pomdtr.me / smallweb
this repo has no description smallweb.run
smallweb
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

externalize the oidc adapter

pomdtr 7a65ffa2 22d1d61d

+2 -79
+2 -79
example/auth/main.ts
··· 5 5 import { MemoryStorage } from "npm:/@openauthjs/openauth@^0.3.7/storage/memory"; 6 6 import { createSubjects } from "npm:@openauthjs/openauth@^0.3.7/subject"; 7 7 import { object, string } from "npm:valibot@1.0.0" 8 - import { signingKeys } from "npm:@openauthjs/openauth@^0.3.7/keys"; 9 - import { jwtVerify, SignJWT } from "npm:jose" 10 - import * as fs from "jsr:@std/fs@^1.0.11"; 8 + import { oicd } from "jsr:@pomdtr/openauth-oidc@0.1.1"; 11 9 12 10 const { GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET } = Deno.env.toObject(); 13 11 if (!GITHUB_CLIENT_ID || !GITHUB_CLIENT_SECRET) { ··· 55 53 }) 56 54 57 55 58 - export default { 59 - fetch: async (req: Request) => { 60 - await fs.ensureDir("./data"); 61 - const url = new URL(req.url); 62 - 63 - if (url.pathname === "/.well-known/openid-configuration") { 64 - const resp = await iss.request(new URL("/.well-known/oauth-authorization-server", url)) 65 - const oauth2Config = await resp.json() 66 - return Response.json({ 67 - ...oauth2Config, 68 - userinfo_endpoint: new URL("/userinfo", url).toString(), 69 - scopes_supported: ["openid", "email", "groups"], 70 - id_token_signing_alg_values_supported: ["ES256"], 71 - }, { 72 - headers: { 73 - "content-type": "application/json", 74 - "access-control-allow-origin": "*", 75 - "access-control-allow-methods": "GET", 76 - "access-control-allow-headers": "Content-Type", 77 - } 78 - }) 79 - } 80 - 81 - if (url.pathname === "/token") { 82 - if (req.headers.get("content-type") !== "application/x-www-form-urlencoded") { 83 - return new Response("Invalid content type", { 84 - status: 400, 85 - }) 86 - } 87 - 88 - const params = new URLSearchParams(await req.text()) 89 - if (!params.has("client_id")) { 90 - return new Response("Missing client_id", { 91 - status: 400, 92 - }) 93 - } 94 - 95 - const resp = await iss.request(req.url, { 96 - method: req.method, 97 - headers: req.headers, 98 - body: params.toString(), 99 - }) 100 - 101 - if (!resp.ok) { 102 - return resp 103 - } 104 - 105 - const tokens = await resp.json() 106 - 107 - const signinKey = await signingKeys(storage).then((keys) => keys[0]) 108 - const access_token = await jwtVerify<{ 109 - type: string, 110 - properties: Record<string, unknown>, 111 - }>(tokens.access_token, signinKey.public) 112 - const jwt = new SignJWT({ 113 - ...access_token.payload.properties, 114 - groups: [access_token.payload.type], 115 - aud: access_token.payload.aud, 116 - iss: access_token.payload.iss, 117 - sub: access_token.payload.sub, 118 - exp: access_token.payload.exp, 119 - }) 120 - 121 - jwt.setProtectedHeader(access_token.protectedHeader) 122 - jwt.sign(signinKey.private) 123 - 124 - 125 - return Response.json({ 126 - id_token: await jwt.sign(signinKey.private), 127 - ...tokens, 128 - }) 129 - } 130 - 131 - return iss.fetch(req); 132 - } 133 - } 56 + export default oicd(iss, storage)