Mise en place d'un serveur d'auth OIDC _mocké_

.docker/nginx/conf/proconnect.anje-justice.test.conf

@@ -0,0 +1,40 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2  on;
+
+# SSL
+    ssl_certificate /etc/nginx/certs/proconnect.anje-justice.test.pem;
+    ssl_certificate_key /etc/nginx/certs/proconnect.anje-justice.test-key.pem;
+    ssl_trusted_certificate /etc/nginx/certs/rootCA.pem;
+
+    server_name proconnect.anje-justice.test;
+
+    location / {
+        # Allow performing host detection on request
+        resolver 127.0.0.11 valid=1s;
+        set $upstream proconnect:9998;
+
+            proxy_http_version  1.1;
+            proxy_cache_bypass  $http_upgrade;
+            proxy_set_header Host              $host;
+            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header X-Real-IP         $remote_addr;
+            proxy_set_header X-Forwarded-Host  $host;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Port  $server_port;
+
+        proxy_pass http://$upstream;
+    }
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name proconnect.anje-justice.test;
+
+    location / {
+        return 301 https://proconnect.anje-justice.test/$request_uri;
+    }
+}

.docker/proconnect/mock-oidc-provider/.gitignore

@@ -0,0 +1,2 @@
+dist/
+node_modules/

.docker/proconnect/mock-oidc-provider/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "mock-oidc-provider",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Mock OIDC provider server",
+  "main": "dist/index.js",
+  "author": "Pierre LEMEÉ",
+  "license": "MIT",
+  "private": true,
+  "dependencies": {
+    "oauth2-mock-server": "^7.2.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.7",
+    "typescript": "^5.7.3"
+  }
+}

