Add retreiving auth tokens
This commit is contained in:
parent
65264f7948
commit
05e4bfdca0
|
@ -238,3 +238,5 @@ auth:
|
|||
authurl:
|
||||
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
||||
clientid:
|
||||
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||
clientsecret:
|
||||
|
|
|
@ -18,6 +18,7 @@ package openid
|
|||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -52,23 +53,57 @@ func getKeyFromName(name string) string {
|
|||
return reg.ReplaceAllString(strings.ToLower(name), "")
|
||||
}
|
||||
|
||||
func GetAllProviders() (providers []*Provider) {
|
||||
func GetAllProviders() (providers []*Provider, err error) {
|
||||
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
||||
|
||||
for _, p := range rawProvider {
|
||||
pi := p.(map[interface{}]interface{})
|
||||
|
||||
providers = append(providers, &Provider{
|
||||
Name: pi["name"].(string),
|
||||
Key: getKeyFromName(pi["name"].(string)),
|
||||
AuthURL: pi["authurl"].(string),
|
||||
ClientID: pi["clientid"].(string),
|
||||
})
|
||||
provider, err := getProviderFromMap(pi)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
providers = append(providers, provider)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func getProviderFromMap(pi map[interface{}]interface{}) (*Provider, error) {
|
||||
k := getKeyFromName(pi["name"].(string))
|
||||
|
||||
provider := &Provider{
|
||||
Name: pi["name"].(string),
|
||||
Key: k,
|
||||
AuthURL: pi["authurl"].(string),
|
||||
ClientID: pi["clientid"].(string),
|
||||
ClientSecret: pi["clientsecret"].(string),
|
||||
}
|
||||
|
||||
var err error
|
||||
provider.OpenIDProvider, err = oidc.NewProvider(context.Background(), provider.AuthURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
provider.Oauth2Config = &oauth2.Config{
|
||||
ClientID: provider.ClientID,
|
||||
ClientSecret: provider.ClientSecret,
|
||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
||||
|
||||
// Discovery returns the OAuth2 endpoints.
|
||||
Endpoint: provider.OpenIDProvider.Endpoint(),
|
||||
|
||||
// "openid" is a required scope for OpenID Connect flows.
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
||||
}
|
||||
|
||||
provider.AuthURL = provider.Oauth2Config.Endpoint.AuthURL
|
||||
|
||||
return provider, nil
|
||||
}
|
||||
|
||||
func GetProvider(key string) (*Provider, error) {
|
||||
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
||||
|
||||
|
@ -77,34 +112,7 @@ func GetProvider(key string) (*Provider, error) {
|
|||
|
||||
k := getKeyFromName(pi["name"].(string))
|
||||
if k == key {
|
||||
provider := &Provider{
|
||||
Name: pi["name"].(string),
|
||||
Key: k,
|
||||
AuthURL: pi["authurl"].(string),
|
||||
ClientID: pi["clientid"].(string),
|
||||
// TODO
|
||||
// ClientSecret
|
||||
}
|
||||
|
||||
var err error
|
||||
provider.OpenIDProvider, err = oidc.NewProvider(context.Background(), provider.AuthURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
provider.Oauth2Config = &oauth2.Config{
|
||||
ClientID: provider.ClientID,
|
||||
ClientSecret: provider.ClientSecret,
|
||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
||||
|
||||
// Discovery returns the OAuth2 endpoints.
|
||||
Endpoint: provider.OpenIDProvider.Endpoint(),
|
||||
|
||||
// "openid" is a required scope for OpenID Connect flows.
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
||||
}
|
||||
|
||||
return provider, nil
|
||||
return getProviderFromMap(pi)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -131,7 +139,20 @@ func HandleCallback(c echo.Context) error {
|
|||
// Parse the access & ID token
|
||||
oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
if rerr, is := err.(*oauth2.RetrieveError); is {
|
||||
log.Error(err)
|
||||
|
||||
details := make(map[string]interface{})
|
||||
if err := json.Unmarshal(rerr.Body, &details); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusBadRequest, map[string]interface{}{
|
||||
"message": "Could not authenticate against third party.",
|
||||
"details": details,
|
||||
})
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -91,11 +91,16 @@ func Info(c echo.Context) error {
|
|||
OpenIDConnect: openIDAuthInfo{
|
||||
Enabled: config.AuthOpenIDEnabled.GetBool(),
|
||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
|
||||
Providers: openid.GetAllProviders(),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var err error
|
||||
info.AuthInfo.OpenIDConnect.Providers, err = openid.GetAllProviders()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Migrators
|
||||
if config.MigrationWunderlistEnable.GetBool() {
|
||||
m := &wunderlist.Migration{}
|
||||
|
|
Loading…
Reference in New Issue