diff --git a/echo-http/config.go b/echo-http/config.go index f31afe3..1d0f365 100644 --- a/echo-http/config.go +++ b/echo-http/config.go @@ -28,9 +28,6 @@ type Config struct { AuthCodeSessionTTL int AuthCodeValidateRedirectURI bool AuthCodeAllowedRedirectURIs string - - // OIDC Configuration (id_token specific) - OIDCEnableJWTSigning bool } func LoadConfig() *Config { @@ -46,7 +43,7 @@ func LoadConfig() *Config { AuthAllowedClientSecret: getEnv("AUTH_ALLOWED_CLIENT_SECRET", ""), AuthSupportedScopes: parseScopes(getEnv("AUTH_SUPPORTED_SCOPES", "openid,profile,email")), AuthTokenExpiry: getIntEnv("AUTH_TOKEN_EXPIRY", 3600), - AuthAllowedGrantTypes: parseGrantTypes(getEnv("AUTH_ALLOWED_GRANT_TYPES", "authorization_code,client_credentials")), + AuthAllowedGrantTypes: parseGrantTypes(getEnv("AUTH_ALLOWED_GRANT_TYPES", "authorization_code,client_credentials,password,refresh_token")), // Resource Owner Password Credentials / Basic Auth settings AuthAllowedUsername: getEnv("AUTH_ALLOWED_USERNAME", "testuser"), @@ -57,9 +54,6 @@ func LoadConfig() *Config { AuthCodeSessionTTL: getIntEnv("AUTH_CODE_SESSION_TTL", 300), AuthCodeValidateRedirectURI: getBoolEnv("AUTH_CODE_VALIDATE_REDIRECT_URI", false), AuthCodeAllowedRedirectURIs: getEnv("AUTH_CODE_ALLOWED_REDIRECT_URIS", ""), - - // OIDC settings (id_token specific) - OIDCEnableJWTSigning: getBoolEnv("OIDC_ENABLE_JWT_SIGNING", false), } } diff --git a/echo-http/docs/api.md b/echo-http/docs/api.md index d47fccf..5865f1f 100644 --- a/echo-http/docs/api.md +++ b/echo-http/docs/api.md @@ -19,18 +19,28 @@ | `HOST` | `0.0.0.0` | Bind address | | `PORT` | `80` | Listen port | +### Authentication Configuration + +Shared credentials used across all authentication methods. + +| Variable | Default | Description | +| ------------------------ | ---------- | -------------------------------------------------------------- | +| `AUTH_ALLOWED_USERNAME` | `testuser` | Username for Basic Auth, Bearer Token, and OAuth2/OIDC flows | +| `AUTH_ALLOWED_PASSWORD` | `testpass` | Password for Basic Auth, Bearer Token, and OAuth2/OIDC flows | + ### OAuth2/OIDC Configuration Configure OAuth2/OIDC server behavior with these environment variables: **OAuth2 Configuration (shared across all flows):** -| Variable | Default | Description | -| ---------------------------- | ----------------------- | ---------------------------------------------- | -| `AUTH_ALLOWED_CLIENT_ID` | (empty - accept any) | Allowed client_id for validation (empty = any) | -| `AUTH_ALLOWED_CLIENT_SECRET` | (empty - public client) | Required client_secret (empty = not required) | -| `AUTH_SUPPORTED_SCOPES` | `openid,profile,email` | Comma-separated list of supported scopes | -| `AUTH_TOKEN_EXPIRY` | `3600` | Access token expiry in seconds | +| Variable | Default | Description | +| ---------------------------- | ----------------------------------------------------------------- | ---------------------------------------------- | +| `AUTH_ALLOWED_CLIENT_ID` | (empty - accept any) | Allowed client_id for validation (empty = any) | +| `AUTH_ALLOWED_CLIENT_SECRET` | (empty - public client) | Required client_secret (empty = not required) | +| `AUTH_SUPPORTED_SCOPES` | `openid,profile,email` | Comma-separated list of supported scopes | +| `AUTH_TOKEN_EXPIRY` | `3600` | Access token expiry in seconds | +| `AUTH_ALLOWED_GRANT_TYPES` | `authorization_code,client_credentials,password,refresh_token` | Comma-separated list of allowed grant types | **Authorization Code Flow Configuration:** @@ -41,12 +51,6 @@ Configure OAuth2/OIDC server behavior with these environment variables: | `AUTH_CODE_VALIDATE_REDIRECT_URI` | `false` | Enable redirect_uri validation | | `AUTH_CODE_ALLOWED_REDIRECT_URIS` | (empty - allow all) | Comma-separated redirect URI patterns | -**OIDC Configuration (id_token specific):** - -| Variable | Default | Description | -| ------------------------- | ------- | ---------------------------------------------- | -| `OIDC_ENABLE_JWT_SIGNING` | `false` | Enable JWT signing (currently not implemented) | - **Example Configuration:** ```bash @@ -55,6 +59,7 @@ export AUTH_ALLOWED_CLIENT_ID=my-app-client-id export AUTH_ALLOWED_CLIENT_SECRET=my-app-secret export AUTH_SUPPORTED_SCOPES=openid,profile,email,custom_scope export AUTH_TOKEN_EXPIRY=3600 +export AUTH_ALLOWED_GRANT_TYPES=authorization_code,client_credentials,password,refresh_token export AUTH_CODE_REQUIRE_PKCE=true export AUTH_CODE_VALIDATE_REDIRECT_URI=true export AUTH_CODE_ALLOWED_REDIRECT_URIS=http://localhost:*,https://myapp.com/callback @@ -489,8 +494,8 @@ Validate Basic Authentication credentials. Configure credentials via environment variables: -- `AUTH_ALLOWED_USERNAME`: Expected username -- `AUTH_ALLOWED_PASSWORD`: Expected password +- `AUTH_ALLOWED_USERNAME`: Expected username (default: `testuser`) +- `AUTH_ALLOWED_PASSWORD`: Expected password (default: `testpass`) **Request:** @@ -515,8 +520,8 @@ Validate Bearer token authentication. The expected token is SHA1(username:passwo Configure credentials via environment variables: -- `AUTH_ALLOWED_USERNAME`: Username -- `AUTH_ALLOWED_PASSWORD`: Password +- `AUTH_ALLOWED_USERNAME`: Username (default: `testuser`) +- `AUTH_ALLOWED_PASSWORD`: Password (default: `testpass`) Generate the token: diff --git a/echo-http/handlers/config.go b/echo-http/handlers/config.go index b0ef853..a395ab5 100644 --- a/echo-http/handlers/config.go +++ b/echo-http/handlers/config.go @@ -22,9 +22,6 @@ type Config struct { AuthCodeSessionTTL int AuthCodeValidateRedirectURI bool AuthCodeAllowedRedirectURIs string - - // OIDC Configuration (id_token specific) - OIDCEnableJWTSigning bool } // SetConfig sets the global configuration for handlers. diff --git a/echo-http/main.go b/echo-http/main.go index eace0fc..696a07d 100644 --- a/echo-http/main.go +++ b/echo-http/main.go @@ -33,7 +33,6 @@ func main() { AuthCodeSessionTTL: cfg.AuthCodeSessionTTL, AuthCodeValidateRedirectURI: cfg.AuthCodeValidateRedirectURI, AuthCodeAllowedRedirectURIs: cfg.AuthCodeAllowedRedirectURIs, - OIDCEnableJWTSigning: cfg.OIDCEnableJWTSigning, }) r := chi.NewRouter()