diff --git a/pkg/restapi/operation/operations.go b/pkg/restapi/operation/operations.go index 17cedea..2faeb2c 100644 --- a/pkg/restapi/operation/operations.go +++ b/pkg/restapi/operation/operations.go @@ -12,13 +12,13 @@ import ( "encoding/json" "errors" "fmt" - "net/http" - "github.com/coreos/go-oidc" "github.com/google/uuid" "github.com/trustbloc/edge-core/pkg/log" "github.com/trustbloc/edge-core/pkg/storage" "golang.org/x/oauth2" + "net/http" + "net/url" "github.com/trustbloc/hub-auth/pkg/bootstrap/user" "github.com/trustbloc/hub-auth/pkg/internal/common/support" @@ -27,6 +27,7 @@ import ( const ( oauth2GetRequestPath = "/oauth2/request" oauth2CallbackPath = "/oauth2/callback" + // api path params scopeQueryParam = "scope" @@ -115,6 +116,7 @@ type Operation struct { oidcClientID string oidcClientSecret string oidcCallbackURL string + uiEndpoint string oauth2ConfigFunc func(...string) oauth2Config bootstrapStore storage.Store } @@ -127,6 +129,7 @@ type Config struct { OIDCClientID string OIDCClientSecret string OIDCCallbackURL string + UIEndpoint string TransientStoreProvider storage.Provider StoreProvider storage.Provider } @@ -135,7 +138,7 @@ type createOIDCRequestResponse struct { Request string `json:"request"` } -// New returns rp operation instance. +// New returns hub-auth operation instance. func New(config *Config) (*Operation, error) { svc := &Operation{ client: &http.Client{Transport: &http.Transport{TLSClientConfig: config.TLSConfig}}, @@ -143,6 +146,7 @@ func New(config *Config) (*Operation, error) { oidcClientID: config.OIDCClientID, oidcClientSecret: config.OIDCClientSecret, oidcCallbackURL: config.OIDCCallbackURL, + uiEndpoint: config.UIEndpoint, } // TODO implement retries: https://github.com/trustbloc/hub-auth/issues/45 @@ -323,7 +327,15 @@ func (c *Operation) handleOIDCCallback(w http.ResponseWriter, r *http.Request) { return } - handleAuthResult(w, r, userProfile) + profileBytes, err := json.Marshal(userProfile) + if err != nil { + c.writeErrorResponse(w, http.StatusInternalServerError, + fmt.Sprintf("failed to marshal user profile data : %s", err)) + + return + } + + c.handleAuthResult(w, r, profileBytes) } // TODO onboard user at key server and SDS: https://github.com/trustbloc/hub-auth/issues/38 @@ -340,9 +352,21 @@ func (c *Operation) onboardUser(id string) (*user.Profile, error) { return userProfile, nil } -// TODO redirect to the UI: https://github.com/trustbloc/hub-auth/issues/39 -func handleAuthResult(w http.ResponseWriter, r *http.Request, _ *user.Profile) { - http.Redirect(w, r, "", http.StatusFound) +func (c *Operation) handleAuthResult(w http.ResponseWriter, r *http.Request, profileBytes []byte) { + handle := url.QueryEscape(uuid.New().String()) + + err := c.transientStore.Put(handle, profileBytes) + if err != nil { + c.writeErrorResponse(w, + http.StatusInternalServerError, fmt.Sprintf("failed to write handle to transient store : %s", err)) + + return + } + + redirectURL := fmt.Sprintf("%s?up=%s", c.uiEndpoint, handle) + + http.Redirect(w, r, redirectURL, http.StatusFound) + logger.Debugf("redirected to: %s", redirectURL) } func handleAuthError(w http.ResponseWriter, status int, msg string) {