feat: multiple clients (#3)

Author: james-d-elliott

config.go

@@ -3,13 +3,15 @@ package main
 import (
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
-	"path"
 	"path/filepath"
 
 	"github.com/spf13/cobra"
 
+	"authelia.com/tools/ac/config"
 	"authelia.com/tools/ac/consts"
+	"authelia.com/tools/ac/utilities"
 )
 
 func newConfigCmd(ctx *cmdctx) (cmd *cobra.Command) {
@@ -31,6 +33,8 @@ func newConfigGenerateCmd(ctx *cmdctx) (cmd *cobra.Command) {
 		RunE:  ctx.handleConfigGenerateRunE,
 	}
 
+	cmd.Flags().String("name", "example", "Name for the example client")
+
 	return cmd
 }
 
@@ -46,29 +50,68 @@ func (ctx *cmdctx) handleConfigGenerateRunE(cmd *cobra.Command, args []string) (
 		}
 	}
 
+	name, err := cmd.Flags().GetString("name")
+	if err != nil {
+		return err
+	}
+
+	rawAutheliaURL, err := cmd.Flags().GetString("authelia-url")
+	if err != nil {
+		return err
+	}
+
+	if len(rawAutheliaURL) == 0 {
+		rawAutheliaURL = "https://auth.example.com"
+	}
+
+	autheliaURL, err := url.Parse(rawAutheliaURL)
+	if err != nil {
+		return err
+	}
+
+	id, err := utilities.GetRandomBytes(80, utilities.CharsetAlphaNumeric)
+	if err != nil {
+		return fmt.Errorf("error generating config: error generating client id: %w", err)
+	}
+
+	secret, err := utilities.GetRandomBytes(100, utilities.CharsetAlphaNumeric)
+	if err != nil {
+		return fmt.Errorf("error generating config: error generating client secret: %w", err)
+	}
+
+	c := &config.Configuration{
+		AutheliaURL: config.NewURL(autheliaURL),
+		Storage:     "storage.yml",
+		OAuth2: config.OAuth2{
+			DefaultClient: name,
+			Clients: map[string]config.OAuth2Client{
+				name: {
+					ID:                      string(id),
+					Secret:                  string(secret),
+					PAR:                     true,
+					Scope:                   []string{"offline_access", "authelia.bearer.authz"},
+					Audience:                []string{"https://app.example.com"},
+					GrantType:               "authorization_code",
+					TokenEndpointAuthMethod: "client_secret_post",
+					OfflineAccess:           true,
+				},
+			},
+		},
+		Server: config.Server{
+			Port: 9091,
+		},
+	}
+
 	var (
 		f    *os.File
 		data []byte
 	)
 
-	switch ext := filepath.Ext(pathOut); ext {
-	case ".json":
-		if data, err = internalFS.ReadFile(path.Join("embed", "config", "config.json")); err != nil {
-			return err
-		}
-	case ".yml", ".yaml":
-		if data, err = internalFS.ReadFile(path.Join("embed", "config", "config.yaml")); err != nil {
-			return err
-		}
-	case ".tml", ".toml":
-		if data, err = internalFS.ReadFile(path.Join("embed", "config", "config.toml")); err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("error generating config: extension '%s' for file '%s' is not supported", ext, pathOut)
+	if data, err = utilities.AutoMarshal(c, filepath.Ext(pathOut)); err != nil {
+		return fmt.Errorf("error generating config: %w", err)
 	}
 
-	if f, err = os.OpenFile(pathOut, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0640); err != nil {
+	if f, err = os.OpenFile(pathOut, os.O_CREATE|os.O_WRONLY|os.O_EXCL, 0640); err != nil {
 		return err
 	}
 
@@ -78,6 +121,8 @@ func (ctx *cmdctx) handleConfigGenerateRunE(cmd *cobra.Command, args []string) (
 		return err
 	}
 
+	_, _ = fmt.Fprintf(os.Stdout, "\nGenerated config: %s\n", pathOut)
+
 	return nil
 }
 

config/config.go

@@ -11,8 +11,11 @@ import (
 	"github.com/knadh/koanf/providers/posflag"
 	"github.com/knadh/koanf/v2"
 	"github.com/spf13/pflag"
+
+	"authelia.com/tools/ac/consts"
 )
 
+// Load the configuration.
 func Load(paths []string, flags *pflag.FlagSet, flagsPrefix string) (config *Configuration, err error) {
 	ko := koanf.New(".")
 
