndicators: {
+      defaultResource () {
+        return 'urn:example:foo';
+      },
+      getResourceServerInfo() {
+        return {
+          scope: 'api:read',
+          accessTokenFormat: 'jwt',
+          accessTokenTTL: 50,
+        }
+      },
+    }
+  }
+}
+const provider = new Provider(`http://localhost:${port}`, config)
+const server = await new Promise((resolve) => {
+  const s = provider.listen(port, () => {
+    resolve(s)
+  })
+});
diff --git a/examples/server.mjs b/examples/server.mjs
@@ -0,0 +1,39 @@
+import { createServer } from 'http'
+import buildGetJwks from 'get-jwks'
+import { createVerifier } from 'fast-jwt'
+
+const jwks = buildGetJwks({
+  jwksPath: '/jwks',
+})
+
+const port = 3002
+const idp = `http://localhost:3001/`
+
+const getKey = ({ header }) => jwks.getPublicKey({ domain: idp, kid: header.kid, alg: header.alg })
+
+const server = createServer(async (req, res) => {
+  try {
+    console.log(req.method, req.url)
+    if (!req.headers.authorization) {
+      console.log('No authorization header')
+      res.writeHead(401)
+      res.end()
+      return
+    }
+    const verifyAsync = createVerifier({ key: getKey })
+    const decoded = await verifyAsync(req.headers.authorization.slice('Bearer '.length))
+    console.log(decoded)
+    res.writeHead(200)
+    res.end('Worked!')
+  } catch (err) {
+    console.error(err)
+    res.writeHead(500)
+    res.end()
+  }
+})
+
+await new Promise((resolve) => {
+  server.listen(port, resolve)
+})
+
+console.log('Server listening on port', port)