idbhub: fix secret sharing

This commit is contained in:
pedro 2023-12-15 09:31:50 +01:00
parent d02214062e
commit 2a19a05f4d

View file

@ -20,7 +20,7 @@ config_oidc4vp() {
R_URI_CLEAN="${RESPONSE_URI%/}" && R_URI_CLEAN="${R_URI_CLEAN#http*://}"
local file="$(echo ${R_URI_CLEAN} | sed 's!/!__!g')"
data="$(_get)"
echo "${data}" | jq --arg uri "${R_URI_CLEAN}" '{ ($uri): .}' > /sharedsecret/${file}
echo "${data}" | jq --arg uri "${RESPONSE_URI}" '{ ($uri): .}' > /sharedsecret/${file}
echo wait the other idhubs to write, this is the only oportunity to sync with other idhubs in the docker compose
sleep 2
@ -28,13 +28,15 @@ config_oidc4vp() {
for host in /sharedsecret/*; do
# we are flexible on querying for RESPONSE_URI: the first one based on regex
target_uri="$(cat "${host}" | jq -r 'keys[0]')"
filtered_data="$(cat "${host}" | jq --arg uri "${target_uri}" 'first(.[][] | select(.response_uri | test ($uri)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
if [ "${target_uri}" != "${RESPONSE_URI}" ]; then
filtered_data="$(cat "${host}" | jq --arg uri "${RESPONSE_URI}" 'first(.[][] | select(.response_uri | test ($uri)))')"
client_id="$(echo "${filtered_data}" | jq -r '.client_id')"
client_secret="$(echo "${filtered_data}" | jq -r '.client_secret')"
response_uri="$(echo "${filtered_data}" | jq -r '.response_uri')"
_set my_client_id ${client_id} ${response_uri}
_set my_client_secret ${client_secret} ${response_uri}
_set my_client_id ${client_id} ${target_uri}
_set my_client_secret ${client_secret} ${target_uri}
fi
done
}