Skip to content
Snippets Groups Projects
Commit 2d22f6a2 authored by Yordan Kinkov's avatar Yordan Kinkov
Browse files

Merge branch '4-use-oauth-server-for-service-to-service-authentication' into 'main'

Issue token from OAuth server and pass it along with HTTP requests

Closes #4

See merge request gaia-x/data-infrastructure-federation-services/tsa/infohub!2
parents 5bf803ea a630abee
Branches
Tags
No related merge requests found
Pipeline #54793 passed
Showing
with 37 additions and 4 deletions
...@@ -17,6 +17,8 @@ import ( ...@@ -17,6 +17,8 @@ import (
"go.uber.org/zap/zapcore" "go.uber.org/zap/zapcore"
goahttp "goa.design/goa/v3/http" goahttp "goa.design/goa/v3/http"
goa "goa.design/goa/v3/pkg" goa "goa.design/goa/v3/pkg"
"golang.org/x/oauth2"
"golang.org/x/oauth2/clientcredentials"
"golang.org/x/sync/errgroup" "golang.org/x/sync/errgroup"
"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/cache" "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/cache"
...@@ -76,16 +78,22 @@ func main() { ...@@ -76,16 +78,22 @@ func main() {
} }
httpClient := httpClient() httpClient := httpClient()
credentials := credential.New(cfg.Credential.IssuerURI, httpClient)
// Create an HTTP Client which uses an authentication token.
// The token will auto-refresh as necessary.
oauthCtx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
oauthClient := newOAuth2Client(oauthCtx, cfg.OAuth.ClientID, cfg.OAuth.ClientSecret, cfg.OAuth.TokenURL)
credentials := credential.New(cfg.Credential.IssuerURI, oauthClient)
// create policy client // create policy client
policy := policy.New(cfg.Policy.Addr, policy.WithHTTPClient(httpClient)) policy := policy.New(cfg.Policy.Addr, policy.WithHTTPClient(oauthClient))
// create cache client // create cache client
cache := cache.New(cfg.Cache.Addr) cache := cache.New(cfg.Cache.Addr, cache.WithHTTPClient(oauthClient))
// create signer client // create signer client
signer := signer.New(cfg.Signer.Addr, signer.WithHTTPClient(httpClient)) signer := signer.New(cfg.Signer.Addr, signer.WithHTTPClient(oauthClient))
// create services // create services
var ( var (
...@@ -217,6 +225,16 @@ func httpClient() *http.Client { ...@@ -217,6 +225,16 @@ func httpClient() *http.Client {
} }
} }
func newOAuth2Client(ctx context.Context, cID, cSecret, tokenURL string) *http.Client {
oauthCfg := clientcredentials.Config{
ClientID: cID,
ClientSecret: cSecret,
TokenURL: tokenURL,
}
return oauthCfg.Client(ctx)
}
func exposeMetrics(addr string, logger *zap.Logger) { func exposeMetrics(addr string, logger *zap.Logger) {
promMux := http.NewServeMux() promMux := http.NewServeMux()
promMux.Handle("/metrics", promhttp.Handler()) promMux.Handle("/metrics", promhttp.Handler())
......
...@@ -14,6 +14,7 @@ require ( ...@@ -14,6 +14,7 @@ require (
go.mongodb.org/mongo-driver v1.10.2 go.mongodb.org/mongo-driver v1.10.2
go.uber.org/zap v1.23.0 go.uber.org/zap v1.23.0
goa.design/goa/v3 v3.8.5 goa.design/goa/v3 v3.8.5
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
) )
...@@ -64,9 +65,11 @@ require ( ...@@ -64,9 +65,11 @@ require (
go.uber.org/multierr v1.6.0 // indirect go.uber.org/multierr v1.6.0 // indirect
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b // indirect
golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
golang.org/x/text v0.3.7 // indirect golang.org/x/text v0.3.7 // indirect
golang.org/x/tools v0.1.12 // indirect golang.org/x/tools v0.1.12 // indirect
google.golang.org/appengine v1.6.6 // indirect
google.golang.org/protobuf v1.28.1 // indirect google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
) )
...@@ -462,6 +462,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx ...@@ -462,6 +462,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
...@@ -469,6 +471,7 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr ...@@ -469,6 +471,7 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
...@@ -611,6 +614,7 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 ...@@ -611,6 +614,7 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
......
...@@ -10,6 +10,7 @@ type Config struct { ...@@ -10,6 +10,7 @@ type Config struct {
Credential credentialConfig Credential credentialConfig
Signer signerConfig Signer signerConfig
Metrics metricsConfig Metrics metricsConfig
OAuth oauthConfig
LogLevel string `envconfig:"LOG_LEVEL" default:"INFO"` LogLevel string `envconfig:"LOG_LEVEL" default:"INFO"`
} }
...@@ -49,3 +50,9 @@ type signerConfig struct { ...@@ -49,3 +50,9 @@ type signerConfig struct {
type metricsConfig struct { type metricsConfig struct {
Addr string `envconfig:"METRICS_ADDR" default:":2112"` Addr string `envconfig:"METRICS_ADDR" default:":2112"`
} }
type oauthConfig struct {
ClientID string `envconfig:"OAUTH_CLIENT_ID" required:"true"`
ClientSecret string `envconfig:"OAUTH_CLIENT_SECRET" required:"true"`
TokenURL string `envconfig:"OAUTH_TOKEN_URL" required:"true"`
}
...@@ -3,6 +3,7 @@ package infohub ...@@ -3,6 +3,7 @@ package infohub
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable" "github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
"go.uber.org/zap" "go.uber.org/zap"
......
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment