feat: add customizable authorization

index.js

@@ -4,6 +4,7 @@ import { Issuer } from "openid-client";
 import session from "express-session";
 import morgan from "morgan";
 import * as crypto from "crypto";
+import bodyParser from "body-parser";
 
 const port = parseInt(process.env.PORT, 10) || 3000;
 const origin = `${process.env.HOST}`;
@@ -35,6 +36,24 @@ const getMcpClient = async () => {
   });
 };
 
+const acr_values = process.env.ACR_VALUES
+  ? process.env.ACR_VALUES.split(",")
+  : null;
+const login_hint = process.env.LOGIN_HINT || null;
+const scope = process.env.MCP_SCOPES;
+const AUTHORIZATION_DEFAULT_PARAMS = {
+  scope,
+  login_hint,
+  acr_values,
+  claims: {
+    id_token: {
+      amr: {
+        essential: true,
+      },
+    },
+  },
+};
+
 app.get("/", async (req, res, next) => {
   try {
     res.render("index", {
@@ -43,6 +62,7 @@ app.get("/", async (req, res, next) => {
       userinfo: JSON.stringify(req.session.userinfo, null, 2),
       idtoken: JSON.stringify(req.session.idtoken, null, 2),
       oauth2token: JSON.stringify(req.session.oauth2token, null, 2),
+      defaultParamsValue: JSON.stringify(AUTHORIZATION_DEFAULT_PARAMS, null, 2),
     });
   } catch (e) {
     next(e);
@@ -53,30 +73,16 @@ const getAuthorizationControllerFactory = (extraParams) => {
   return async (req, res, next) => {
     try {
       const client = await getMcpClient();
-      const acr_values = process.env.ACR_VALUES
-        ? process.env.ACR_VALUES.split(",")
-        : null;
-      const login_hint = process.env.LOGIN_HINT || null;
-      const scope = process.env.MCP_SCOPES;
       const nonce = crypto.randomBytes(16).toString("hex");
       const state = crypto.randomBytes(16).toString("hex");
 
       req.session.state = state;
       req.session.nonce = nonce;
 
       const redirectUrl = client.authorizationUrl({
-        scope,
-        login_hint,
-        acr_values,
         nonce,
         state,
-        claims: {
-          id_token: {
-            amr: {
-              essential: true,
-            },
-          },
-        },
+        ...AUTHORIZATION_DEFAULT_PARAMS,
         ...extraParams,
       });
 
@@ -130,6 +136,18 @@ app.post(
   }),
 );
 
+app.post(
+  "/custom-connection",
+  bodyParser.urlencoded({ extended: false }),
+  (req, res, next) => {
+    console.log(req.body['custom-params'])
+    const customParams = JSON.parse(req.body['custom-params'])
+    console.dir(customParams, { depth: null });
+
+    return getAuthorizationControllerFactory(customParams)(req, res, next);
+  },
+);
+
 app.get(process.env.CALLBACK_URL, async (req, res, next) => {
   try {
     const client = await getMcpClient();

package.json

@@ -19,6 +19,7 @@
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "dependencies": {
+    "body-parser": "^1.20.3",
     "dotenv": "^16.4.5",
     "ejs": "^3.1.10",
     "express": "^4.21.1",

views/index.ejs

@@ -86,6 +86,20 @@
         <form action="/force-2fa" method="post">
             <button id="force-2fa">Forcer une connexion a deux facteurs</button>
         </form>
+        <br>
+        <details>
+            <summary id="open-custom-configuration">Usage avancé</summary>
+
+            <form action="/custom-connection" method="post">
+                <textarea
+                    name="custom-params"
+                    cols="50"
+                    rows="12"
+                ><%= locals.defaultParamsValue %></textarea>
+                <br>
+                <button id="custom-connection">Connexion personnalisée</button>
+            </form>
+        </details>
     </main>
     <footer>
         <p>Source: <a href="https://github.com/numerique-gouv/moncomptepro-test-client">github.com/numerique-gouv/moncomptepro-test-client</a></p>