feat: OIDC flow (#4)

Dockerfile

@@ -9,7 +9,7 @@ COPY . .
 RUN cd /workspace && go mod download
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o main main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o main -a cmd/main.go
 
 # Use distroless as minimal base image to package the manager binary
 FROM gcr.io/distroless/base:latest-amd64

Makefile

@@ -15,7 +15,7 @@ else
 endif
 
 build:	### Build
-	go build -o main -a main.go
+	go build -o main -a cmd/main.go
 
 fmt:	### Run go fmt against code
 	go fmt ./...

README.md

@@ -1,15 +1,15 @@
 # Authentication Service
 
-This is a rewrite of the [arrikto/oidc-authservice](https://github.com/arrikto/oidc-authservice) project to be as simple as possible.
+This is a simple project that makes the authentication service with the OIDC flow.
 
-An Authentication Service is an HTTP Server that an API Gateway (eg Ambassador, Envoy) asks if an incoming request is authorized.
+Basically, you need to have an OIDC Provider ([config parameters](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest)) and configure the Authentication Service.
 
 * * *
 ## OpenID Connect
 
 [OpenID Connect (OIDC)](http://openid.net/connect/) is an authentication layer on top of the OAuth 2.0 protocol. As OAuth 2.0 is fully supported by OpenID Connect, existing OAuth 2.0 implementations work with it out of the box.
 
-Currently it only supports OIDC's [Authorization Code Flow](http://openid.net/specs/openid-connect-basic-1_0.html#CodeFlow), similar to OAuth 2.0 Authorization Code Grant.
+Currently, it only supports OIDC's [Authorization Code Flow](http://openid.net/specs/openid-connect-basic-1_0.html#CodeFlow), similar to OAuth 2.0 Authorization Code Grant.
 
 * * *
 ## About 👯‍♂️

cmd/main.go

@@ -0,0 +1,66 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/ydataai/authentication-service/internal/clients"
+	"github.com/ydataai/authentication-service/internal/controllers"
+	"github.com/ydataai/authentication-service/internal/services"
+	"github.com/ydataai/authentication-service/internal/storages"
+	"github.com/ydataai/go-core/pkg/common/config"
+	"github.com/ydataai/go-core/pkg/common/logging"
+	"github.com/ydataai/go-core/pkg/common/server"
+)
+
+var (
+	errChan = make(chan error)
+)
+
+func main() {
+	loggerConfiguration := logging.LoggerConfiguration{}
+	serverConfiguration := server.HTTPServerConfiguration{}
+	oidcConfiguration := clients.OIDCConfiguration{}
+	restConfiguration := controllers.RESTControllerConfiguration{}
+	sessionStorageConfiguration := storages.SessionStorageConfiguration{}
+
+	if err := config.InitConfigurationVariables([]config.ConfigurationVariables{
+		&loggerConfiguration,
+		&serverConfiguration,
+		&oidcConfiguration,
+		&restConfiguration,
+		&sessionStorageConfiguration,
+	}); err != nil {
+		fmt.Println(fmt.Errorf("[✖️] Could not set configuration variables. Err: %v", err))
+		os.Exit(1)
+	}
+
+	logger := logging.NewLogger(loggerConfiguration)
+
+	logger.Info("Starting: Authentication Service")
+
+	oidcClient := clients.NewOIDCClient(logger, oidcConfiguration)
+
+	// Start OIDC Provider setup.
+	oidcClient.StartSetup()
+
+	// Initializes a storage to save temporary sessions configured with TTL.
+	sessionStorage := storages.NewSessionStorage(sessionStorageConfiguration)
+
+	oidcService := services.NewOIDCService(logger, oidcClient, sessionStorage)
+
+	restController := controllers.NewRESTController(logger, restConfiguration, oidcService)
+
+	httpServer := server.NewServer(logger, serverConfiguration)
+	restController.Boot(httpServer)
+	httpServer.Run(context.Background())
+
+	// HealthCheck
+	httpServer.AddHealthz()
+	httpServer.AddReadyz(func() bool { return true })
+
+	for err := range errChan {
+		logger.Error(err)
+	}
+}

go.mod

@@ -2,11 +2,38 @@ module github.com/ydataai/authentication-service
 
 go 1.17
 
-require github.com/ydataai/go-core v0.1.1
+require (
+	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/gin-gonic/gin v1.7.4
+	github.com/golang-jwt/jwt/v4 v4.2.0
+	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/ydataai/go-core v0.2.1
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+)
 
 require (
-	github.com/kelseyhightower/envconfig v1.4.0 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.13.0 // indirect
+	github.com/go-playground/universal-translator v0.17.0 // indirect
+	github.com/go-playground/validator/v10 v10.4.1 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/ugorji/go/codec v1.1.7 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
 	golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )