Initial commit

.editorconfig

+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Matches multiple files with brace expansion notation
+# Set default charset
+[*.{js,json,yaml}]
+charset = utf-8
+indent_style = space
+indent_size = 2

.gitignore

+node_modules
+.env

JWTFedAdapter.js

+
+const ESFetcher = require('jwtfed').ESFetcher
+
+const clients = [{ client_id: 'foo', client_secret: 'bar', redirect_uris: ['http://lvh.me/cb'] }];
+const clientCache = {}
+
+const trustroot = [
+    {
+        "sub": "https://edugain.andreas.labs.uninett.no/openid",
+        "subTypes": ["openidProvider", "openidClient"],
+        "metadata": {
+          "openidClient": {
+            "special": true
+          }
+        },
+        "jwks": [
+          {
+            "kty": "RSA",
+            "use": "sig",
+            "alg": "RS256",
+            "n": "qnd5_krrHKzuJzb5_YEt4sP-YOGSbfVL_g06h1Q-q0nzTsO8MwtWVQx1nuR1cV-ruNwF2sFFGRNejVNKOxL8n5tGuYgJBRJBB5KcbnvRqSEMpObJxQzQuQrzxXFqMlmVRaaCINL5qFWTmdJz79cPleBBPr9DsD9O-nDSGV-R0LT3YWH0SrY5cEDVasUhWnFRY5eOTMRtxUB2m8FXBaZVAlIr5-Gy-SaTmybKQJ74iVpG16Hbw4t0tw14ReEO0aAsDq24cU7bHOueWnxZPfOltueZnIEKe3_eAmh-fieLvkkZSKqXRWKg_tZDbnjUqWH2lVvC2ReEOrns971V0Hjcbw",
+            "e": "AQAB",
+            "key_ops": [
+              "verify"
+            ],
+            "ext": true,
+            "kid": "edugain"
+          }
+        ]
+    }
+]
+
+
+class JWTFedAdapter {
+
+  constructor(name) {
+    this.name = name
+    this.jwtfed = new ESFetcher()
+  }
+
+  async find(id) {
+    if (clientCache.hasOwnProperty(id)) {
+      console.log("Returning cache of  " + id)
+      return clientCache[id]
+    }
+    console.log("Finding an client " + id)
+    console.log(JSON.stringify(clients[0], undefined, 2))
+
+    this.jwtfed.fetchChained(id)
+      .then((list) => {
+        console.log("Resulting list of entity statements from JWT Federation")
+        console.log(JSON.stringify(list, undefined, 2), {language: "json"})
+
+        const tc = new TrustChain(trustroot)
+        list.forEach((es) => {
+          tc.add(es)
+        })
+        tc.dump()
+        let paths = tc.findPaths()
+        if (paths.length === 0) {throw new Error("No trust paths found")}
+
+        console.log()
+        console.log(highlight("Discovered trusted paths ", {language: "markdown"}))
+        console.log(highlight(JSON.stringify(paths, undefined, 2), {language: "json"}))
+        console.log()
+
+        let metadata = tc.validate(paths[0], 'openidClient')
+        console.log(highlight("--------- ", {language: "markdown"}))
+        console.log(highlight("Resolved metadata for " + metadata.identifier, {language: "markdown"}))
+        console.log(highlight("Type " + metadata.entityType, {language: "markdown"}))
+
+        console.log(highlight("Trusted JWKS:", {language: "markdown"}))
+        console.log(highlight(JSON.stringify(metadata.jwks, undefined, 2), {language: "json"}))
+
+        console.log(highlight("Metadata:", {language: "markdown"}))
+        console.log(highlight(JSON.stringify(metadata.metadata, undefined, 2), {language: "json"}))
+        return metadata.metadata
+
+
+      })
+
+  }
+
+  async upsert(id, payload, expiresIn) {
+    console.log("ID", id, " payload ", payload, " expiresin ", expiresIn)
+    clientCache[id] = payload
+    return payload
+  }
+
+  async findByUserCode(userCode) {
+    console.log("findByUserCode()")
+  }
+
+  async destroy(id) {
+    console.log("destroy()")
+    delete clientCache[0]
+  }
+
+  async consume(id) {
+    console.log("consume()")
+  }
+
+  key(id) {
+    return `${this.name}:${id}`;
+  }
+
+}
+
+module.exports = JWTFedAdapter

package.json

+{
+  "name": "jwtfed-provider",
+  "version": "1.0.0",
+  "description": "JWT Federation Demo Provider",
+  "main": "index.js",
+  "scripts": {
+    "main": "node server",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "jwt",
+    "openid connect",
+    "oauth"
+  ],
+  "author": "Andreas Åkre Solberg <andreas.solberg@uninett.no>",
+  "license": "ISC",
+  "dependencies": {
+    "jwtfed": "^1.0.0",
+    "oidc-provider": "^4.5.0"
+  }
+}

server.js

+
+const JWTFedAdapter = require('./JWTFedAdapter')
+const Provider = require('oidc-provider');
+const assert = require('assert')
+const configuration = {
+  // ... see available options /docs/configuration.md
+};
+
+
+const clients = [{ client_id: 'foo', client_secret: 'bar', redirect_uris: ['http://lvh.me/cb'] }];
+
+
+assert(process.env.SECURE_KEY, 'process.env.SECURE_KEY missing, run `heroku addons:create securekey`')
+assert.equal(process.env.SECURE_KEY.split(',').length, 2, 'process.env.SECURE_KEY format invalid')
+
+const oidc = new Provider('http://localhost:3000', configuration);
+
+(async () => {
+  await oidc.initialize({ adapter: JWTFedAdapter });
+  // oidc.callback => express/nodejs style application callback (req, res)
+  // oidc.app => koa2.x application
+  oidc.listen(3000);
+  oidc.keys = process.env.SECURE_KEY.split(',');
+  console.log('oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration');
+})().catch((err) => {
+  console.error(err);
+  process.exitCode = 1;
+});
+
+
+// http://localhost:3000/auth?client_id=foo&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&scope=openid&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&response_type=code
+
+
+// http://localhost:3000/auth?/auth?client_id=foo&response_type=code&scope=openid
+
+// http://localhost:3000/auth?client_id=foo&response_type=code&scope=openid