-
Notifications
You must be signed in to change notification settings - Fork 325
/
Copy pathopenid_audience_protocol_mapper.go
134 lines (106 loc) · 4.64 KB
/
openid_audience_protocol_mapper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package keycloak
import (
"context"
"fmt"
"strconv"
)
type OpenIdAudienceProtocolMapper struct {
Id string
Name string
RealmId string
ClientId string
ClientScopeId string
AddToIdToken bool
AddToAccessToken bool
IncludedClientAudience string
IncludedCustomAudience string
}
func (mapper *OpenIdAudienceProtocolMapper) convertToGenericProtocolMapper() *protocolMapper {
return &protocolMapper{
Id: mapper.Id,
Name: mapper.Name,
Protocol: "openid-connect",
ProtocolMapper: "oidc-audience-mapper",
Config: map[string]string{
addToIdTokenField: strconv.FormatBool(mapper.AddToIdToken),
addToAccessTokenField: strconv.FormatBool(mapper.AddToAccessToken),
includedClientAudienceField: mapper.IncludedClientAudience,
includedCustomAudienceField: mapper.IncludedCustomAudience,
},
}
}
func (protocolMapper *protocolMapper) convertToOpenIdAudienceProtocolMapper(realmId, clientId, clientScopeId string) (*OpenIdAudienceProtocolMapper, error) {
addToIdToken, err := parseBoolAndTreatEmptyStringAsFalse(protocolMapper.Config[addToIdTokenField])
if err != nil {
return nil, err
}
addToAccessToken, err := parseBoolAndTreatEmptyStringAsFalse(protocolMapper.Config[addToAccessTokenField])
if err != nil {
return nil, err
}
return &OpenIdAudienceProtocolMapper{
Id: protocolMapper.Id,
Name: protocolMapper.Name,
RealmId: realmId,
ClientId: clientId,
ClientScopeId: clientScopeId,
AddToIdToken: addToIdToken,
AddToAccessToken: addToAccessToken,
IncludedClientAudience: protocolMapper.Config[includedClientAudienceField],
IncludedCustomAudience: protocolMapper.Config[includedCustomAudienceField],
}, nil
}
func (keycloakClient *KeycloakClient) GetOpenIdAudienceProtocolMapper(ctx context.Context, realmId, clientId, clientScopeId, mapperId string) (*OpenIdAudienceProtocolMapper, error) {
var protocolMapper *protocolMapper
err := keycloakClient.get(ctx, individualProtocolMapperPath(realmId, clientId, clientScopeId, mapperId), &protocolMapper, nil)
if err != nil {
return nil, err
}
return protocolMapper.convertToOpenIdAudienceProtocolMapper(realmId, clientId, clientScopeId)
}
func (keycloakClient *KeycloakClient) DeleteOpenIdAudienceProtocolMapper(ctx context.Context, realmId, clientId, clientScopeId, mapperId string) error {
return keycloakClient.delete(ctx, individualProtocolMapperPath(realmId, clientId, clientScopeId, mapperId), nil)
}
func (keycloakClient *KeycloakClient) NewOpenIdAudienceProtocolMapper(ctx context.Context, mapper *OpenIdAudienceProtocolMapper) error {
path := protocolMapperPath(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId)
_, location, err := keycloakClient.post(ctx, path, mapper.convertToGenericProtocolMapper())
if err != nil {
return err
}
mapper.Id = getIdFromLocationHeader(location)
return nil
}
func (keycloakClient *KeycloakClient) UpdateOpenIdAudienceProtocolMapper(ctx context.Context, mapper *OpenIdAudienceProtocolMapper) error {
path := individualProtocolMapperPath(mapper.RealmId, mapper.ClientId, mapper.ClientScopeId, mapper.Id)
return keycloakClient.put(ctx, path, mapper.convertToGenericProtocolMapper())
}
func (keycloakClient *KeycloakClient) ValidateOpenIdAudienceProtocolMapper(ctx context.Context, mapper *OpenIdAudienceProtocolMapper) error {
if mapper.ClientId == "" && mapper.ClientScopeId == "" {
return fmt.Errorf("validation error: one of ClientId or ClientScopeId must be set")
}
if mapper.ClientId != "" && mapper.ClientScopeId != "" {
return fmt.Errorf("validation error: ClientId and ClientScopeId cannot both be set")
}
if mapper.IncludedClientAudience == "" && mapper.IncludedCustomAudience == "" {
return fmt.Errorf("validation error: one of IncludedClientAudience or IncludedCustomAudience must be set")
}
if mapper.IncludedClientAudience != "" && mapper.IncludedCustomAudience != "" {
return fmt.Errorf("validation error: IncludedClientAudience and IncludedCustomAudience cannot both be set")
}
protocolMappers, err := keycloakClient.listGenericProtocolMappers(ctx, mapper.RealmId, mapper.ClientId, mapper.ClientScopeId)
if err != nil {
return err
}
for _, protocolMapper := range protocolMappers {
if protocolMapper.Name == mapper.Name && protocolMapper.Id != mapper.Id {
return fmt.Errorf("validation error: a protocol mapper with name %s already exists for this client", mapper.Name)
}
}
if mapper.IncludedClientAudience != "" {
_, err = keycloakClient.GetGenericClientByClientId(ctx, mapper.RealmId, mapper.IncludedClientAudience)
if err != nil {
return fmt.Errorf("validation error: %w", err)
}
}
return nil
}