@@ -26,11 +29,11 @@ func Load(paths []string, flags *pflag.FlagSet, flagsPrefix string) (config *Con
 		provider := file.Provider(path)
 
 		switch ext := filepath.Ext(path); ext {
-		case ".yaml", ".yml", ".json":
+		case consts.FileTypeYAML, consts.FileTypeAltYAML, consts.FileTypeJSON:
 			if err = ko.Load(provider, yaml.Parser()); err != nil {
 				return nil, fmt.Errorf("error occurred loading file configuration: %w", err)
 			}
-		case ".tml", ".toml":
+		case consts.FileTypeTOML, consts.FileTypeAltTOML:
 			if err = ko.Load(provider, toml.Parser()); err != nil {
 				return nil, fmt.Errorf("error occurred loading file configuration: %w", err)
 			}

config/const.go

@@ -1,6 +1,6 @@
 package config
 
 const (
-	errFmtRequiredOptionOAuth2Bearer = "error validating configuration: oauth2: bearer: the '%s' value is required"
-	errFmtNotKnownOptionOAuth2Bearer = "error validating configuration: oauth2: bearer: the '%s' value of '%s' is not known"
+	errFmtRequiredOptionOAuth2Bearer = "the '%s' value is required"
+	errFmtNotKnownOptionOAuth2Bearer = "the '%s' value of '%s' is not known"
 )

config/hook.go

@@ -25,7 +25,7 @@ func mStringToURLHookFunc() mapstructure.DecodeHookFuncType {
 			prefixType = "*"
 		}
 
-		expectedType := reflect.TypeOf(url.URL{})
+		expectedType := reflect.TypeOf(URL{})
 
 		if ptr && t.Elem() != expectedType {
 			return data, nil
@@ -44,14 +44,14 @@ func mStringToURLHookFunc() mapstructure.DecodeHookFuncType {
 		}
 
 		if ptr {
-			return result, nil
+			return (*URL)(result), nil
 		}
 
 		if result == nil {
-			return url.URL{}, nil
+			return URL{}, nil
 		}
 
-		return *result, nil
+		return (URL)(*result), nil
 	}
 }
 

config/save.go

@@ -0,0 +1,31 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"authelia.com/tools/ac/utilities"
+)
+
+func (config *Configuration) Save(path string) (err error) {
+	var data []byte
+
+	if data, err = utilities.AutoMarshal(config, filepath.Ext(path)); err != nil {
+		return fmt.Errorf("error occurred marshalling the updated storage: %w", err)
+	}
+
+	var f *os.File
+
+	if f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0640); err != nil {
+		return err
+	}
+
+	defer f.Close()
+
+	if _, err = f.Write(data); err != nil {
+		return err
+	}
+
+	return nil
+}

config/schema.go

@@ -5,27 +5,42 @@ import (
 )
 
 type Configuration struct {
-	AutheliaURL *url.URL `koanf:"authelia_url"`
-	Storage     string   `koanf:"storage"`
-	OAuth2      OAuth2   `koanf:"oauth2"`
-	Server      Server   `koanf:"server"`
+	AutheliaURL *URL   `koanf:"authelia_url" json:"authelia_url,omitempty" yaml:"authelia_url,omitempty" toml:"authelia_url,omitempty"`
+	Storage     string `koanf:"storage" json:"storage,omitempty" yaml:"storage,omitempty" toml:"storage,omitempty"`
+	OAuth2      OAuth2 `koanf:"oauth2" json:"oauth2" yaml:"oauth2" toml:"oauth2"`
+	Server      Server `koanf:"server" json:"server" yaml:"server" toml:"server"`
 }
 
