mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-12-12 11:15:02 +02:00
1961424561
* Add -user-id-claim to support other claims than email Fix #431 - This is a minimal change to allow the user to configure which claim is the source of the "user ID". - Add the option `user-id-claim` (defaults to email) - OIDC extracts this claim into session.Email (to be renamed later) - providers: add `CreateSessionStateFromBearerToken` with a default impl taken from `GetJwtSession` and overridden by oidc to respect `user-id-claim` Once #466 is merged, I can continue to rename SessionState.Email to .UserID and add HTTP headers with a corresponding name. * Apply suggestions from code review Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk> * Review feedback: Don't extract claims manually Instead, parse them twice - it might be sligtly slower but less bug-prone as the code evolves. * Fix indentation Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
54 lines
1.7 KiB
Go
54 lines
1.7 KiB
Go
package providers
|
|
|
|
import (
|
|
"github.com/coreos/go-oidc"
|
|
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
|
|
"github.com/oauth2-proxy/oauth2-proxy/pkg/encryption"
|
|
)
|
|
|
|
// Provider represents an upstream identity provider implementation
|
|
type Provider interface {
|
|
Data() *ProviderData
|
|
GetEmailAddress(*sessions.SessionState) (string, error)
|
|
GetUserName(*sessions.SessionState) (string, error)
|
|
GetPreferredUsername(*sessions.SessionState) (string, error)
|
|
Redeem(string, string) (*sessions.SessionState, error)
|
|
ValidateGroup(string) bool
|
|
ValidateSessionState(*sessions.SessionState) bool
|
|
GetLoginURL(redirectURI, finalRedirect string) string
|
|
RefreshSessionIfNeeded(*sessions.SessionState) (bool, error)
|
|
SessionFromCookie(string, *encryption.Cipher) (*sessions.SessionState, error)
|
|
CookieForSession(*sessions.SessionState, *encryption.Cipher) (string, error)
|
|
CreateSessionStateFromBearerToken(rawIDToken string, idToken *oidc.IDToken) (*sessions.SessionState, error)
|
|
}
|
|
|
|
// New provides a new Provider based on the configured provider string
|
|
func New(provider string, p *ProviderData) Provider {
|
|
switch provider {
|
|
case "linkedin":
|
|
return NewLinkedInProvider(p)
|
|
case "facebook":
|
|
return NewFacebookProvider(p)
|
|
case "github":
|
|
return NewGitHubProvider(p)
|
|
case "keycloak":
|
|
return NewKeycloakProvider(p)
|
|
case "azure":
|
|
return NewAzureProvider(p)
|
|
case "gitlab":
|
|
return NewGitLabProvider(p)
|
|
case "oidc":
|
|
return NewOIDCProvider(p)
|
|
case "login.gov":
|
|
return NewLoginGovProvider(p)
|
|
case "bitbucket":
|
|
return NewBitbucketProvider(p)
|
|
case "nextcloud":
|
|
return NewNextcloudProvider(p)
|
|
case "digitalocean":
|
|
return NewDigitalOceanProvider(p)
|
|
default:
|
|
return NewGoogleProvider(p)
|
|
}
|
|
}
|