Add retreiving auth tokens

config.yml.sample

@@ -238,3 +238,5 @@ auth:
         authurl:
         # The client ID used to authenticate Vikunja at the OpenID Connect provider.
         clientid:
+        # The client secret used to authenticate Vikunja at the OpenID Connect provider.
+        clientsecret:

pkg/modules/auth/openid/openid.go

@@ -18,6 +18,7 @@ package openid
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"regexp"
 	"strings"
@@ -52,38 +53,32 @@ func getKeyFromName(name string) string {
 	return reg.ReplaceAllString(strings.ToLower(name), "")
 }
 
-func GetAllProviders() (providers []*Provider) {
+func GetAllProviders() (providers []*Provider, err error) {
 	rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
 
 	for _, p := range rawProvider {
 		pi := p.(map[interface{}]interface{})
 
-		providers = append(providers, &Provider{
+		provider, err := getProviderFromMap(pi)
-			Name:     pi["name"].(string),
+		if err != nil {
-			Key:      getKeyFromName(pi["name"].(string)),
+			return nil, err
-			AuthURL:  pi["authurl"].(string),
+		}
-			ClientID: pi["clientid"].(string),
+
-		})
+		providers = append(providers, provider)
 	}
 
 	return
 }
 
-func GetProvider(key string) (*Provider, error) {
+func getProviderFromMap(pi map[interface{}]interface{}) (*Provider, error) {
-	rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
-
-	for _, p := range rawProvider {
-		pi := p.(map[interface{}]interface{})
-
 	k := getKeyFromName(pi["name"].(string))
-		if k == key {
+
 	provider := &Provider{
 		Name:         pi["name"].(string),
 		Key:          k,
 		AuthURL:      pi["authurl"].(string),
 		ClientID:     pi["clientid"].(string),
-				// TODO
+		ClientSecret: pi["clientsecret"].(string),
-				// ClientSecret
 	}
 
 	var err error
@@ -104,8 +99,21 @@ func GetProvider(key string) (*Provider, error) {
 		Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
 	}
 
+	provider.AuthURL = provider.Oauth2Config.Endpoint.AuthURL
+
 	return provider, nil
 }
+
+func GetProvider(key string) (*Provider, error) {
+	rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
+
+	for _, p := range rawProvider {
+		pi := p.(map[interface{}]interface{})
+
+		k := getKeyFromName(pi["name"].(string))
+		if k == key {
+			return getProviderFromMap(pi)
+		}
 	}
 
 	return nil, nil
@@ -131,7 +139,20 @@ func HandleCallback(c echo.Context) error {
 	// Parse the access & ID token
 	oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
 	if err != nil {
+		if rerr, is := err.(*oauth2.RetrieveError); is {
 			log.Error(err)
+
+			details := make(map[string]interface{})
+			if err := json.Unmarshal(rerr.Body, &details); err != nil {
+				return err
+			}
+
+			return c.JSON(http.StatusBadRequest, map[string]interface{}{
+				"message": "Could not authenticate against third party.",
+				"details": details,
+			})
+		}
+
 		return err
 	}
 

pkg/routes/api/v1/info.go

@@ -91,11 +91,16 @@ func Info(c echo.Context) error {
 			OpenIDConnect: openIDAuthInfo{
 				Enabled:     config.AuthOpenIDEnabled.GetBool(),
 				RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
-				Providers:   openid.GetAllProviders(),
 			},
 		},
 	}
 
+	var err error
+	info.AuthInfo.OpenIDConnect.Providers, err = openid.GetAllProviders()
+	if err != nil {
+		return err
+	}
+
 	// Migrators
 	if config.MigrationWunderlistEnable.GetBool() {
 		m := &wunderlist.Migration{}