Add parsing claims
This commit is contained in:
parent
05e4bfdca0
commit
52d9c25125
|
@ -233,6 +233,7 @@ auth:
|
|||
# A list of enabled providers
|
||||
providers:
|
||||
# The name of the provider as it will appear in the frontend.
|
||||
# **If you change this after users already authenticated with this provider, users will loose access to their accounts!**
|
||||
- name:
|
||||
# The auth url to send users to if they want to authenticate using OpenID Connect.
|
||||
authurl:
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package openid
|
||||
|
||||
import (
|
||||
apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
@ -48,6 +49,12 @@ type Provider struct {
|
|||
Oauth2Config *oauth2.Config `json:"-"`
|
||||
}
|
||||
|
||||
type claims struct {
|
||||
Email string `json:"email"`
|
||||
Name string `json:"name"`
|
||||
PreferredUsername string `json:"preferred_username"`
|
||||
}
|
||||
|
||||
func getKeyFromName(name string) string {
|
||||
reg, _ := regexp.Compile("[^a-z0-9]+")
|
||||
return reg.ReplaceAllString(strings.ToLower(name), "")
|
||||
|
@ -167,27 +174,24 @@ func HandleCallback(c echo.Context) error {
|
|||
// Parse and verify ID Token payload.
|
||||
idToken, err := verifier.Verify(context.Background(), rawIDToken)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Extract custom claims
|
||||
var claims struct {
|
||||
Email string `json:"email"`
|
||||
Verified bool `json:"email_verified"`
|
||||
}
|
||||
if err := idToken.Claims(&claims); err != nil {
|
||||
log.Error(err)
|
||||
cl := &claims{}
|
||||
err = idToken.Claims(cl)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Get the userinfo
|
||||
|
||||
// Check if we have seen this user before
|
||||
u, err := getOrCreateUser(cl, idToken.Issuer, idToken.Subject)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Log them in
|
||||
|
||||
return nil
|
||||
// Create token
|
||||
return apiv1.NewUserAuthTokenResponse(u, c)
|
||||
}
|
||||
|
||||
func getOrCreateUser() (u *user.User, err error) {
|
||||
|
|
|
@ -35,6 +35,15 @@ const (
|
|||
AuthTypeLinkShare
|
||||
)
|
||||
|
||||
func NewUserAuthTokenResponse(u *user.User, c echo.Context) error {
|
||||
t, err := NewUserJWTAuthtoken(u)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, Token{Token: t})
|
||||
}
|
||||
|
||||
// NewUserJWTAuthtoken generates and signes a new jwt token for a user. This is a global function to be able to call it from integration tests.
|
||||
func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
|
||||
t := jwt.New(jwt.SigningMethodHS256)
|
||||
|
|
|
@ -114,10 +114,5 @@ func RenewToken(c echo.Context) (err error) {
|
|||
}
|
||||
|
||||
// Create token
|
||||
t, err := NewUserJWTAuthtoken(user)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, Token{Token: t})
|
||||
return NewUserAuthTokenResponse(user, c)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue