Cleanup

Author: alukach

docker-compose.yaml

@@ -59,89 +59,11 @@ services:
 
   mock-oidc:
     build:
-      context: ./mock_oidc_server
+      context: ./examples/mock_oidc_server
     ports:
       - "3000:3000"
     volumes:
-      - ./mock_oidc_server:/app
-
-  # dex:
-  #   image: ghcr.io/dexidp/dex:v2.42.0-alpine
-  #   ports:
-  #     - "5556:5556"
-  #   volumes:
-  #     - ./examples/dex/config.yaml:/etc/dex/cfg/config.yaml
-  #   entrypoint: ["dex", "serve", "/etc/dex/cfg/config.yaml"]
-
-  # hydra:
-  #   image: oryd/hydra:v2.2.0
-  #   ports:
-  #     - "4444:4444"
-  #     - "4445:4445"
-  #   environment:
-  #     - DSN=memory
-  #     - URLS_SELF_ISSUER=http://localhost:4444
-  #     - URLS_CONSENT=http://localhost:3000/consent
-  #     - URLS_LOGIN=http://localhost:3000/login
-  #     - SECRETS_SYSTEM=youReallyNeedToChangeThis
-  #     - LOG_LEAK_SENSITIVE_VALUES=true
-  #     - SERVE_PUBLIC_CORS_ENABLED=true
-  #     - SERVE_PUBLIC_CORS_ALLOWED_ORIGINS=*
-  #     - SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE,OPTIONS
-  #     - SERVE_PUBLIC_CORS_ALLOWED_HEADERS=Authorization,Content-Type,Accept
-  #     - SERVE_PUBLIC_CORS_EXPOSED_HEADERS=Content-Type
-  #     - SERVE_PUBLIC_CORS_DEBUG=true
-  #     - SERVE_TLS_KEY_PATH=
-  #     - SERVE_TLS_CERT_PATH=
-  #   command: serve all --dev
-
-  # login-consent-app:
-  #   image: oryd/hydra-login-consent-node:v2.0.3
-  #   ports:
-  #     - "3000:3000"
-  #   environment:
-  #     - HYDRA_ADMIN_URL=http://hydra:4445
-  #     - NODE_TLS_REJECT_UNAUTHORIZED=0
-
-  # hydra-setup:
-  #   image: curlimages/curl:8.5.0
-  #   depends_on:
-  #     - hydra
-  #   entrypoint: ["/bin/sh", "-c"]
-  #   command: |
-  #     '
-  #     until curl -s http://hydra:4445/health/ready; do
-  #       echo "Waiting for Hydra to be ready..."
-  #       sleep 1
-  #     done
-
-  #     echo "Registering OIDC client..."
-  #     curl --verbose -X POST http://hydra:4445/admin/clients \
-  #       -H "Content-Type: application/json" \
-  #       -d @- <<EOF
-  #       { 
-  #         "client_id": "stac", 
-  #         "client_secret": "secret", 
-  #         "grant_types": ["authorization_code", "refresh_token"], 
-  #         "response_types": ["code", "id_token"], 
-  #         "redirect_uris": ["http://localhost:8000/docs/oauth2-redirect"], 
-  #         "scope": "openid offline", 
-  #         "token_endpoint_auth_method": "client_secret_post" 
-  #       } EOF
-  #     '
-
-  # auth0:
-  #   image: public.ecr.aws/primaassicurazioni/localauth0:0.8.2
-  #   healthcheck:
-  #     test: ["CMD", "/localauth0", "healthcheck"]
-  #   ports:
-  #     - "3000:3000"
-  #     - "3001:3001"
-  #   environment:
-  #     LOCALAUTH0_CONFIG: |
-  #       issuer = "https://prima.localauth0.com/"
-  #       [user_info]
-  #       given_name = "Locie"
+      - ./examples/mock_oidc_server:/app
 
 networks:
   default:

examples/dex/config.yaml

@@ -0,0 +1,2 @@
+jwks.json
+private_key.pem

examples/mock_oidc_server/.gitignore

@@ -1,10 +1,13 @@
-# ruff: noqa
 # type: ignore
+"""Mock OIDC server for demo/experimentation."""
+
 
 import base64
 import hashlib
+import json
 import os
 from datetime import datetime, timedelta
+from pathlib import Path
 from typing import Optional
 from urllib.parse import urlencode
 
@@ -29,7 +32,35 @@
 )
 
 # Configuration
-ISSUER = "http://localhost:3000"
+CLIENT_ID = os.environ.get("CLIENT_ID", "stac")
+CLIENT_SECRET = os.environ.get("CLIENT_SECRET", "secret")
+REDIRECT_URI = os.environ.get(
+    "REDIRECT_URI", "http://localhost:8000/docs/oauth2-redirect"
+)
+ISSUER = os.environ.get("ISSUER", "http://localhost:3000")
+
+# Key paths - determine from current file location
+APP_DIR = Path(__file__).parent
+PRIVATE_KEY_PATH = APP_DIR / "private_key.pem"
+JWKS_PATH = APP_DIR / "jwks.json"
+
+
+def load_or_generate_keys():
+    """Load keys from files if they exist, otherwise generate and save them."""
+    # If both files exist, load them
+    if PRIVATE_KEY_PATH.exists() and JWKS_PATH.exists():
+        private_key = PRIVATE_KEY_PATH.read_text()
+        jwks = json.loads(JWKS_PATH.read_text())
+        return private_key, jwks
+
+    # Otherwise, generate new keys
+    private_key, jwks = generate_key_pair()
+
+    # Save the keys
+    PRIVATE_KEY_PATH.write_text(private_key)
+    JWKS_PATH.write_text(json.dumps(jwks, indent=2))
+
+    return private_key, jwks
 
 
 # Generate RSA key pair
@@ -73,8 +104,8 @@ def int_to_base64url(value):
     )
 
 
-# Generate key pair on startup
-PRIVATE_KEY, JWKS = generate_key_pair()
+# Load or generate key pair on startup
+PRIVATE_KEY, JWKS = load_or_generate_keys()
 
 # In-memory storage
 authorization_codes = {}
@@ -83,9 +114,9 @@ def int_to_base64url(value):
 
 # Mock client registry
 clients = {
-    "stac": {
-        "client_secret": "secret",
-        "redirect_uris": ["http://localhost:8000/docs/oauth2-redirect"],
+    CLIENT_ID: {
+        "client_secret": CLIENT_SECRET,
+        "redirect_uris": [REDIRECT_URI],
         "grant_types": ["authorization_code"],
     }
 }