From 764ad3d5a18a82d5f1af691a15ca92d471f46fac Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Wed, 29 Oct 2025 09:34:10 +0100
Subject: [PATCH] Add sample upstream provider

---
 README.md                                     | 17 ++++++-
 assets/img/brands/openid.svg                  |  1 +
 .../dex-provider/dex.config.yaml              | 26 +++++++++++
 sample_upstream_provider/docker-compose.yaml  | 46 +++++++++++++++++++
 src/data/provider.rs                          |  1 +
 5 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 assets/img/brands/openid.svg
 create mode 100644 sample_upstream_provider/dex-provider/dex.config.yaml
 create mode 100644 sample_upstream_provider/docker-compose.yaml

diff --git a/README.md b/README.md
index 58dc07c..46e10bb 100644
--- a/README.md
+++ b/README.md
@@ -67,7 +67,7 @@ You can add as much upstream provider as you want, using the following syntax in
 ```yaml
 - id: gitlab
   name: GitLab
-  logo: gitlab # Can be either gitea, gitlab, github, microsoft, google or a full URL
+  logo: gitlab # Can be either openid, gitea, gitlab, github, microsoft, google or a full URL
   client_id: CLIENT_ID_GIVEN_BY_PROVIDER
   client_secret: CLIENT_SECRET_GIVEN_BY_PROVIDER
   configuration_url: https://gitlab.com/.well-known/openid-configuration
@@ -108,5 +108,20 @@ Corresponding client configuration:
 
 OAuth proxy can then be access on this URL: http://192.168.2.103:4180/
 
+## Testing with upstream identity provider
+The folder [sample_upstream_provider](sample_upstream_provider) contains a working scenario of authentication with an upstream provider.
+
+Run the following command to run the scenario:
+
+```bash
+cd sample_upstream_provider
+docker compose up
+```
+
+- Upstream provider (not to be directly used): http://localhost:9001
+- BasicOIDC: http://localhost:8000
+- Client 2: http://localhost:8012
+- Client 1: http://localhost:8011
+
 ## Contributing
 If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)
diff --git a/assets/img/brands/openid.svg b/assets/img/brands/openid.svg
new file mode 100644
index 0000000..b76212d
--- /dev/null
+++ b/assets/img/brands/openid.svg
@@ -0,0 +1 @@
+<svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>OpenID</title><path d="M14.54.889l-3.63 1.773v18.17c-4.15-.52-7.27-2.78-7.27-5.5 0-2.58 2.8-4.75 6.63-5.41v-2.31C4.42 8.322 0 11.502 0 15.332c0 3.96 4.74 7.24 10.91 7.78l3.63-1.71V.888m.64 6.724v2.31c1.43.25 2.71.7 3.76 1.31l-1.97 1.11 7.03 1.53-.5-5.21-1.87 1.06c-1.74-1.06-3.96-1.81-6.45-2.11z"/></svg>
\ No newline at end of file
diff --git a/sample_upstream_provider/dex-provider/dex.config.yaml b/sample_upstream_provider/dex-provider/dex.config.yaml
new file mode 100644
index 0000000..bbb1ec3
--- /dev/null
+++ b/sample_upstream_provider/dex-provider/dex.config.yaml
@@ -0,0 +1,26 @@
+issuer: http://127.0.0.1:9001/dex
+
+storage:
+  type: memory
+
+web:
+  http: 0.0.0.0:9001
+
+oauth2:
+  # Automate some clicking
+  # Note: this might actually make some tests pass that otherwise wouldn't.
+  skipApprovalScreen: false
+
+connectors:
+  # Note: this might actually make some tests pass that otherwise wouldn't.
+  - type: mockCallback
+    id: mock
+    name: Example
+
+# Basic OP test suite requires two clients.
+staticClients:
+  - id: foo
+    secret: bar
+    redirectURIs:
+      - http://localhost:8000/prov_cb
+    name: Auth
diff --git a/sample_upstream_provider/docker-compose.yaml b/sample_upstream_provider/docker-compose.yaml
new file mode 100644
index 0000000..0062395
--- /dev/null
+++ b/sample_upstream_provider/docker-compose.yaml
@@ -0,0 +1,46 @@
+services:
+  upstream:
+    image: dexidp/dex
+    user: "1000"
+    network_mode: host
+    volumes:
+      - ./dex-provider:/conf:ro
+    command: [ "dex", "serve", "/conf/dex.config.yaml" ]
+
+  client1:
+    image: pierre42100/oidc_test_client
+    user: "1000"
+    network_mode: host
+    environment:
+      - LISTEN_ADDR=0.0.0.0:8011
+      - PUBLIC_URL=http://127.0.0.1:8011
+      - CONFIGURATION_URL=http://localhost:8000/.well-known/openid-configuration
+      - CLIENT_ID=testclient1
+      - CLIENT_SECRET=secretone
+
+  client2:
+    image: pierre42100/oidc_test_client
+    user: "1000"
+    network_mode: host
+    environment:
+      - LISTEN_ADDR=0.0.0.0:8012
+      - PUBLIC_URL=http://127.0.0.1:8012
+      - CONFIGURATION_URL=http://localhost:8000/.well-known/openid-configuration
+      - CLIENT_ID=testclient2
+      - CLIENT_SECRET=secrettwo
+
+  basicoidc:
+    image: rust
+    user: "1000"
+    network_mode: host
+    environment:
+      - STORAGE_PATH=/storage
+      #- RUST_LOG=debug
+    volumes:
+      - ../:/app
+      - ./storage:/storage
+      - ~/.cargo/registry:/usr/local/cargo/registry
+    command:
+      - bash
+      - -c
+      - cd /app && cargo run
diff --git a/src/data/provider.rs b/src/data/provider.rs
index 4f742ef..be1c5c4 100644
--- a/src/data/provider.rs
+++ b/src/data/provider.rs
@@ -42,6 +42,7 @@ impl Provider {
             "github" => "/assets/img/brands/github.svg",
             "microsoft" => "/assets/img/brands/microsoft.svg",
             "google" => "/assets/img/brands/google.svg",
+            "openid" => "/assets/img/brands/openid.svg",
             s => s,
         }
     }