Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use token audience from instance-data #205

Merged
merged 2 commits into from
Mar 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions cmd/datamaps/awssource.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 7 additions & 3 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ type OvermindInstance struct {
FrontendUrl *url.URL
ApiUrl *url.URL
NatsUrl *url.URL
Audience string
}

// GatewayUrl returns the URL for the gateway for this instance.
Expand All @@ -51,6 +52,7 @@ func (oi OvermindInstance) GatewayUrl() string {
type instanceData struct {
Api string `json:"api_url"`
Nats string `json:"nats_url"`
Aud string `json:"audience"`
}

// NewOvermindInstance creates a new OvermindInstance from the given app URL
Expand Down Expand Up @@ -99,6 +101,8 @@ func NewOvermindInstance(ctx context.Context, app string) (OvermindInstance, err
return instance, fmt.Errorf("invalid nats_url value '%v' in instance-data, error: %w", data.Nats, err)
}

instance.Audience = data.Aud

return instance, nil
}

Expand Down Expand Up @@ -268,7 +272,7 @@ func getAPIKeyToken(ctx context.Context, oi OvermindInstance, apiKey string) (*o

// Gets a token from Oauth with the required scopes. This method will also cache
// that token locally for use later, and will use the cached token if possible
func getOauthToken(ctx context.Context, requiredScopes []string) (*oauth2.Token, error) {
func getOauthToken(ctx context.Context, oi OvermindInstance, requiredScopes []string) (*oauth2.Token, error) {
var localScopes []string

// Check for a locally saved token in ~/.overmind
Expand Down Expand Up @@ -316,7 +320,7 @@ func getOauthToken(ctx context.Context, requiredScopes []string) (*oauth2.Token,
Scopes: requestScopes,
}

deviceCode, err := config.DeviceAuth(ctx, oauth2.SetAuthURLParam("audience", "https://api.overmind.tech"))
deviceCode, err := config.DeviceAuth(ctx, oauth2.SetAuthURLParam("audience", oi.Audience))
if err != nil {
return nil, fmt.Errorf("error getting device code: %w", err)
}
Expand Down Expand Up @@ -403,7 +407,7 @@ func ensureToken(ctx context.Context, oi OvermindInstance, requiredScopes []stri
if apiKey := viper.GetString("api-key"); apiKey != "" {
token, err = getAPIKeyToken(ctx, oi, apiKey)
} else {
token, err = getOauthToken(ctx, requiredScopes)
token, err = getOauthToken(ctx, oi, requiredScopes)
}
if err != nil {
return ctx, nil, fmt.Errorf("error getting token: %w", err)
Expand Down