@@ -17,6 +17,7 @@ limitations under the License.
1717package auth
1818
1919import (
20+ "context"
2021 "encoding/base64"
2122 "encoding/json"
2223 "errors"
@@ -34,14 +35,23 @@ import (
3435 "github.com/kube-bind/kube-bind/backend/session"
3536)
3637
38+ type OIDCProvider interface {
39+ GetOIDCProvider (ctx context.Context ) (* OIDCServiceProvider , error )
40+ }
41+
42+ type AuthHandlerInterface interface {
43+ HandleAuthorize (w http.ResponseWriter , r * http.Request )
44+ HandleCallback (w http.ResponseWriter , r * http.Request )
45+ }
46+
3747type AuthHandler struct {
38- oidc * OIDCServiceProvider
48+ oidc OIDCProvider
3949 jwtService * JWTService
4050 cookieSigningKey []byte
4151 cookieEncryptionKey []byte
4252}
4353
44- func NewAuthHandler (oidc * OIDCServiceProvider , jwtService * JWTService , cookieSigningKey , cookieEncryptionKey []byte ) * AuthHandler {
54+ func NewAuthHandler (oidc OIDCProvider , jwtService * JWTService , cookieSigningKey , cookieEncryptionKey []byte ) * AuthHandler {
4555 return & AuthHandler {
4656 oidc : oidc ,
4757 jwtService : jwtService ,
@@ -85,8 +95,15 @@ func (ah *AuthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
8595 return
8696 }
8797
98+ provider , err := ah .oidc .GetOIDCProvider (r .Context ())
99+ if err != nil {
100+ logger .Info ("failed to get OIDC provider" , "error" , err )
101+ ah .respondWithError (w , authReq .ClientType , err .Error (), http .StatusInternalServerError )
102+ return
103+ }
104+
88105 encoded := base64 .URLEncoding .EncodeToString (dataCode )
89- authURL := ah . oidc .OIDCProviderConfig (scopes ).AuthCodeURL (encoded )
106+ authURL := provider .OIDCProviderConfig (scopes ).AuthCodeURL (encoded )
90107
91108 http .Redirect (w , r , authURL , http .StatusFound )
92109}
@@ -133,7 +150,25 @@ func (ah *AuthHandler) HandleCallback(w http.ResponseWriter, r *http.Request) {
133150 return
134151 }
135152
136- token , err := ah .oidc .OIDCProviderConfig (nil ).Exchange (r .Context (), code )
153+ provider , err := ah .oidc .GetOIDCProvider (r .Context ())
154+ if err != nil {
155+ logger .Info ("failed to get OIDC provider" , "error" , err )
156+ ah .respondWithError (w , authCode .ClientType , err .Error (), http .StatusInternalServerError )
157+ return
158+ }
159+
160+ // Create context with custom HTTP client if TLS config is available
161+ ctx := r .Context ()
162+ if tlsConfig := provider .GetTLSConfig (); tlsConfig != nil {
163+ client := & http.Client {
164+ Transport : & http.Transport {
165+ TLSClientConfig : tlsConfig ,
166+ },
167+ }
168+ ctx = context .WithValue (ctx , oauth2 .HTTPClient , client )
169+ }
170+
171+ token , err := provider .OIDCProviderConfig (nil ).Exchange (ctx , code )
137172 if err != nil {
138173 logger .Error (err , "failed to exchange token" )
139174 http .Error (w , "internal error" , http .StatusInternalServerError )
0 commit comments