WIP

Author: dmitrizagidulin

.gitignore

@@ -7,4 +7,4 @@ accounts
 profile
 inbox
 .acl
-config.json
+config.json

lib/create-app.js

@@ -10,8 +10,7 @@ var proxy = require('./handlers/proxy')
 var IdentityProvider = require('./identity-provider')
 var vhost = require('vhost')
 var path = require('path')
-var AnvilConnect = require('./handlers/auth-oidc')
-var bodyParser = require('body-parser')
+var OidcProvider = require('./oidc-provider')
 
 var corsSettings = cors({
   methods: [
@@ -107,7 +106,17 @@ function createApp (argv) {
   ldp.oidc = true
   if (ldp.oidc) {
     var oidc = OidcProvider()
-    app.use('/', oidc.authenticate())
+    var localProviderConfig = {
+      issuer: 'https://anvil.local',
+      client_id: 'cfe8d9a7-e1f6-4b88-9d55-0be004a62870',
+      client_secret: '62b0bc1698ff97bdc7c7',
+      redirect_uri: 'https://ldnode.local:8443/api/oidc/rp'
+    }
+    // TODO: ensureTrustedClient is async, possible race condition on server
+    //   startup
+    oidc.ensureTrustedClient(localProviderConfig)
+    app.locals.oidc = oidc
+    app.use('/', oidc.authenticate, oidc.authSessionInit)
     app.use('/api/oidc', oidc.middleware(corsSettings))
   }
 

lib/handlers/auth-oidc.js

@@ -62,7 +62,7 @@ If you are not redirected automatically, follow the <a href='${url}'>link to log
 
 function redirectToLogin (err, req, res, next) {
   res.header('Content-Type', 'text/html')
-  var loginUrl = req.app.locals.oidcClient.urlForLogin(req)
+  var loginUrl = req.app.locals.oidc.urlForSignin(req)
   debug('Redirecting to login: ' + loginUrl)
   var currentUrl = util.fullUrlForReq(req)
   req.session.returnToUrl = currentUrl

lib/handlers/error-pages.js

@@ -0,0 +1,24 @@
+'use strict'
+
+module.exports.default = OIDClientStore
+
+class OIDClientStore {
+  constructor() {
+    this.clients = {}
+  }
+  put(client) {
+    return new Promise((resolve) => {
+      this.clients[client.issuer] = client
+      resolve()
+    })
+  }
+  get(issuer) {
+    return new Promise((resolve, reject) => {
+      if (!issuer in this.clients) {
+        resolve(null)
+      } else {
+        resolve(this.clients[issuer])
+      }
+    })
+  }
+}