Add initial support for templates in the OIDC provisioner.

This commit is contained in:
Mariano Cano 2020-07-08 19:01:59 -07:00
parent 534a6b6c4c
commit 206bc6757a

View file

@ -13,6 +13,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/certificates/x509util"
"github.com/smallstep/cli/jose"
)
@ -63,6 +64,7 @@ type OIDC struct {
Groups []string `json:"groups,omitempty"`
ListenAddress string `json:"listenAddress,omitempty"`
Claims *Claims `json:"claims,omitempty"`
Options *ProvisionerOptions `json:"options,omitempty"`
configuration openIDConfiguration
keyStore *keyStore
claimer *Claimer
@ -301,7 +303,16 @@ func (o *OIDC) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSign")
}
data := x509util.CreateTemplateData(claims.Subject, []string{claims.Email})
data.SetToken(claims)
templateOptions, err := TemplateOptions(o.Options, data)
if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSign")
}
so := []SignOption{
templateOptions,
// modifiers / withOptions
newProvisionerExtensionOption(TypeOIDC, o.Name, o.ClientID),
profileDefaultDuration(o.claimer.DefaultTLSCertDuration()),