Compare commits
9 Commits
0.32.0-bet
...
0.32.0-bet
| Author | SHA1 | Date | |
|---|---|---|---|
|
c9ba0b13f8 | ||
|
|
fadd9f6168 | ||
|
|
395e2e2a85 | ||
|
|
6335084835 | ||
|
|
eab336cd3d | ||
|
|
f4691fca1f | ||
|
|
341d4fbae5 | ||
|
|
e467b45ab1 | ||
|
|
7edfad3486 |
@@ -9,7 +9,6 @@ export const TextInputType = {
|
||||
FACEBOOK_CLIENT_ID: 'FACEBOOK_CLIENT_ID',
|
||||
LINKEDIN_CLIENT_ID: 'LINKEDIN_CLIENT_ID',
|
||||
APPLE_CLIENT_ID: 'APPLE_CLIENT_ID',
|
||||
APPLE_CLIENT_SECRET: 'APPLE_CLIENT_SECRET',
|
||||
JWT_ROLE_CLAIM: 'JWT_ROLE_CLAIM',
|
||||
REDIS_URL: 'REDIS_URL',
|
||||
SMTP_HOST: 'SMTP_HOST',
|
||||
|
||||
@@ -17,6 +17,7 @@ import (
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
@@ -472,15 +473,38 @@ func processAppleUserInfo(code string) (models.User, error) {
|
||||
|
||||
fmt.Println("=> rawIDToken", rawIDToken)
|
||||
|
||||
// Parse and verify ID Token payload.
|
||||
claims, err := token.ParseJWTToken(rawIDToken)
|
||||
tokenSplit := strings.Split(rawIDToken, ".")
|
||||
claimsData := tokenSplit[1]
|
||||
decodedClaimsData, err := crypto.DecryptB64(claimsData)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse apple id token: ", err)
|
||||
return user, err
|
||||
log.Debug("Failed to decrypt claims data: ", err)
|
||||
return user, fmt.Errorf("failed to decrypt claims data: %s", err.Error())
|
||||
}
|
||||
fmt.Println("=> decoded claims data", decodedClaimsData)
|
||||
|
||||
claims := make(map[string]interface{})
|
||||
err = json.Unmarshal([]byte(decodedClaimsData), &claims)
|
||||
if err != nil {
|
||||
log.Debug("Failed to unmarshal claims data: ", err)
|
||||
return user, fmt.Errorf("failed to unmarshal claims data: %s", err.Error())
|
||||
}
|
||||
|
||||
fmt.Println("=> claims", claims)
|
||||
|
||||
if val, ok := claims["email"]; !ok {
|
||||
log.Debug("Failed to extract email from claims.")
|
||||
return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
|
||||
} else {
|
||||
user.Email = val.(string)
|
||||
}
|
||||
|
||||
if val, ok := claims["name"]; ok {
|
||||
nameData := val.(map[string]interface{})
|
||||
givenName := nameData["firstName"].(string)
|
||||
familyName := nameData["lastName"].(string)
|
||||
user.GivenName = &givenName
|
||||
user.FamilyName = &familyName
|
||||
}
|
||||
fmt.Println("claims:", claims)
|
||||
email := claims["email"].(string)
|
||||
user.Email = email
|
||||
|
||||
return user, err
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
@@ -170,7 +171,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
case constants.SignupMethodApple:
|
||||
if oauth.OAuthProviders.AppleConfig == nil {
|
||||
log.Debug("Linkedin OAuth provider is not configured")
|
||||
log.Debug("Apple OAuth provider is not configured")
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
@@ -183,7 +184,8 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodApple
|
||||
url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString)
|
||||
// Scope from the root config was not passed for apple login
|
||||
url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post"), oauth2.SetAuthURLParam("scope", "name email"))
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
default:
|
||||
log.Debug("Invalid oauth provider: ", provider)
|
||||
|
||||
@@ -124,13 +124,12 @@ func InitOAuth() error {
|
||||
if appleClientID != "" && appleClientSecret != "" {
|
||||
OAuthProviders.AppleConfig = &oauth2.Config{
|
||||
ClientID: appleClientID,
|
||||
ClientSecret: appleClientID,
|
||||
ClientSecret: appleClientSecret,
|
||||
RedirectURL: "/oauth_callback/apple",
|
||||
Endpoint: oauth2.Endpoint{
|
||||
AuthURL: "https://appleid.apple.com/auth/authorize",
|
||||
TokenURL: "https://appleid.apple.com/auth/token",
|
||||
},
|
||||
Scopes: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ func InitRouter(log *logrus.Logger) *gin.Engine {
|
||||
router.GET("/playground", handlers.PlaygroundHandler())
|
||||
router.GET("/oauth_login/:oauth_provider", handlers.OAuthLoginHandler())
|
||||
router.GET("/oauth_callback/:oauth_provider", handlers.OAuthCallbackHandler())
|
||||
router.POST("/oauth_callback/:oauth_provider", handlers.OAuthCallbackHandler())
|
||||
router.GET("/verify_email", handlers.VerifyEmailHandler())
|
||||
// OPEN ID routes
|
||||
router.GET("/.well-known/openid-configuration", handlers.OpenIDConfigurationHandler())
|
||||
|
||||
Reference in New Issue
Block a user