Files
authorizer/server/oauth/oauth.go

194 lines
6.5 KiB
Go
Raw Normal View History

package oauth
import (
2021-12-03 22:55:27 +05:30
"context"
2023-02-26 05:23:02 +05:30
"fmt"
2021-12-03 22:55:27 +05:30
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
2021-09-05 03:57:29 +05:30
facebookOAuth2 "golang.org/x/oauth2/facebook"
githubOAuth2 "golang.org/x/oauth2/github"
2022-06-06 22:08:32 +05:30
linkedInOAuth2 "golang.org/x/oauth2/linkedin"
2023-02-26 05:23:02 +05:30
microsoftOAuth2 "golang.org/x/oauth2/microsoft"
2022-05-24 12:42:29 +05:30
"github.com/authorizerdev/authorizer/server/constants"
2022-05-29 17:22:46 +05:30
"github.com/authorizerdev/authorizer/server/memorystore"
)
2022-01-17 11:32:13 +05:30
// OAuthProviders is a struct that contains reference all the OAuth providers
2021-12-03 22:55:27 +05:30
type OAuthProvider struct {
2023-02-26 05:23:02 +05:30
GoogleConfig *oauth2.Config
GithubConfig *oauth2.Config
FacebookConfig *oauth2.Config
LinkedInConfig *oauth2.Config
AppleConfig *oauth2.Config
TwitterConfig *oauth2.Config
MicrosoftConfig *oauth2.Config
}
2022-01-17 11:32:13 +05:30
// OIDCProviders is a struct that contains reference all the OpenID providers
2021-12-03 22:55:27 +05:30
type OIDCProvider struct {
2023-02-26 05:23:02 +05:30
GoogleOIDC *oidc.Provider
MicrosoftOIDC *oidc.Provider
2021-12-03 22:55:27 +05:30
}
var (
2022-01-17 11:32:13 +05:30
// OAuthProviders is a global variable that contains instance for all enabled the OAuth providers
2021-12-03 22:55:27 +05:30
OAuthProviders OAuthProvider
2022-01-17 11:32:13 +05:30
// OIDCProviders is a global variable that contains instance for all enabled the OpenID providers
OIDCProviders OIDCProvider
2021-12-03 22:55:27 +05:30
)
2022-01-17 11:32:13 +05:30
// InitOAuth initializes the OAuth providers based on EnvData
2022-02-26 10:06:26 +05:30
func InitOAuth() error {
2021-12-03 22:55:27 +05:30
ctx := context.Background()
2022-05-29 17:22:46 +05:30
googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)
if err != nil {
googleClientID = ""
}
googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)
if err != nil {
googleClientSecret = ""
}
if googleClientID != "" && googleClientSecret != "" {
2021-12-03 22:55:27 +05:30
p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
2022-02-26 10:06:26 +05:30
return err
2021-12-03 22:55:27 +05:30
}
OIDCProviders.GoogleOIDC = p
OAuthProviders.GoogleConfig = &oauth2.Config{
2022-05-29 17:22:46 +05:30
ClientID: googleClientID,
ClientSecret: googleClientSecret,
2022-01-31 11:35:24 +05:30
RedirectURL: "/oauth_callback/google",
2021-12-03 22:55:27 +05:30
Endpoint: OIDCProviders.GoogleOIDC.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
}
2022-05-29 17:22:46 +05:30
githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)
if err != nil {
githubClientID = ""
}
githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)
if err != nil {
githubClientSecret = ""
}
if githubClientID != "" && githubClientSecret != "" {
2021-12-03 22:55:27 +05:30
OAuthProviders.GithubConfig = &oauth2.Config{
2022-05-29 17:22:46 +05:30
ClientID: githubClientID,
ClientSecret: githubClientSecret,
2022-01-31 11:35:24 +05:30
RedirectURL: "/oauth_callback/github",
Endpoint: githubOAuth2.Endpoint,
2022-09-14 11:45:38 +05:30
Scopes: []string{"read:user", "user:email"},
}
}
2022-05-29 17:22:46 +05:30
facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)
if err != nil {
facebookClientID = ""
}
facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)
if err != nil {
facebookClientSecret = ""
}
if facebookClientID != "" && facebookClientSecret != "" {
2021-12-03 22:55:27 +05:30
OAuthProviders.FacebookConfig = &oauth2.Config{
2022-05-29 17:22:46 +05:30
ClientID: facebookClientID,
ClientSecret: facebookClientSecret,
2022-01-31 11:35:24 +05:30
RedirectURL: "/oauth_callback/facebook",
2021-09-05 03:57:29 +05:30
Endpoint: facebookOAuth2.Endpoint,
Scopes: []string{"public_profile", "email"},
}
}
2022-02-26 10:06:26 +05:30
2022-06-06 22:08:32 +05:30
linkedInClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)
if err != nil {
linkedInClientID = ""
}
linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)
if err != nil {
linkedInClientSecret = ""
}
if linkedInClientID != "" && linkedInClientSecret != "" {
OAuthProviders.LinkedInConfig = &oauth2.Config{
ClientID: linkedInClientID,
ClientSecret: linkedInClientSecret,
RedirectURL: "/oauth_callback/linkedin",
Endpoint: linkedInOAuth2.Endpoint,
Scopes: []string{"r_liteprofile", "r_emailaddress"},
}
}
2022-06-12 14:49:48 +05:30
appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)
if err != nil {
appleClientID = ""
}
appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)
if err != nil {
appleClientSecret = ""
}
if appleClientID != "" && appleClientSecret != "" {
OAuthProviders.AppleConfig = &oauth2.Config{
ClientID: appleClientID,
2022-06-14 11:11:09 +05:30
ClientSecret: appleClientSecret,
2022-06-12 14:49:48 +05:30
RedirectURL: "/oauth_callback/apple",
Endpoint: oauth2.Endpoint{
AuthURL: "https://appleid.apple.com/auth/authorize",
TokenURL: "https://appleid.apple.com/auth/token",
},
}
}
2022-08-14 20:19:48 +02:00
twitterClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientID)
if err != nil {
twitterClientID = ""
}
twitterClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientSecret)
if err != nil {
twitterClientSecret = ""
}
if twitterClientID != "" && twitterClientSecret != "" {
OAuthProviders.TwitterConfig = &oauth2.Config{
ClientID: twitterClientID,
ClientSecret: twitterClientSecret,
RedirectURL: "/oauth_callback/twitter",
Endpoint: oauth2.Endpoint{
// Endpoint is currently not yet part of oauth2-package. See https://go-review.googlesource.com/c/oauth2/+/350889 for status
AuthURL: "https://twitter.com/i/oauth2/authorize",
TokenURL: "https://api.twitter.com/2/oauth2/token",
AuthStyle: oauth2.AuthStyleInHeader,
},
Scopes: []string{"tweet.read", "users.read"},
}
}
2022-08-13 12:35:00 +05:30
2023-02-26 05:23:02 +05:30
microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)
if err != nil {
microsoftClientID = ""
}
microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)
if err != nil {
microsoftClientSecret = ""
}
microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
if err != nil {
microsoftActiveDirTenantID = ""
}
if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {
p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
if err != nil {
return err
}
OIDCProviders.MicrosoftOIDC = p
OAuthProviders.MicrosoftConfig = &oauth2.Config{
ClientID: microsoftClientID,
ClientSecret: microsoftClientSecret,
RedirectURL: "/oauth_callback/microsoft",
Endpoint: microsoftOAuth2.AzureADEndpoint(microsoftActiveDirTenantID),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
}
2022-02-26 10:06:26 +05:30
return nil
}