diff --git a/conf/frpc_full.ini b/conf/frpc_full.ini index 6605ee2b..58aefde8 100644 --- a/conf/frpc_full.ini +++ b/conf/frpc_full.ini @@ -51,10 +51,11 @@ oidc_audience = # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "". oidc_token_endpoint_url = -# oidc_additional_endpoint_params specifies additional parameters to be sent to the OIDC Token Endpoint. -# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "". -# If it's not empty, it should be a json string, like {"audience": ["https://dev.auth.com/api/v2/"]} -oidc_additional_endpoint_params = {"audience": ["https://dev.auth.com/api/v2/"], "scope": ["openid", "profile", "email"]} +# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint. +# For example, if you want to specify the "audience" parameter, you can set as follow. +# frp will add "audience=" "var1=" to the additional parameters. +# oidc_additional_audience = https://dev.auth.com/api/v2/ +# oidc_additional_var1 = foobar # set admin address for control frpc's action by http api such as reload admin_addr = 127.0.0.1 diff --git a/pkg/auth/oidc.go b/pkg/auth/oidc.go index adbbee30..8a9f3404 100644 --- a/pkg/auth/oidc.go +++ b/pkg/auth/oidc.go @@ -16,7 +16,6 @@ package auth import ( "context" - "encoding/json" "fmt" "github.com/fatedier/frp/pkg/msg" @@ -43,16 +42,18 @@ type OidcClientConfig struct { OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"` // OidcAdditionalEndpointParams specifies additional parameters to be sent - // this field will be Unmarshal to map[string][]string - OidcAdditionalEndpointParams string `ini:"oidc_additional_endpoint_params" json:"oidc_additional_endpoint_params"` + // this field will be transfer to map[string][]string in OIDC token generator + // The field will be set by prefix "oidc_additional_" + OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"` } func getDefaultOidcClientConf() OidcClientConfig { return OidcClientConfig{ - OidcClientID: "", - OidcClientSecret: "", - OidcAudience: "", - OidcTokenEndpointURL: "", + OidcClientID: "", + OidcClientSecret: "", + OidcAudience: "", + OidcTokenEndpointURL: "", + OidcAdditionalEndpointParams: make(map[string]string), } } @@ -94,11 +95,8 @@ type OidcAuthProvider struct { func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider { eps := make(map[string][]string) - if cfg.OidcAdditionalEndpointParams != "" { - err := json.Unmarshal([]byte(cfg.OidcAdditionalEndpointParams), &eps) - if err != nil { - panic(err) - } + for k, v := range cfg.OidcAdditionalEndpointParams { + eps[k] = []string{v} } tokenGenerator := &clientcredentials.Config{ diff --git a/pkg/config/client.go b/pkg/config/client.go index 9a0786fa..e65e1064 100644 --- a/pkg/config/client.go +++ b/pkg/config/client.go @@ -261,6 +261,8 @@ func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) { } common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_") + common.ClientConfig.OidcAdditionalEndpointParams = GetMapWithoutPrefix(s.KeysHash(), "oidc_additional_") + return common, nil }