oauth2-proxy/providers/util.go

package providers

import (
	"encoding/json"
	"fmt"
	"net/http"
	"net/url"

	"golang.org/x/oauth2"
)

const (
	tokenTypeBearer = "Bearer"
	tokenTypeToken  = "token"

	acceptHeader          = "Accept"
	acceptApplicationJSON = "application/json"
)

func makeAuthorizationHeader(prefix, token string, extraHeaders map[string]string) http.Header {
	header := make(http.Header)
	for key, value := range extraHeaders {
		header.Add(key, value)
	}
	header.Set("Authorization", fmt.Sprintf("%s %s", prefix, token))
	return header
}

func makeOIDCHeader(accessToken string) http.Header {
	// extra headers required by the IDP when making authenticated requests
	extraHeaders := map[string]string{
		acceptHeader: acceptApplicationJSON,
	}
	return makeAuthorizationHeader(tokenTypeBearer, accessToken, extraHeaders)
}

func makeLoginURL(p *ProviderData, redirectURI, state string, extraParams url.Values) url.URL {
	a := *p.LoginURL
	params, _ := url.ParseQuery(a.RawQuery)
	params.Set("redirect_uri", redirectURI)
	if p.AcrValues != "" {
		params.Add("acr_values", p.AcrValues)
	}
	if p.Prompt != "" {
		params.Set("prompt", p.Prompt)
	} else { // Legacy variant of the prompt param:
		params.Set("approval_prompt", p.ApprovalPrompt)
	}
	params.Add("scope", p.Scope)
	params.Set("client_id", p.ClientID)
	params.Set("response_type", "code")
	params.Add("state", state)
	for n, p := range extraParams {
		for _, v := range p {
			params.Add(n, v)
		}
	}
	a.RawQuery = params.Encode()
	return a
}

func getIDToken(token *oauth2.Token) string {
	idToken, ok := token.Extra("id_token").(string)
	if !ok {
		return ""
	}
	return idToken
}

func formatGroup(rawGroup interface{}) (string, error) {
	group, ok := rawGroup.(string)
	if !ok {
		jsonGroup, err := json.Marshal(rawGroup)
		if err != nil {
			return "", err
		}
		group = string(jsonGroup)
	}
	return group, nil
}
Create generic Authorization Header constructor 2020-05-17 17:34:09 +02:00			`package providers`

			`import (`
Refactor OIDC to EnrichSession 2020-11-27 05:00:30 +02:00			`"encoding/json"`
Create generic Authorization Header constructor 2020-05-17 17:34:09 +02:00			`"fmt"`
			`"net/http"`
Move DefaultGetLoginURL into util.go 2020-09-15 10:12:25 +02:00			`"net/url"`
Refactor OIDC to EnrichSession 2020-11-27 05:00:30 +02:00
			`"golang.org/x/oauth2"`
Create generic Authorization Header constructor 2020-05-17 17:34:09 +02:00			`)`

			`const (`
			`tokenTypeBearer = "Bearer"`
			`tokenTypeToken = "token"`

			`acceptHeader = "Accept"`
			`acceptApplicationJSON = "application/json"`
			`)`

			`func makeAuthorizationHeader(prefix, token string, extraHeaders map[string]string) http.Header {`
			`header := make(http.Header)`
			`for key, value := range extraHeaders {`
			`header.Add(key, value)`
			`}`
			`header.Set("Authorization", fmt.Sprintf("%s %s", prefix, token))`
			`return header`
			`}`

			`func makeOIDCHeader(accessToken string) http.Header {`
			`// extra headers required by the IDP when making authenticated requests`
			`extraHeaders := map[string]string{`
			`acceptHeader: acceptApplicationJSON,`
			`}`
			`return makeAuthorizationHeader(tokenTypeBearer, accessToken, extraHeaders)`
			`}`
Move DefaultGetLoginURL into util.go 2020-09-15 10:12:25 +02:00
Refactor makeLoginURL to accept extraParams And don't require the caller to know how to use the returned params. 2020-09-15 10:20:10 +02:00			`func makeLoginURL(p *ProviderData, redirectURI, state string, extraParams url.Values) url.URL {`
Move DefaultGetLoginURL into util.go 2020-09-15 10:12:25 +02:00			`a := *p.LoginURL`
			`params, _ := url.ParseQuery(a.RawQuery)`
			`params.Set("redirect_uri", redirectURI)`
			`if p.AcrValues != "" {`
			`params.Add("acr_values", p.AcrValues)`
			`}`
			`if p.Prompt != "" {`
			`params.Set("prompt", p.Prompt)`
			`} else { // Legacy variant of the prompt param:`
			`params.Set("approval_prompt", p.ApprovalPrompt)`
			`}`
			`params.Add("scope", p.Scope)`
			`params.Set("client_id", p.ClientID)`
			`params.Set("response_type", "code")`
			`params.Add("state", state)`
Refactor makeLoginURL to accept extraParams And don't require the caller to know how to use the returned params. 2020-09-15 10:20:10 +02:00			`for n, p := range extraParams {`
			`for _, v := range p {`
			`params.Add(n, v)`
			`}`
			`}`
			`a.RawQuery = params.Encode()`
			`return a`
Move DefaultGetLoginURL into util.go 2020-09-15 10:12:25 +02:00			`}`
Refactor OIDC to EnrichSession 2020-11-27 05:00:30 +02:00
			`func getIDToken(token *oauth2.Token) string {`
			`idToken, ok := token.Extra("id_token").(string)`
			`if !ok {`
			`return ""`
			`}`
			`return idToken`
			`}`

			`func formatGroup(rawGroup interface{}) (string, error) {`
			`group, ok := rawGroup.(string)`
			`if !ok {`
			`jsonGroup, err := json.Marshal(rawGroup)`
			`if err != nil {`
			`return "", err`
			`}`
			`group = string(jsonGroup)`
			`}`
			`return group, nil`
			`}`