2020-05-17 16:34:09 +01:00
|
|
|
package providers
|
|
|
|
|
|
|
|
|
|
import (
|
2020-11-26 19:00:30 -08:00
|
|
|
"encoding/json"
|
2020-05-17 16:34:09 +01:00
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
2020-09-15 10:12:25 +02:00
|
|
|
"net/url"
|
2020-11-26 19:00:30 -08:00
|
|
|
|
|
|
|
|
"golang.org/x/oauth2"
|
2020-05-17 16:34:09 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
tokenTypeBearer = "Bearer"
|
|
|
|
|
tokenTypeToken = "token"
|
|
|
|
|
|
|
|
|
|
acceptHeader = "Accept"
|
|
|
|
|
acceptApplicationJSON = "application/json"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func makeAuthorizationHeader(prefix, token string, extraHeaders map[string]string) http.Header {
|
|
|
|
|
header := make(http.Header)
|
|
|
|
|
for key, value := range extraHeaders {
|
|
|
|
|
header.Add(key, value)
|
|
|
|
|
}
|
|
|
|
|
header.Set("Authorization", fmt.Sprintf("%s %s", prefix, token))
|
|
|
|
|
return header
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func makeOIDCHeader(accessToken string) http.Header {
|
|
|
|
|
// extra headers required by the IDP when making authenticated requests
|
|
|
|
|
extraHeaders := map[string]string{
|
|
|
|
|
acceptHeader: acceptApplicationJSON,
|
|
|
|
|
}
|
|
|
|
|
return makeAuthorizationHeader(tokenTypeBearer, accessToken, extraHeaders)
|
|
|
|
|
}
|
2020-09-15 10:12:25 +02:00
|
|
|
|
2020-09-15 10:20:10 +02:00
|
|
|
func makeLoginURL(p *ProviderData, redirectURI, state string, extraParams url.Values) url.URL {
|
2020-09-15 10:12:25 +02:00
|
|
|
a := *p.LoginURL
|
|
|
|
|
params, _ := url.ParseQuery(a.RawQuery)
|
|
|
|
|
params.Set("redirect_uri", redirectURI)
|
|
|
|
|
params.Add("scope", p.Scope)
|
|
|
|
|
params.Set("client_id", p.ClientID)
|
|
|
|
|
params.Set("response_type", "code")
|
|
|
|
|
params.Add("state", state)
|
2020-09-15 10:20:10 +02:00
|
|
|
for n, p := range extraParams {
|
|
|
|
|
for _, v := range p {
|
|
|
|
|
params.Add(n, v)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
a.RawQuery = params.Encode()
|
|
|
|
|
return a
|
2020-09-15 10:12:25 +02:00
|
|
|
}
|
2020-11-26 19:00:30 -08:00
|
|
|
|
2020-11-29 14:58:01 -08:00
|
|
|
// getIDToken extracts an IDToken stored in the `Extra` fields of an
|
|
|
|
|
// oauth2.Token
|
2020-11-26 19:00:30 -08:00
|
|
|
func getIDToken(token *oauth2.Token) string {
|
|
|
|
|
idToken, ok := token.Extra("id_token").(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
return idToken
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-29 14:58:01 -08:00
|
|
|
// formatGroup coerces an OIDC groups claim into a string
|
|
|
|
|
// If it is non-string, marshal it into JSON.
|
2020-11-26 19:00:30 -08:00
|
|
|
func formatGroup(rawGroup interface{}) (string, error) {
|
2020-12-01 17:50:27 -08:00
|
|
|
if group, ok := rawGroup.(string); ok {
|
|
|
|
|
return group, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
jsonGroup, err := json.Marshal(rawGroup)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
2020-11-26 19:00:30 -08:00
|
|
|
}
|
2020-12-01 17:50:27 -08:00
|
|
|
return string(jsonGroup), nil
|
2020-11-26 19:00:30 -08:00
|
|
|
}
|
