Add retreiving auth tokens
This commit is contained in:
parent
65264f7948
commit
05e4bfdca0
|
@ -238,3 +238,5 @@ auth:
|
||||||
authurl:
|
authurl:
|
||||||
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
||||||
clientid:
|
clientid:
|
||||||
|
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||||
|
clientsecret:
|
||||||
|
|
|
@ -18,6 +18,7 @@ package openid
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -52,23 +53,57 @@ func getKeyFromName(name string) string {
|
||||||
return reg.ReplaceAllString(strings.ToLower(name), "")
|
return reg.ReplaceAllString(strings.ToLower(name), "")
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetAllProviders() (providers []*Provider) {
|
func GetAllProviders() (providers []*Provider, err error) {
|
||||||
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
||||||
|
|
||||||
for _, p := range rawProvider {
|
for _, p := range rawProvider {
|
||||||
pi := p.(map[interface{}]interface{})
|
pi := p.(map[interface{}]interface{})
|
||||||
|
|
||||||
providers = append(providers, &Provider{
|
provider, err := getProviderFromMap(pi)
|
||||||
Name: pi["name"].(string),
|
if err != nil {
|
||||||
Key: getKeyFromName(pi["name"].(string)),
|
return nil, err
|
||||||
AuthURL: pi["authurl"].(string),
|
}
|
||||||
ClientID: pi["clientid"].(string),
|
|
||||||
})
|
providers = append(providers, provider)
|
||||||
}
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getProviderFromMap(pi map[interface{}]interface{}) (*Provider, error) {
|
||||||
|
k := getKeyFromName(pi["name"].(string))
|
||||||
|
|
||||||
|
provider := &Provider{
|
||||||
|
Name: pi["name"].(string),
|
||||||
|
Key: k,
|
||||||
|
AuthURL: pi["authurl"].(string),
|
||||||
|
ClientID: pi["clientid"].(string),
|
||||||
|
ClientSecret: pi["clientsecret"].(string),
|
||||||
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
provider.OpenIDProvider, err = oidc.NewProvider(context.Background(), provider.AuthURL)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
provider.Oauth2Config = &oauth2.Config{
|
||||||
|
ClientID: provider.ClientID,
|
||||||
|
ClientSecret: provider.ClientSecret,
|
||||||
|
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
||||||
|
|
||||||
|
// Discovery returns the OAuth2 endpoints.
|
||||||
|
Endpoint: provider.OpenIDProvider.Endpoint(),
|
||||||
|
|
||||||
|
// "openid" is a required scope for OpenID Connect flows.
|
||||||
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
||||||
|
}
|
||||||
|
|
||||||
|
provider.AuthURL = provider.Oauth2Config.Endpoint.AuthURL
|
||||||
|
|
||||||
|
return provider, nil
|
||||||
|
}
|
||||||
|
|
||||||
func GetProvider(key string) (*Provider, error) {
|
func GetProvider(key string) (*Provider, error) {
|
||||||
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
rawProvider := config.AuthOpenIDProviders.Get().([]interface{})
|
||||||
|
|
||||||
|
@ -77,34 +112,7 @@ func GetProvider(key string) (*Provider, error) {
|
||||||
|
|
||||||
k := getKeyFromName(pi["name"].(string))
|
k := getKeyFromName(pi["name"].(string))
|
||||||
if k == key {
|
if k == key {
|
||||||
provider := &Provider{
|
return getProviderFromMap(pi)
|
||||||
Name: pi["name"].(string),
|
|
||||||
Key: k,
|
|
||||||
AuthURL: pi["authurl"].(string),
|
|
||||||
ClientID: pi["clientid"].(string),
|
|
||||||
// TODO
|
|
||||||
// ClientSecret
|
|
||||||
}
|
|
||||||
|
|
||||||
var err error
|
|
||||||
provider.OpenIDProvider, err = oidc.NewProvider(context.Background(), provider.AuthURL)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
provider.Oauth2Config = &oauth2.Config{
|
|
||||||
ClientID: provider.ClientID,
|
|
||||||
ClientSecret: provider.ClientSecret,
|
|
||||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
|
||||||
|
|
||||||
// Discovery returns the OAuth2 endpoints.
|
|
||||||
Endpoint: provider.OpenIDProvider.Endpoint(),
|
|
||||||
|
|
||||||
// "openid" is a required scope for OpenID Connect flows.
|
|
||||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
|
||||||
}
|
|
||||||
|
|
||||||
return provider, nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -131,7 +139,20 @@ func HandleCallback(c echo.Context) error {
|
||||||
// Parse the access & ID token
|
// Parse the access & ID token
|
||||||
oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
|
oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(err)
|
if rerr, is := err.(*oauth2.RetrieveError); is {
|
||||||
|
log.Error(err)
|
||||||
|
|
||||||
|
details := make(map[string]interface{})
|
||||||
|
if err := json.Unmarshal(rerr.Body, &details); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(http.StatusBadRequest, map[string]interface{}{
|
||||||
|
"message": "Could not authenticate against third party.",
|
||||||
|
"details": details,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -91,11 +91,16 @@ func Info(c echo.Context) error {
|
||||||
OpenIDConnect: openIDAuthInfo{
|
OpenIDConnect: openIDAuthInfo{
|
||||||
Enabled: config.AuthOpenIDEnabled.GetBool(),
|
Enabled: config.AuthOpenIDEnabled.GetBool(),
|
||||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
|
RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
|
||||||
Providers: openid.GetAllProviders(),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
info.AuthInfo.OpenIDConnect.Providers, err = openid.GetAllProviders()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Migrators
|
// Migrators
|
||||||
if config.MigrationWunderlistEnable.GetBool() {
|
if config.MigrationWunderlistEnable.GetBool() {
|
||||||
m := &wunderlist.Migration{}
|
m := &wunderlist.Migration{}
|
||||||
|
|
Loading…
Reference in New Issue