Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use information from the instance data to auth #377

Merged
merged 1 commit into from
Jun 7, 2024
Merged

Use information from the instance data to auth #377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ type OvermindInstance struct {
ApiUrl *url.URL
NatsUrl *url.URL
Audience string
Auth0Domain string
CLIClientID string
}

// GatewayUrl returns the URL for the gateway for this instance.
Expand All @@ -50,9 +52,11 @@ func (oi OvermindInstance) String() string {
}

type instanceData struct {
Api string `json:"api_url"`
Nats string `json:"nats_url"`
Aud string `json:"aud"`
Api string `json:"api_url"`
Nats string `json:"nats_url"`
Aud string `json:"aud"`
Auth0Domain string `json:"auth0_domain"`
CLIClientID string `json:"auth0_cli_client_id"`
}

// NewOvermindInstance creates a new OvermindInstance from the given app URL
Expand Down Expand Up @@ -103,6 +107,8 @@ func NewOvermindInstance(ctx context.Context, app string) (OvermindInstance, err
}

instance.Audience = data.Aud
instance.CLIClientID = data.CLIClientID
instance.Auth0Domain = data.Auth0Domain

return instance, nil
}
Expand Down Expand Up @@ -365,16 +371,12 @@ func init() {
}

// internal configs
rootCmd.PersistentFlags().String("cli-auth0-client-id", "QMfjMww3x4QTpeXiuRtMV3JIQkx6mZa4", "OAuth Client ID to use when connecting with auth0")
rootCmd.PersistentFlags().String("cli-auth0-domain", "om-prod.eu.auth0.com", "Auth0 domain to connect to")
rootCmd.PersistentFlags().String("honeycomb-api-key", "", "If specified, configures opentelemetry libraries to submit traces to honeycomb. This requires --otel to be set.")
rootCmd.PersistentFlags().String("ovm-test-fake", "", "If non-empty, instructs some commands to only use fake data for fast development iteration.")

// Mark these as hidden. This means that it will still be parsed of supplied,
// and we will still look for it in the environment, but it won't be shown
// in the help
cobra.CheckErr(rootCmd.PersistentFlags().MarkHidden("cli-auth0-client-id"))
cobra.CheckErr(rootCmd.PersistentFlags().MarkHidden("cli-auth0-domain"))
cobra.CheckErr(rootCmd.PersistentFlags().MarkHidden("honeycomb-api-key"))
cobra.CheckErr(rootCmd.PersistentFlags().MarkHidden("ovm-test-fake"))

Expand Down
20 changes: 12 additions & 8 deletions cmd/tea_ensuretoken.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,18 +231,22 @@ func (m ensureTokenModel) oauthTokenCmd() tea.Msg {
}
}

if m.oi.CLIClientID == "" || m.oi.Auth0Domain == "" {
return fatalError{id: m.spinner.ID(), err: errors.New("missing client id or auth0 domain")}
}

// If we need to get a new token, request the required scopes on top of
// whatever ones the current local, valid token has so that we don't
// keep replacing it
requestScopes := append(m.requiredScopes, localScopes...)

// Authenticate using the oauth device authorization flow
config := oauth2.Config{
ClientID: viper.GetString("cli-auth0-client-id"),
ClientID: m.oi.CLIClientID,
Endpoint: oauth2.Endpoint{
AuthURL: fmt.Sprintf("https://%v/authorize", viper.GetString("cli-auth0-domain")),
TokenURL: fmt.Sprintf("https://%v/oauth/token", viper.GetString("cli-auth0-domain")),
DeviceAuthURL: fmt.Sprintf("https://%v/oauth/device/code", viper.GetString("cli-auth0-domain")),
AuthURL: fmt.Sprintf("https://%v/authorize", m.oi.Auth0Domain),
TokenURL: fmt.Sprintf("https://%v/oauth/token", m.oi.Auth0Domain),
DeviceAuthURL: fmt.Sprintf("https://%v/oauth/device/code", m.oi.Auth0Domain),
},
Scopes: requestScopes,
}
Expand Down Expand Up @@ -434,11 +438,11 @@ func getOauthToken(ctx context.Context, oi OvermindInstance, requiredScopes []st

// Authenticate using the oauth device authorization flow
config := oauth2.Config{
ClientID: viper.GetString("cli-auth0-client-id"),
ClientID: oi.Audience,
Endpoint: oauth2.Endpoint{
AuthURL: fmt.Sprintf("https://%v/authorize", viper.GetString("cli-auth0-domain")),
TokenURL: fmt.Sprintf("https://%v/oauth/token", viper.GetString("cli-auth0-domain")),
DeviceAuthURL: fmt.Sprintf("https://%v/oauth/device/code", viper.GetString("cli-auth0-domain")),
AuthURL: fmt.Sprintf("https://%v/authorize", oi.Auth0Domain),
TokenURL: fmt.Sprintf("https://%v/oauth/token", oi.Auth0Domain),
DeviceAuthURL: fmt.Sprintf("https://%v/oauth/device/code", oi.Auth0Domain),
},
Scopes: requestScopes,
}
Expand Down
Loading