feat: add microsoft login

2023-02-26 05:23:02 +05:30
parent 1ac8ba4ce0
commit 3603af9f84
26 changed files with 2737 additions and 151 deletions
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -70,6 +70,8 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			user, err = processAppleUserInfo(oauthCode)
 		case constants.AuthRecipeMethodTwitter:
 			user, err = processTwitterUserInfo(oauthCode, sessionState)
+		case constants.AuthRecipeMethodMicrosoft:
+			user, err = processMicrosoftUserInfo(oauthCode)
 		default:
 			log.Info("Invalid oauth provider")
 			err = fmt.Errorf(`invalid oauth provider`)
@@ -669,3 +671,37 @@ func processTwitterUserInfo(code, verifier string) (models.User, error) {

 	return user, nil
 }
+
+// process microsoft user information
+func processMicrosoftUserInfo(code string) (models.User, error) {
+	user := models.User{}
+	ctx := context.Background()
+	oauth2Token, err := oauth.OAuthProviders.MicrosoftConfig.Exchange(ctx, code)
+	if err != nil {
+		log.Debug("Failed to exchange code for token: ", err)
+		return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
+	}
+
+	verifier := oauth.OIDCProviders.MicrosoftOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.MicrosoftConfig.ClientID})
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		log.Debug("Failed to extract ID Token from OAuth2 token")
+		return user, fmt.Errorf("unable to extract id_token")
+	}
+
+	// Parse and verify ID Token payload.
+	idToken, err := verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		log.Debug("Failed to verify ID Token: ", err)
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
+	}
+
+	if err := idToken.Claims(&user); err != nil {
+		log.Debug("Failed to parse ID Token claims: ", err)
+		return user, fmt.Errorf("unable to extract claims")
+	}
+
+	return user, nil
+}
--- a/server/handlers/oauth_login.go
+++ b/server/handlers/oauth_login.go
@@ -209,6 +209,24 @@ func OAuthLoginHandler() gin.HandlerFunc {
 			// check: https://github.com/golang/oauth2/issues/449
 			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"
 			c.Redirect(http.StatusTemporaryRedirect, url)
+		case constants.AuthRecipeMethodMicrosoft:
+			if oauth.OAuthProviders.MicrosoftConfig == nil {
+				log.Debug("Microsoft OAuth provider is not configured")
+				isProviderConfigured = false
+				break
+			}
+			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodMicrosoft)
+			if err != nil {
+				log.Debug("Error setting state: ", err)
+				c.JSON(500, gin.H{
+					"error": "internal server error",
+				})
+				return
+			}
+			// during the init of OAuthProvider authorizer url might be empty
+			oauth.OAuthProviders.MicrosoftConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodMicrosoft
+			url := oauth.OAuthProviders.MicrosoftConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
 		default:
 			log.Debug("Invalid oauth provider: ", provider)
 			c.JSON(422, gin.H{