90 lines
2.5 KiB
Go
90 lines
2.5 KiB
Go
package external
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/cortezaproject/corteza/server/auth/external/nylas"
|
|
"github.com/cortezaproject/corteza/server/auth/settings"
|
|
"github.com/markbates/goth"
|
|
"github.com/markbates/goth/providers/facebook"
|
|
"github.com/markbates/goth/providers/github"
|
|
"github.com/markbates/goth/providers/google"
|
|
"github.com/markbates/goth/providers/linkedin"
|
|
"github.com/markbates/goth/providers/openidConnect"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// We're expecting that our users will be able to complete
|
|
// external auth loop in 15 minutes.
|
|
const (
|
|
WellKnown = "/.well-known/openid-configuration"
|
|
)
|
|
|
|
func SetupGothProviders(log *zap.Logger, redirectUrl string, ep ...settings.Provider) {
|
|
var (
|
|
err error
|
|
)
|
|
|
|
// Purge all previously configured providers
|
|
if l := len(goth.GetProviders()); l > 0 {
|
|
log.Debug("removing existing providers", zap.Int("count", l))
|
|
goth.ClearProviders()
|
|
}
|
|
|
|
log.Debug("initializing enabled external authentication providers", zap.Int("count", len(ep)))
|
|
|
|
for _, pc := range ep {
|
|
var provider goth.Provider
|
|
|
|
log := log.With(zap.String("provider", pc.Handle))
|
|
|
|
redirect := pc.RedirectUrl
|
|
if redirect == "" {
|
|
// If redirect URL is not explicitly set for this provider,
|
|
// generate one from template string
|
|
redirect = strings.Replace(redirectUrl, "{provider}", pc.Handle, 1)
|
|
}
|
|
|
|
if strings.HasPrefix(pc.Handle, OIDC_PROVIDER_PREFIX) {
|
|
if pc.IssuerUrl == "" {
|
|
log.Error("failed to discover OIDC provider, URL empty")
|
|
continue
|
|
}
|
|
|
|
wellKnown := strings.TrimSuffix(pc.IssuerUrl, "/") + WellKnown
|
|
|
|
var scope []string
|
|
if len(pc.Scope) > 0 {
|
|
scope = strings.Split(pc.Scope, " ")
|
|
} else {
|
|
scope = append(scope, "email")
|
|
}
|
|
|
|
if provider, err = openidConnect.New(pc.Key, pc.Secret, redirect, wellKnown, scope...); err != nil {
|
|
log.Error("failed to discover OIDC provider", zap.Error(err), zap.String("well-known", wellKnown))
|
|
continue
|
|
} else {
|
|
provider.SetName(pc.Handle)
|
|
}
|
|
} else {
|
|
switch pc.Handle {
|
|
case "github":
|
|
provider = github.New(pc.Key, pc.Secret, redirect, "user:email")
|
|
case "facebook":
|
|
provider = facebook.New(pc.Key, pc.Secret, redirect, "email")
|
|
case "google":
|
|
provider = google.New(pc.Key, pc.Secret, redirect, "email")
|
|
case "linkedin":
|
|
provider = linkedin.New(pc.Key, pc.Secret, redirect, "email")
|
|
case "nylas":
|
|
provider = nylas.New(pc.Key, pc.Secret, redirect, "email")
|
|
}
|
|
}
|
|
|
|
if provider != nil {
|
|
log.Info("external authentication provider added", zap.String("key", pc.Key))
|
|
goth.UseProviders(provider)
|
|
}
|
|
}
|
|
}
|