Add ability to request additional claims, introduce short option name…

…s for OIDC stuff.
twz123 · Jan 24, 2018 · 3601e3f · 3601e3f
1 parent 5b2ef73
commit 3601e3f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -15,10 +15,11 @@ solves this problem, but specifically for Google as Identity Provider.
     oidc-token-ferry [OPTIONS] <patch-kubeconfig | render-go-template | render-json>
 
     OpenID Connect Options:
-        --issuer-url=    IdP Issuer URL to be contacted (default: https://accounts.google.com)
-        --client-id=     Client ID to be used
-        --client-secret= Client Secret to be used
-        --redirect-url=  Redirect URL to be communicated to the IdP (needs to indicate "out of band") (default: urn:ietf:wg:oauth:2.0:oob)
+    -u, --issuer-url=    IdP Issuer URL to be contacted (default: https://accounts.google.com)
+    -i, --client-id=     Client ID to be used
+    -s, --client-secret= Client Secret to be used
+    -r, --redirect-url=  Redirect URL to be communicated to the IdP (needs to indicate "out of band") (default: urn:ietf:wg:oauth:2.0:oob)
+    -c, --claim=         Additional claims to be requested
 
     Help Options:
     -h, --help           Show this help message

diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go
@@ -11,10 +11,11 @@ import (
 )
 
 type Config struct {
-	IssuerURL    string `long:"issuer-url" description:"IdP Issuer URL to be contacted" default:"https://accounts.google.com"`
-	ClientID     string `long:"client-id" required:"yes" description:"Client ID to be used"`
-	ClientSecret string `long:"client-secret" required:"yes" description:"Client Secret to be used"`
-	RedirectURL  string `long:"redirect-url" description:"Redirect URL to be communicated to the IdP (needs to indicate \"out of band\")" default:"urn:ietf:wg:oauth:2.0:oob"`
+	IssuerURL    string   `short:"u" long:"issuer-url" description:"IdP Issuer URL to be contacted" default:"https://accounts.google.com"`
+	ClientID     string   `short:"i" long:"client-id" required:"yes" description:"Client ID to be used"`
+	ClientSecret string   `short:"s" long:"client-secret" required:"yes" description:"Client Secret to be used"`
+	RedirectURL  string   `short:"r" long:"redirect-url" description:"Redirect URL to be communicated to the IdP (needs to indicate \"out of band\")" default:"urn:ietf:wg:oauth:2.0:oob"`
+	Claims       []string `short:"c" long:"claim" description:"Additional claims to be requested"`
 }
 
 type OIDCFlow struct {
@@ -56,6 +57,10 @@ func NewOpenIDConnectFlow(config *Config) (*OIDCFlow, error) {
 		Scopes: []string{oidc.ScopeOpenID},
 	}
 
+	if config.Claims != nil {
+		oauth2Config.Scopes = append(oauth2Config.Scopes, config.Claims...)
+	}
+
 	verifier := provider.Verifier(&oidc.Config{ClientID: config.ClientID})
 
 	return &OIDCFlow{