2015-04-18 00:33:17 +02:00
|
|
|
package providers
|
|
|
|
|
|
|
|
import (
|
2020-05-05 17:53:33 +02:00
|
|
|
"context"
|
2015-04-18 00:33:17 +02:00
|
|
|
"errors"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
|
2020-09-29 18:44:42 +02:00
|
|
|
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
|
|
|
|
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
|
2015-04-18 00:33:17 +02:00
|
|
|
)
|
|
|
|
|
2018-12-20 12:37:59 +02:00
|
|
|
// LinkedInProvider represents an LinkedIn based Identity Provider
|
2015-04-18 00:33:17 +02:00
|
|
|
type LinkedInProvider struct {
|
|
|
|
*ProviderData
|
|
|
|
}
|
|
|
|
|
2020-05-05 17:53:33 +02:00
|
|
|
var _ Provider = (*LinkedInProvider)(nil)
|
|
|
|
|
2020-05-25 14:08:04 +02:00
|
|
|
const (
|
|
|
|
linkedinProviderName = "LinkedIn"
|
2021-10-04 16:58:25 +02:00
|
|
|
linkedinDefaultScope = "r_emailaddress r_liteprofile"
|
2020-05-25 14:08:04 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// Default Login URL for LinkedIn.
|
|
|
|
// Pre-parsed URL of https://www.linkedin.com/uas/oauth2/authorization.
|
|
|
|
linkedinDefaultLoginURL = &url.URL{
|
|
|
|
Scheme: "https",
|
|
|
|
Host: "www.linkedin.com",
|
2021-10-04 16:58:25 +02:00
|
|
|
Path: "/oauth/v2/authorization",
|
2015-04-18 00:33:17 +02:00
|
|
|
}
|
2020-05-25 14:08:04 +02:00
|
|
|
|
|
|
|
// Default Redeem URL for LinkedIn.
|
|
|
|
// Pre-parsed URL of https://www.linkedin.com/uas/oauth2/accessToken.
|
|
|
|
linkedinDefaultRedeemURL = &url.URL{
|
|
|
|
Scheme: "https",
|
|
|
|
Host: "www.linkedin.com",
|
|
|
|
Path: "/uas/oauth2/accessToken",
|
2015-05-13 03:48:13 +02:00
|
|
|
}
|
2020-05-25 14:08:04 +02:00
|
|
|
|
|
|
|
// Default Profile URL for LinkedIn.
|
|
|
|
// Pre-parsed URL of https://www.linkedin.com/v1/people/~/email-address.
|
|
|
|
linkedinDefaultProfileURL = &url.URL{
|
|
|
|
Scheme: "https",
|
2021-10-04 16:58:25 +02:00
|
|
|
Host: "api.linkedin.com",
|
|
|
|
Path: "/v2/emailAddress",
|
2015-04-18 00:33:17 +02:00
|
|
|
}
|
2021-11-19 23:36:33 +02:00
|
|
|
|
|
|
|
// Default Validate URL for LinkedIn.
|
|
|
|
linkedinDefaultValidateURL = &url.URL{
|
|
|
|
Scheme: "https",
|
|
|
|
Host: "api.linkedin.com",
|
|
|
|
Path: "/v2/me",
|
|
|
|
}
|
2020-05-25 14:08:04 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// NewLinkedInProvider initiates a new LinkedInProvider
|
|
|
|
func NewLinkedInProvider(p *ProviderData) *LinkedInProvider {
|
|
|
|
p.setProviderDefaults(providerDefaults{
|
|
|
|
name: linkedinProviderName,
|
|
|
|
loginURL: linkedinDefaultLoginURL,
|
|
|
|
redeemURL: linkedinDefaultRedeemURL,
|
|
|
|
profileURL: linkedinDefaultProfileURL,
|
2021-11-19 23:36:33 +02:00
|
|
|
validateURL: linkedinDefaultValidateURL,
|
2020-05-25 14:08:04 +02:00
|
|
|
scope: linkedinDefaultScope,
|
|
|
|
})
|
2021-06-26 12:49:08 +02:00
|
|
|
p.getAuthorizationHeaderFunc = makeLinkedInHeader
|
|
|
|
|
2015-04-18 00:33:17 +02:00
|
|
|
return &LinkedInProvider{ProviderData: p}
|
|
|
|
}
|
|
|
|
|
2020-05-17 17:34:09 +02:00
|
|
|
func makeLinkedInHeader(accessToken string) http.Header {
|
|
|
|
// extra headers required by the LinkedIn API when making authenticated requests
|
|
|
|
extraHeaders := map[string]string{
|
|
|
|
acceptHeader: acceptApplicationJSON,
|
|
|
|
"x-li-format": "json",
|
|
|
|
}
|
|
|
|
return makeAuthorizationHeader(tokenTypeBearer, accessToken, extraHeaders)
|
2015-05-13 03:48:13 +02:00
|
|
|
}
|
|
|
|
|
2018-12-20 12:37:59 +02:00
|
|
|
// GetEmailAddress returns the Account email address
|
2020-05-05 17:53:33 +02:00
|
|
|
func (p *LinkedInProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
|
2015-06-23 13:23:39 +02:00
|
|
|
if s.AccessToken == "" {
|
2015-04-18 00:33:17 +02:00
|
|
|
return "", errors.New("missing access token")
|
|
|
|
}
|
|
|
|
|
2021-10-04 16:58:25 +02:00
|
|
|
requestURL := p.ProfileURL.String() + "?q=members&projection=(elements*(handle~))"
|
2020-07-03 20:27:25 +02:00
|
|
|
json, err := requests.New(requestURL).
|
|
|
|
WithContext(ctx).
|
2020-05-17 17:34:09 +02:00
|
|
|
WithHeaders(makeLinkedInHeader(s.AccessToken)).
|
2020-07-06 18:42:26 +02:00
|
|
|
Do().
|
2022-10-21 12:57:51 +02:00
|
|
|
UnmarshalSimpleJSON()
|
2015-04-18 00:33:17 +02:00
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2021-10-04 16:58:25 +02:00
|
|
|
email, err := json.Get("elements").GetIndex(0).Get("handle~").Get("emailAddress").String()
|
2015-04-18 00:33:17 +02:00
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return email, nil
|
|
|
|
}
|
2015-05-13 03:48:13 +02:00
|
|
|
|
2021-03-07 01:33:13 +02:00
|
|
|
// ValidateSession validates the AccessToken
|
2020-10-24 07:06:50 +02:00
|
|
|
func (p *LinkedInProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
|
2020-05-17 17:34:09 +02:00
|
|
|
return validateToken(ctx, p, s.AccessToken, makeLinkedInHeader(s.AccessToken))
|
2015-05-13 03:48:13 +02:00
|
|
|
}
|