Add auth url (#466)

* Add auth url Co-authored-by: Jonas Plum <git@jonasplum.de>
2025-12-06 23:32:47 +01:00 · 2022-10-01 03:05:07 +02:00
parent 5b5bba30ca
commit a50133f6fd
2 changed files with 19 additions and 2 deletions
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -31,6 +31,7 @@ type Config struct {
 	OIDCAuthEnable   bool

 	OIDCIssuer       string
+	AuthURL          string
 	OAuth2           *oauth2.Config
 	UserCreateConfig *UserCreateConfig

@@ -64,6 +65,9 @@ func (c *Config) Load(ctx context.Context) error {
 		if err == nil {
 			c.provider = provider
 			c.OAuth2.Endpoint = provider.Endpoint()
+			if c.AuthURL != "" {
+				c.OAuth2.Endpoint.AuthURL = c.AuthURL
+			}

 			break
 		}
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,6 +1,8 @@
 package cmd

 import (
+	"errors"
+
 	"github.com/alecthomas/kong"
 	kongyaml "github.com/alecthomas/kong-yaml"
 	"github.com/coreos/go-oidc/v3/oidc"
@@ -30,9 +32,10 @@ type CLI struct {
 	APIKeyAuthEnable bool `env:"API_KEY_AUTH_ENABLE" default:"true"`

 	OIDCEnable        bool     `env:"OIDC_ENABLE"         default:"true"`
-	OIDCIssuer        string   `env:"OIDC_ISSUER"         required:""`
+	OIDCIssuer        string   `env:"OIDC_ISSUER"`
+	AuthURL           string   `env:"OIDC_AUTH_URL"`
 	OIDCClientID      string   `env:"OIDC_CLIENT_ID"      default:"catalyst"`
-	OIDCClientSecret  string   `env:"OIDC_CLIENT_SECRET"  required:""`
+	OIDCClientSecret  string   `env:"OIDC_CLIENT_SECRET"`
 	OIDCScopes        []string `env:"OIDC_SCOPES"                                      help:"Additional scopes, ['oidc', 'profile', 'email'] are always added." placeholder:"customscopes"`
 	OIDCClaimUsername string   `env:"OIDC_CLAIM_USERNAME" default:"preferred_username" help:"username field in the OIDC claim"`
 	OIDCClaimEmail    string   `env:"OIDC_CLAIM_EMAIL"    default:"email"              help:"email field in the OIDC claim"`
@@ -57,6 +60,15 @@ func ParseCatalystConfig() (*catalyst.Config, error) {
 		kong.Configuration(kongyaml.Loader, "/etc/catalyst.yaml", ".catalyst.yaml"),
 	)

+	if cli.OIDCEnable {
+		if cli.OIDCIssuer == "" {
+			return nil, errors.New("OIDC issuer not set")
+		}
+		if cli.OIDCClientSecret == "" {
+			return nil, errors.New("OIDC client secret is required")
+		}
+	}
+
 	return MapConfig(cli)
 }

@@ -84,6 +96,7 @@ func MapConfig(cli CLI) (*catalyst.Config, error) {
 			APIKeyAuthEnable: cli.APIKeyAuthEnable,
 			OIDCAuthEnable:   cli.OIDCEnable,
 			OIDCIssuer:       cli.OIDCIssuer,
+			AuthURL:          cli.AuthURL,
 			OAuth2: &oauth2.Config{
 				ClientID:     cli.OIDCClientID,
 				ClientSecret: cli.OIDCClientSecret,