 type Server struct {
-	Port uint16 `koanf:"port"`
+	Port uint16 `koanf:"port" json:"port" yaml:"port" toml:"port"`
 }
 
 type OAuth2 struct {
-	Bearer OAuth2Bearer `koanf:"bearer"`
+	DefaultClient string        `koanf:"default_client" json:"default_client,omitempty" yaml:"default_client,omitempty" toml:"default_client,omitempty"`
+	Clients       OAuth2Clients `koanf:"clients" json:"clients" yaml:"clients" toml:"clients"`
 }
 
-type OAuth2Bearer struct {
-	ID                      string   `koanf:"id"`
-	Secret                  string   `koanf:"secret"`
-	PAR                     bool     `koanf:"par"`
-	Audience                []string `koanf:"audience"`
-	Scope                   []string `koanf:"scope"`
-	GrantType               string   `koanf:"grant_type"`
-	TokenEndpointAuthMethod string   `koanf:"token_endpoint_auth_method"`
-	OfflineAccess           bool     `koanf:"offline_access"`
+type OAuth2Clients map[string]OAuth2Client
+
+type OAuth2Client struct {
+	ID                      string   `koanf:"id" json:"id" yaml:"id" toml:"id"`
+	Secret                  string   `koanf:"secret" json:"secret" yaml:"secret" toml:"secret"`
+	PAR                     bool     `koanf:"par" json:"par" yaml:"par" toml:"par"`
+	Audience                []string `koanf:"audience" json:"audience" yaml:"audience" toml:"audience"`
+	Scope                   []string `koanf:"scope" json:"scope" yaml:"scope" toml:"scope"`
+	GrantType               string   `koanf:"grant_type" json:"grant_type" yaml:"grant_type" toml:"grant_type"`
+	TokenEndpointAuthMethod string   `koanf:"token_endpoint_auth_method" json:"token_endpoint_auth_method" yaml:"token_endpoint_auth_method" toml:"token_endpoint_auth_method"`
+	OfflineAccess           bool     `koanf:"offline_access" json:"offline_access" yaml:"offline_access" toml:"offline_access"`
+}
+
+func NewURL(in *url.URL) *URL {
+	return (*URL)(in)
+}
+
+type URL url.URL
+
+func (u *URL) MarshalText() (text []byte, err error) {
+	v := (*url.URL)(u)
+
+	return []byte(v.String()), nil
 }

config/validate.go

@@ -18,7 +18,31 @@ func (config *Configuration) Validate() (err error) {
 	return nil
 }
 
-func (config *OAuth2Bearer) Validate() (err error) {
+func (config *OAuth2) Validate() (err error) {
+	if err = config.Clients.Validate(); err != nil {
+		return err
+	}
+
+	if config.DefaultClient != "" {
+		if _, ok := config.Clients[config.DefaultClient]; !ok {
+			return fmt.Errorf("error validating configuration: the default client '%s' does not exist", config.DefaultClient)
+		}
+	}
+	
+	return nil
+}
+
+func (config OAuth2Clients) Validate() (err error) {
+	for name, client := range config {
+		if err = client.Validate(); err != nil {
+			return fmt.Errorf("error validating configuration: oauth2: clients: %s: %v", name, err)
+		}
+	}
+
+	return nil
+}
+
+func (config *OAuth2Client) Validate() (err error) {
 	if len(config.ID) == 0 {
 		return fmt.Errorf(errFmtRequiredOptionOAuth2Bearer, consts.ID)
 	}

consts/const.go

@@ -20,5 +20,13 @@ const (
 	ClientSecretPost        = "client_secret_post"
 	ClientSecretBasic       = "client_secret_basic"
 
