a2091dbbf6
This provides `well know` endpoint for corteza which defines a set of values that can be retrieved by a client in order to self-configure. Added route for `public-keys` which can help a client to determine if the public key is changed since the last time and automatically update itself to use this new information.
85 lines
2.3 KiB
Go
85 lines
2.3 KiB
Go
package external
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/cortezaproject/corteza-server/auth/settings"
|
|
"github.com/markbates/goth"
|
|
"github.com/markbates/goth/providers/facebook"
|
|
"github.com/markbates/goth/providers/github"
|
|
"github.com/markbates/goth/providers/google"
|
|
"github.com/markbates/goth/providers/linkedin"
|
|
"github.com/markbates/goth/providers/openidConnect"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// We're expecting that our users will be able to complete
|
|
// external auth loop in 15 minutes.
|
|
const (
|
|
WellKnown = "/.well-known/openid-configuration"
|
|
)
|
|
|
|
func SetupGothProviders(log *zap.Logger, redirectUrl string, ep ...settings.Provider) {
|
|
var (
|
|
err error
|
|
)
|
|
|
|
// Purge all previously configured providers
|
|
if l := len(goth.GetProviders()); l > 0 {
|
|
log.Debug("removing existing providers", zap.Int("count", l))
|
|
goth.ClearProviders()
|
|
}
|
|
|
|
log.Debug("initializing enabled external authentication providers", zap.Int("count", len(ep)))
|
|
|
|
for _, pc := range ep {
|
|
var provider goth.Provider
|
|
|
|
log := log.With(zap.String("provider", pc.Handle))
|
|
|
|
redirect := pc.RedirectUrl
|
|
if redirect == "" {
|
|
// If redirect URL is not explicitly set for this provider,
|
|
// generate one from template string
|
|
redirect = strings.Replace(redirectUrl, "{provider}", pc.Handle, 1)
|
|
}
|
|
|
|
if strings.HasPrefix(pc.Handle, OIDC_PROVIDER_PREFIX) {
|
|
if pc.IssuerUrl == "" {
|
|
log.Error("failed to discover OIDC provider, URL empty")
|
|
continue
|
|
}
|
|
|
|
wellKnown := strings.TrimSuffix(pc.IssuerUrl, "/") + WellKnown
|
|
|
|
scope := pc.Scope
|
|
if len(scope) == 0 {
|
|
scope = "email"
|
|
}
|
|
|
|
if provider, err = openidConnect.New(pc.Key, pc.Secret, redirect, wellKnown, scope); err != nil {
|
|
log.Error("failed to discover OIDC provider", zap.Error(err), zap.String("well-known", wellKnown))
|
|
continue
|
|
} else {
|
|
provider.SetName(pc.Handle)
|
|
}
|
|
} else {
|
|
switch pc.Handle {
|
|
case "github":
|
|
provider = github.New(pc.Key, pc.Secret, redirect, "user:email")
|
|
case "facebook":
|
|
provider = facebook.New(pc.Key, pc.Secret, redirect, "email")
|
|
case "google":
|
|
provider = google.New(pc.Key, pc.Secret, redirect, "email")
|
|
case "linkedin":
|
|
provider = linkedin.New(pc.Key, pc.Secret, redirect, "email")
|
|
}
|
|
}
|
|
|
|
if provider != nil {
|
|
log.Info("external authentication provider added", zap.String("key", pc.Key))
|
|
goth.UseProviders(provider)
|
|
}
|
|
}
|
|
}
|