2021-07-17 21:59:50 +05:30
|
|
|
package oauth
|
|
|
|
|
|
|
|
|
|
import (
|
2021-12-03 22:55:27 +05:30
|
|
|
"context"
|
2023-02-26 05:23:02 +05:30
|
|
|
"fmt"
|
2021-12-03 22:55:27 +05:30
|
|
|
|
|
|
|
|
"github.com/coreos/go-oidc/v3/oidc"
|
2021-07-17 21:59:50 +05:30
|
|
|
"golang.org/x/oauth2"
|
2021-09-05 03:57:29 +05:30
|
|
|
facebookOAuth2 "golang.org/x/oauth2/facebook"
|
2021-07-17 21:59:50 +05:30
|
|
|
githubOAuth2 "golang.org/x/oauth2/github"
|
2022-06-06 22:08:32 +05:30
|
|
|
linkedInOAuth2 "golang.org/x/oauth2/linkedin"
|
2023-02-26 05:23:02 +05:30
|
|
|
microsoftOAuth2 "golang.org/x/oauth2/microsoft"
|
2022-05-24 12:42:29 +05:30
|
|
|
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/constants"
|
2022-05-29 17:22:46 +05:30
|
|
|
"github.com/authorizerdev/authorizer/server/memorystore"
|
2021-07-17 21:59:50 +05:30
|
|
|
)
|
|
|
|
|
|
2022-01-17 11:32:13 +05:30
|
|
|
// OAuthProviders is a struct that contains reference all the OAuth providers
|
2021-12-03 22:55:27 +05:30
|
|
|
type OAuthProvider struct {
|
2023-02-26 05:23:02 +05:30
|
|
|
GoogleConfig *oauth2.Config
|
|
|
|
|
GithubConfig *oauth2.Config
|
|
|
|
|
FacebookConfig *oauth2.Config
|
|
|
|
|
LinkedInConfig *oauth2.Config
|
|
|
|
|
AppleConfig *oauth2.Config
|
|
|
|
|
TwitterConfig *oauth2.Config
|
|
|
|
|
MicrosoftConfig *oauth2.Config
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
|
|
|
|
|
2022-01-17 11:32:13 +05:30
|
|
|
// OIDCProviders is a struct that contains reference all the OpenID providers
|
2021-12-03 22:55:27 +05:30
|
|
|
type OIDCProvider struct {
|
2023-02-26 05:23:02 +05:30
|
|
|
GoogleOIDC *oidc.Provider
|
|
|
|
|
MicrosoftOIDC *oidc.Provider
|
2021-12-03 22:55:27 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
2022-01-17 11:32:13 +05:30
|
|
|
// OAuthProviders is a global variable that contains instance for all enabled the OAuth providers
|
2021-12-03 22:55:27 +05:30
|
|
|
OAuthProviders OAuthProvider
|
2022-01-17 11:32:13 +05:30
|
|
|
// OIDCProviders is a global variable that contains instance for all enabled the OpenID providers
|
|
|
|
|
OIDCProviders OIDCProvider
|
2021-12-03 22:55:27 +05:30
|
|
|
)
|
2021-07-17 21:59:50 +05:30
|
|
|
|
2022-01-17 11:32:13 +05:30
|
|
|
// InitOAuth initializes the OAuth providers based on EnvData
|
2022-02-26 10:06:26 +05:30
|
|
|
func InitOAuth() error {
|
2021-12-03 22:55:27 +05:30
|
|
|
ctx := context.Background()
|
2022-05-29 17:22:46 +05:30
|
|
|
googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
googleClientID = ""
|
|
|
|
|
}
|
|
|
|
|
googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
googleClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if googleClientID != "" && googleClientSecret != "" {
|
2021-12-03 22:55:27 +05:30
|
|
|
p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
|
|
|
|
|
if err != nil {
|
2022-02-26 10:06:26 +05:30
|
|
|
return err
|
2021-12-03 22:55:27 +05:30
|
|
|
}
|
|
|
|
|
OIDCProviders.GoogleOIDC = p
|
|
|
|
|
OAuthProviders.GoogleConfig = &oauth2.Config{
|
2022-05-29 17:22:46 +05:30
|
|
|
ClientID: googleClientID,
|
|
|
|
|
ClientSecret: googleClientSecret,
|
2022-01-31 11:35:24 +05:30
|
|
|
RedirectURL: "/oauth_callback/google",
|
2021-12-03 22:55:27 +05:30
|
|
|
Endpoint: OIDCProviders.GoogleOIDC.Endpoint(),
|
|
|
|
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
|
|
|
|
}
|
2022-05-29 17:22:46 +05:30
|
|
|
|
|
|
|
|
githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
githubClientID = ""
|
|
|
|
|
}
|
|
|
|
|
githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
githubClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if githubClientID != "" && githubClientSecret != "" {
|
2021-12-03 22:55:27 +05:30
|
|
|
OAuthProviders.GithubConfig = &oauth2.Config{
|
2022-05-29 17:22:46 +05:30
|
|
|
ClientID: githubClientID,
|
|
|
|
|
ClientSecret: githubClientSecret,
|
2022-01-31 11:35:24 +05:30
|
|
|
RedirectURL: "/oauth_callback/github",
|
2021-07-17 21:59:50 +05:30
|
|
|
Endpoint: githubOAuth2.Endpoint,
|
2022-09-14 11:45:38 +05:30
|
|
|
Scopes: []string{"read:user", "user:email"},
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
|
|