-	OAuth2Bearer = "oauth2.bearer"
+	OAuth2 = "oauth2"
+)
+
+const (
+	FileTypeYAML    = ".yaml"
+	FileTypeJSON    = ".json"
+	FileTypeTOML    = ".toml"
+	FileTypeAltYAML = ".yml"
+	FileTypeAltTOML = ".tml"
 )

context.go

@@ -1,13 +1,13 @@
 package main
 
 import (
-	"authelia.com/tools/ac/store"
 	"context"
 
 	"github.com/spf13/cobra"
 
 	"authelia.com/tools/ac/config"
 	"authelia.com/tools/ac/consts"
+	"authelia.com/tools/ac/store"
 )
 
 type cmdctx struct {
@@ -36,8 +36,8 @@ func (ctx *cmdctx) handleLoadConfigPreRunE(prefix string) func(cmd *cobra.Comman
 		}
 
 		switch prefix {
-		case consts.OAuth2Bearer:
-			if err = ctx.config.OAuth2.Bearer.Validate(); err != nil {
+		case consts.OAuth2:
+			if err = ctx.config.OAuth2.Validate(); err != nil {
 				return err
 			}
 		}

embed.go

@@ -1,18 +1,19 @@
 module authelia.com/tools/ac
 
-go 1.23.0
+go 1.24.0
 
 toolchain go1.24.1
 
 require (
-	authelia.com/client/oauth2 v0.0.0-20250405005328-fd752214e408
+	authelia.com/client/oauth2 v0.0.0-20250405043315-6378a9b2a190
 	github.com/go-viper/mapstructure/v2 v2.2.1
 	github.com/knadh/koanf/parsers/toml v0.1.0
 	github.com/knadh/koanf/parsers/yaml v0.1.0
 	github.com/knadh/koanf/providers/confmap v0.1.0
 	github.com/knadh/koanf/providers/file v1.1.2
 	github.com/knadh/koanf/providers/posflag v0.1.0
 	github.com/knadh/koanf/v2 v2.1.2
+	github.com/pelletier/go-toml v1.9.5
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	gopkg.in/yaml.v3 v3.0.1
@@ -24,6 +25,5 @@ require (
 	github.com/knadh/koanf/maps v0.1.2 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 )

embed/config/config.json

@@ -1,5 +1,5 @@
-authelia.com/client/oauth2 v0.0.0-20250405005328-fd752214e408 h1:BPZsJzlRlgK7MakzWBRZGuZg6Y9NQZu0vzrSZf9fjNc=
-authelia.com/client/oauth2 v0.0.0-20250405005328-fd752214e408/go.mod h1:f0e/AQgp3qHJ2gSVnCheQZ4gTCm7BHasGpWrce36n9Q=
+authelia.com/client/oauth2 v0.0.0-20250405043315-6378a9b2a190 h1:5YfShMnyeIOFX5C1I7i6YrEpIfQCeeDBFTjau/iLfVU=
+authelia.com/client/oauth2 v0.0.0-20250405043315-6378a9b2a190/go.mod h1:f0e/AQgp3qHJ2gSVnCheQZ4gTCm7BHasGpWrce36n9Q=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

embed/config/config.toml

@@ -5,23 +5,13 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/pelletier/go-toml"
-	"gopkg.in/yaml.v3"
+	"authelia.com/tools/ac/utilities"
 )
 
 func (s *Storage) Save(path string) (err error) {
 	var data []byte
 
-	switch ext := filepath.Ext(path); ext {
-	case ".yml", ".yaml":
-		data, err = yaml.Marshal(s)
-	case ".tml", ".toml":
-		data, err = toml.Marshal(s)
-	default:
-		err = fmt.Errorf("extension '%s' for file '%s' is not supported", ext, path)
-	}
-
-	if err != nil {
+	if data, err = utilities.AutoMarshal(s, filepath.Ext(path)); err != nil {
 		return fmt.Errorf("error occurred marshalling the updated storage: %w", err)
 	}
 

