jwt: support multiple key providers

We may need to use several SSO providers, so extend our configuration to allow that. Based on PoC from Sanne: ``` package main import ( "net/http" "log" "github.com/openshift-online/ocm-sdk-go/authentication" "github.com/openshift-online/ocm-sdk-go/logging" ) type H struct{} func (h *H) ServeHTTP(w http.ResponseWriter, r *http.Request) { log.Println("HURRAY") } func main() { logBuilder := logging.NewGoLoggerBuilder() logger, err := logBuilder.Build() if err != nil { panic(err) } aH, err := authentication.NewHandler(). KeysURL("https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs"). KeysURL("https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/certs"). Logger(logger).Next(&H{}).Build() if err != nil { panic(err) } log.Fatal(http.ListenAndServe(":8080", aH)) } ```
2022-01-30 14:53:16 +00:00 · 2022-01-30 14:53:16 +00:00 · 0b24099751
commit 0b24099751
parent f3d0a4ac89
3 changed files with 18 additions and 5 deletions
--- a/internal/auth/jwt_auth_handler.go
+++ b/internal/auth/jwt_auth_handler.go
@ -15,7 +15,7 @@ import (

 // When using this handler for auth, it should be run as high up as possible.
 // Exceptions can be registered in the `exclude` slice
-func BuildJWTAuthHandler(keysURL, caFile, aclFile string, exclude []string, next http.Handler) (handler http.Handler, err error) {
+func BuildJWTAuthHandler(keysURLs []string, caFile, aclFile string, exclude []string, next http.Handler) (handler http.Handler, err error) {
 	logBuilder := logging.NewGoLoggerBuilder()
 	if caFile != "" {
 		logBuilder = logBuilder.Debug(true)
@ -29,8 +29,11 @@ func BuildJWTAuthHandler(keysURL, caFile, aclFile string, exclude []string, next
 	logger.Info(context.Background(), aclFile)

 	builder := authentication.NewHandler().
-		Logger(logger).
-		KeysURL(keysURL)
+		Logger(logger)
+
+	for _, keysURL := range keysURLs {
+		builder = builder.KeysURL(keysURL)
+	}

 	// Used during testing
 	if caFile != "" {