.docker/proconnect/mock-oidc-provider/src/index.ts

@@ -0,0 +1,52 @@
+import { OAuth2Server } from 'oauth2-mock-server';
+
+let server = new OAuth2Server();
+
+// use JWKs generated here https://mkjwk.org/
+await server.issuer.keys.add({
+    "p": "9B6mboyeh7j8KBWFyL-Sxgta-RRcnxqm4Ey_1vYvCV_R9PgZhLzkIOLSoBqxqBn5m6spcuOTmLDBXrdmxvyVIuIuLJTMbg9MrO9H7GgbLYVMSumHFsk6NZFKlDGmA4HfEk0RKQwctIFNhCJnvE8NDQP0enyl3Ii32WjttM9gmtM",
+    "kty": "RSA",
+    "q": "8d4BwO1jgFK_DvWlwVMhxbhwX4IEuBaqe7HU0qGRCwAHqPe5_2jsBliP-Cyaqj4oeNFyNpVyBupGAy5md6YsicvFg2IOVwX0eQNGIvxIcFofTyc5q9eV3ppZxVVt01MVKHJ62269CAMp3pTOYgYzUhA9ltVy0V-g8xfcjZ3rycE",
+    "d": "jsUelRMiqCRnXlYTOBqjBOqOmyjgMqFDXRlSyHbaVaRAjO_9-awCzD8kTKLEZdsqaaXbrVcAyqWF7up4YKs8Ogz5YPQ8RMhysC-Wg786m-Z4fsHlYHuQHP50bgApqYgA5KXZ_NEoOEQYasyAQuv5rBlTwueyDjRD0Ya4ED16NFhxZSplq-HPvDGh3sNtKsD_2na15AHyT8Mrbglax404n3dzGwR4itcQ4TGx-NV_yZ-LfbvFIvLA2tTijFmcrNdUjbBztLEyD9RlqVUxt0L64LB8Ti5WnX8Z7pk7gW_Cshs9-9WY_rOlH7G0wKCwtHc4J5iczotwG-tLBpsbV-fEAQ",
+    "e": "AQAB",
+    "use": "sig",
+    "kid": "kREyd2R7x30J8jw3vVvnMCvqa3SgvreX2Py9fDfOhhs",
+    "qi": "jd2JsBBXT7F8nSt0sQdARhd_T12unE-SzL1Ba-dW-xk8srRNFJoUL_DQ9Mh4ap70OhN03YfNfWoVhWfbLulDGJfTS-1jSpAwkNjQ37r0YopaNql5Uc6_e1PbHywwmOvzTmXoRfO6MV7GkPvoQI3VQfg_BVbpJbbMXTpJUOuMoTg",
+    "dp": "4Ulb7M_HCZf01QUvxtjNGgmmthFNfON6t6r8q-Pb-rm8KGfCHRa5LYRGPs0DwQ_fpAKsqMNPFe2hNsjoh6DX_S5g0HGty7BA4aOda5WT50mJ4-Rp7-Ra3M6t1d-PxtLWy6vlt0zfPNHLeLLLqyQE9kr9FwDrjH97s587J87t51M",
+    "alg": "RS256",
+    "dq": "n521Zo7DJYJ2F_dBBk5IcWWAs2bomlxK8gqvurlpMOs6IuYpV0b0zFNR36QABe2zY9hFGYSSlcGxppPOh5OgvOc_V680a3XAmsPwW1JGs-6lzuTCCIfjnd4a9EGmktm3ktPKBFoWYd1EmmF1ufcBk1yoaIxAk7AaVZMfuE3Jt4E",
+    "n": "5qSO7n5BswHdYseE6R4bj5v28vjaQr94Sn4BUudU1wycABq5VYftxvde7qC-rcKdPCCLdGFrsOHdf18bFCpi4RylRMsgaqZwh-o7ywdpICohc-yj-_efoZZl9B1t9oUJ0rVtg8flACDRf4A_GawTVeQIDbPnGTsg5qxo8qgsvVX9MbAuAHD3OOwe9zZRKsYuV6Z-3uxpOdVklY40rfaAYy6yf8BBDR_W0GCLhbEj8dmeVsqhIoss5ISdUvj4M7gKgkPdBxcwuDRPR2J2QSGMOg8MGTNJSnjkC6fYqTmGk1Ab_4gcO-1mAqq0XJP5nSOTHpmV_Cz3DbnSHmL7uBVkEw"
+});
+await server.issuer.keys.add({
+    "kty": "EC",
+    "d": "QVZNI6vv0NEshgrd8JzYm3JA3YomEnm8j9a_gBuh3G8",
+    "use": "sig",
+    "crv": "P-256",
+    "kid": "Jh9D8jQqOfbNi4AM1r8-mKU_KOpeMbjGRduPyDXxVy4",
+    "x": "SiYrczxd1TP6NXuDTNp3KqBsVKm7yEIBqCUp3_fiaS8",
+    "y": "1OI5MJQ2JhMtODX8WLVzGP-5tRPU-131I58AD0yg2sM",
+    "alg": "ES256"
+});
+
+server.issuer.url = "https://proconnect.anje-justice.test"
+server.service.once('beforeAuthorizeRedirect', (authorizeRedirectUri, req) => {
+  console.log(authorizeRedirectUri);
+});
+
+server.service.once('beforeUserinfo', (userInfoResponse, req) => {
+  userInfoResponse.body = {
+    sub: 'c1722a03-4172-4015-9f0d-d1995d4cbe5c',
+    email: 'redacteur@test.fr',
+    usual_name: "Chantal",
+    given_name: "Redacteur",
+    uid: '1234',
+    idp_id: 'fce74da7-34d5-4b59-ba78-828a97d859cf'
+  };
+});
+
+// Start the server
+await server.start(parseInt(process.env.PORT || "9998", 10), '0.0.0.0');
+console.log('Issuer URL:', server.issuer.url);
+
+// Stop the server
+// await server.stop();

.docker/proconnect/mock-oidc-provider/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "NodeNext",
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "sourceMap": true,
+    "experimentalDecorators": true,
+    "moduleResolution": "nodenext",
+    "resolveJsonModule": true,
+    "types": [
+      "node",
+    ]
+  },
+  "include": ["src"]
+}