|
|
}
|
2022-05-29 17:22:46 +05:30
|
|
|
|
|
|
|
|
facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
facebookClientID = ""
|
|
|
|
|
}
|
|
|
|
|
facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
facebookClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if facebookClientID != "" && facebookClientSecret != "" {
|
2021-12-03 22:55:27 +05:30
|
|
|
OAuthProviders.FacebookConfig = &oauth2.Config{
|
2022-05-29 17:22:46 +05:30
|
|
|
ClientID: facebookClientID,
|
|
|
|
|
ClientSecret: facebookClientSecret,
|
2022-01-31 11:35:24 +05:30
|
|
|
RedirectURL: "/oauth_callback/facebook",
|
2021-09-05 03:57:29 +05:30
|
|
|
Endpoint: facebookOAuth2.Endpoint,
|
|
|
|
|
Scopes: []string{"public_profile", "email"},
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-02-26 10:06:26 +05:30
|
|
|
|
2022-06-06 22:08:32 +05:30
|
|
|
linkedInClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
linkedInClientID = ""
|
|
|
|
|
}
|
|
|
|
|
linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
linkedInClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if linkedInClientID != "" && linkedInClientSecret != "" {
|
|
|
|
|
OAuthProviders.LinkedInConfig = &oauth2.Config{
|
|
|
|
|
ClientID: linkedInClientID,
|
|
|
|
|
ClientSecret: linkedInClientSecret,
|
|
|
|
|
RedirectURL: "/oauth_callback/linkedin",
|
|
|
|
|
Endpoint: linkedInOAuth2.Endpoint,
|
|
|
|
|
Scopes: []string{"r_liteprofile", "r_emailaddress"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-12 14:49:48 +05:30
|
|
|
appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
appleClientID = ""
|
|
|
|
|
}
|
|
|
|
|
appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
appleClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if appleClientID != "" && appleClientSecret != "" {
|
|
|
|
|
OAuthProviders.AppleConfig = &oauth2.Config{
|
|
|
|
|
ClientID: appleClientID,
|
2022-06-14 11:11:09 +05:30
|
|
|
ClientSecret: appleClientSecret,
|
2022-06-12 14:49:48 +05:30
|
|
|
RedirectURL: "/oauth_callback/apple",
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
AuthURL: "https://appleid.apple.com/auth/authorize",
|
|
|
|
|
TokenURL: "https://appleid.apple.com/auth/token",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-14 20:19:48 +02:00
|
|
|
twitterClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
twitterClientID = ""
|
|
|
|
|
}
|
|
|
|
|
twitterClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
twitterClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
if twitterClientID != "" && twitterClientSecret != "" {
|
|
|
|
|
OAuthProviders.TwitterConfig = &oauth2.Config{
|
|
|
|
|
ClientID: twitterClientID,
|
|
|
|
|
ClientSecret: twitterClientSecret,
|
|
|
|
|
RedirectURL: "/oauth_callback/twitter",
|
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
// Endpoint is currently not yet part of oauth2-package. See https://go-review.googlesource.com/c/oauth2/+/350889 for status
|
|
|
|
|
AuthURL: "https://twitter.com/i/oauth2/authorize",
|
|
|
|
|
TokenURL: "https://api.twitter.com/2/oauth2/token",
|
|
|
|
|
AuthStyle: oauth2.AuthStyleInHeader,
|
|
|
|
|
},
|
|
|
|
|
Scopes: []string{"tweet.read", "users.read"},
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-13 12:35:00 +05:30
|
|
|
|
2023-02-26 05:23:02 +05:30
|
|
|
microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
microsoftClientID = ""
|
|
|
|
|
}
|
|
|
|
|
microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
microsoftClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
microsoftActiveDirTenantID = ""
|
|
|
|
|
}
|
|
|
|
|
if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {
|
|
|
|
|
p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
OIDCProviders.MicrosoftOIDC = p
|
|
|
|
|
OAuthProviders.MicrosoftConfig = &oauth2.Config{
|
|
|
|
|
ClientID: microsoftClientID,
|
|
|
|
|
ClientSecret: microsoftClientSecret,
|
|
|
|
|
RedirectURL: "/oauth_callback/microsoft",
|
|
|
|
|
Endpoint: microsoftOAuth2.AzureADEndpoint(microsoftActiveDirTenantID),
|
|
|
|
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-26 10:06:26 +05:30
|
|
|
return nil
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
