[TMA-630][haoliu & llr] Get OIDC label by oidc id

techops-staffing · Feb 25, 2019 · 7d436ca · 7d436ca
1 parent a40ee3f
commit 7d436ca
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 1 deletion.
diff --git a/kong/plugins/okta-auth/access.lua b/kong/plugins/okta-auth/access.lua
@@ -28,6 +28,22 @@ local function extract_data(token_data)
   return extracted_data
 end
 
+local function make_oidc(token_data)
+  kong.log.info()("Make Oidc")
+
+  local oidc = extract_data(token_data)
+  local oidc_label = okta_api.get_oidc_label(oidc.cid)
+
+  if oidc_label then
+    kong.log.debug(" Complete Oidc label Success.")
+    oidc['Lab'] = oidc_label
+  else
+    kong.log.err(" Complete Oidc label failed.")
+  end
+
+  return oidc
+end
+
 function _M.execute(request, conf)
   local token = extract_token(request)
   if not token then return nil end
@@ -39,7 +55,7 @@ function _M.execute(request, conf)
     return nil
   end
 
-  return true, extract_data(token_data)
+  return true, make_oidc(token_data)
 end
 
 return _M
diff --git a/kong/plugins/okta-auth/okta_api.lua b/kong/plugins/okta-auth/okta_api.lua
@@ -1,6 +1,7 @@
 local https = require "ssl.https"
 local ltn12 = require "ltn12"
 local mime = require "mime"
+local singletons = require "kong.singletons"
 
 local _M = {}
 
@@ -40,4 +41,56 @@ function _M.introspect(auth_server, api_version, client_id, client_secret, token
   return response_body[1] or response_body
 end
 
+local function get_Oidc_headers()
+    local token = os.getenv('OKTA_TOKEN')
+    return {
+        ["Content-Type"] = "application/json",
+        ["Accept"] = "application/json",
+        ["Authorization"] = "SSWS " .. token
+    }
+end
+
+local function fetch_objc_label(oidc_id)
+    local url = os.getenv('OKTA_BASE_URL') .. '/api/v1/apps/' .. oidc_id
+    local headers = get_Oidc_headers()
+    local status_code, response_body, response_headers = send_request(
+            url, "GET", headers, body_params
+    )
+
+    if status_code ~= 200 or not response_body then
+        kong.log.err("Assemble OIDC Label failed with :status_code ", status_code)
+        return nil
+    end
+
+    local oidc = response_body[1] or response_body
+    return oidc.label
+end
+
+function _M.get_oidc_label(oidc_id)
+    kong.log.info("Get OIDC label.")
+
+    local cache = singletons.cache
+    local oidc_label
+
+    if cache ~= nil then
+        local ttl, err, value = cache:probe(oidc_id)
+        if ttl then
+            oidc_label = value
+        else
+            oidc_label, err = cache:get(oidc_id, nil, fetch_objc_label, oidc_id)
+        end
+
+        if err then
+            kong.log.err("Cache OIDC label by it's id failed.", err)
+            oidc_label = nil
+        end
+    end
+
+    if not oidc_label then
+        oidc_label = fetch_objc_label(oidc_id)
+    end
+
+    return oidc_label
+end
+
 return _M