embed/config/config.yaml

@@ -5,14 +5,15 @@ import (
 )
 
 type Storage struct {
-	Tokens map[string]Token
+	// Tokens is a list of relevant tokens for a given client configuration. The key is the client name.
+	Tokens map[string]Token `koanf:"tokens" json:"tokens,omitempty" yaml:"tokens,omitempty" toml:"tokens,omitempty"`
 }
 
 type Token struct {
-	AccessToken  string    `koanf:"access_token" yaml:"access_token" json:"access_token"`
-	RefreshToken string    `koanf:"refresh_token" yaml:"refresh_token,omitempty" json:"refresh_token,omitempty"`
-	IDToken      string    `koanf:"id_token" yaml:"id_token,omitempty" json:"id_token,omitempty"`
-	TokenType    string    `koanf:"token_type" yaml:"token_type,omitempty" json:"token_type,omitempty"`
-	Scope        string    `koanf:"scope" yaml:"scope,omitempty" json:"scope,omitempty"`
-	Expiry       time.Time `koanf:"expiry" yaml:"expiry,omitempty" json:"expiry,omitempty"`
+	AccessToken  string    `koanf:"access_token" json:"access_token" yaml:"access_token" toml:"access_token"`
+	RefreshToken string    `koanf:"refresh_token" json:"refresh_token,omitempty" yaml:"refresh_token,omitempty" toml:"refresh_token,omitempty"`
+	IDToken      string    `koanf:"id_token" yaml:"id_token,omitempty" json:"id_token,omitempty" toml:"id_token,omitempty"`
+	TokenType    string    `koanf:"token_type" json:"token_type,omitempty" yaml:"token_type,omitempty" toml:"token_type,omitempty"`
+	Scope        string    `koanf:"scope" json:"scope,omitempty" yaml:"scope,omitempty" toml:"scope,omitempty"`
+	Expiry       time.Time `koanf:"expiry" json:"expiry,omitempty" yaml:"expiry,omitempty" toml:"expiry,omitempty"`
 }

go.mod

@@ -0,0 +1,26 @@
+package utilities
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/pelletier/go-toml"
+	"gopkg.in/yaml.v3"
+
+	"authelia.com/tools/ac/consts"
+)
+
+func AutoMarshal(v any, ext string) (data []byte, err error) {
+	switch ext {
+	case consts.FileTypeYAML, consts.FileTypeAltYAML:
+		data, err = yaml.Marshal(v)
+	case consts.FileTypeTOML, consts.FileTypeAltTOML:
+		data, err = toml.Marshal(v)
+	case consts.FileTypeJSON:
+		data, err = json.MarshalIndent(v, "", "  ")
+	default:
+		err = fmt.Errorf("extension '%s' is not supported", ext)
+	}
+
+	return
+}

go.sum

@@ -1,11 +1,11 @@
-package main
+package utilities
 
 import (
 	"crypto/rand"
 	"fmt"
 )
 
-func getRandomBytes(n int, charset []byte) (data []byte, err error) {
+func GetRandomBytes(n int, charset []byte) (data []byte, err error) {
 	data = make([]byte, n)
 
 	if _, err = rand.Read(data); err != nil {
@@ -24,5 +24,6 @@ func getRandomBytes(n int, charset []byte) (data []byte, err error) {
 }
 
 var (
-	charsetRFC3986Unreserved = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~")
+	CharsetRFC3986Unreserved = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~")
+	CharsetAlphaNumeric      = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
 )

oauth2.go

@@ -0,0 +1,12 @@
+package utilities
+
+// IsStringInSlice checks if a single string is in a slice of strings.
+func IsStringInSlice(needle string, haystack []string) (inSlice bool) {
+	for _, b := range haystack {
+		if b == needle {
+			return true
+		}
+	}
+
+	return false
+}