mirror of
https://github.com/davidallendj/opaal.git
synced 2025-12-20 03:27:02 -07:00
100 lines
3.4 KiB
Go
100 lines
3.4 KiB
Go
package opaal
|
|
|
|
import (
|
|
cache "davidallendj/opaal/internal/cache/sqlite"
|
|
"davidallendj/opaal/internal/flows"
|
|
"davidallendj/opaal/internal/oauth"
|
|
"davidallendj/opaal/internal/oidc"
|
|
"davidallendj/opaal/internal/server"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
func Login(config *Config, client *oauth.Client, provider *oidc.IdentityProvider) error {
|
|
if config == nil {
|
|
return fmt.Errorf("config is not valid")
|
|
}
|
|
|
|
// make cache if it's not where expect
|
|
_, err := cache.CreateIdentityProvidersIfNotExists(config.Options.CachePath)
|
|
if err != nil {
|
|
fmt.Printf("failed to create cache: %v\n", err)
|
|
}
|
|
|
|
if config.Options.FlowType == "authorization_code" {
|
|
// build the authorization URL to redirect user for social sign-in
|
|
var state = ""
|
|
if config.Authentication.Flows["authorization-code"]["state"] != "" {
|
|
state = config.Authentication.Flows["authorization-code"]["state"]
|
|
}
|
|
|
|
// print the authorization URL for sharing
|
|
var authorizationUrl = client.BuildAuthorizationUrl(provider.Endpoints.Authorization, state)
|
|
s := NewServerWithConfig(config)
|
|
fmt.Printf("Login with identity provider:\n\n %s/login\n %s\n\n",
|
|
s.GetListenAddr(), authorizationUrl,
|
|
)
|
|
|
|
var button = MakeButton(authorizationUrl, "Login with "+client.Name)
|
|
var jwtClient = oauth.NewClient()
|
|
jwtClient.Scope = config.Authorization.Token.Scope
|
|
|
|
// authorize oauth client and listen for callback from provider
|
|
fmt.Printf("Waiting for authorization code redirect @%s/oidc/callback...\n", s.GetListenAddr())
|
|
params := server.ServerParams{
|
|
AuthProvider: &oidc.IdentityProvider{
|
|
Issuer: config.Authorization.Endpoints.Issuer,
|
|
Endpoints: oidc.Endpoints{
|
|
Config: config.Authorization.Endpoints.Config,
|
|
JwksUri: config.Authorization.Endpoints.JwksUri,
|
|
},
|
|
},
|
|
Verbose: config.Options.Verbose,
|
|
JwtBearerEndpoints: flows.JwtBearerEndpoints{
|
|
Token: config.Authorization.Endpoints.Token,
|
|
TrustedIssuers: config.Authorization.Endpoints.TrustedIssuers,
|
|
Register: config.Authorization.Endpoints.Register,
|
|
},
|
|
JwtBearerParams: flows.JwtBearerFlowParams{
|
|
Client: jwtClient,
|
|
IdentityProvider: provider,
|
|
TrustedIssuer: &oauth.TrustedIssuer{
|
|
AllowAnySubject: false,
|
|
Issuer: s.Addr,
|
|
Subject: "opaal",
|
|
ExpiresAt: time.Now().Add(config.Authorization.Token.Duration),
|
|
Scope: []string{},
|
|
},
|
|
Verbose: config.Options.Verbose,
|
|
Refresh: config.Authorization.Token.Refresh,
|
|
},
|
|
}
|
|
err = s.Login(button, provider, client, params)
|
|
if errors.Is(err, http.ErrServerClosed) {
|
|
fmt.Printf("\n=========================================\nServer closed.\n=========================================\n\n")
|
|
} else if err != nil {
|
|
return fmt.Errorf("failed to start server: %s", err)
|
|
}
|
|
|
|
} else if config.Options.FlowType == "client_credentials" {
|
|
err := NewClientCredentialsFlowWithConfig(config, client)
|
|
if err != nil {
|
|
fmt.Printf("failed to complete client credentials flow: %v", err)
|
|
}
|
|
} else {
|
|
return fmt.Errorf("invalid grant type (options: authorization_code, client_credentials)")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func MakeButton(url string, text string) string {
|
|
html := "<input type=\"button\" "
|
|
html += "class=\"button\" "
|
|
html += fmt.Sprintf("onclick=\"window.location.href='%s';\" ", url)
|
|
html += fmt.Sprintf("value=\"%s\"", text)
|
|
return html
|
|
// return "<a href=\"" + url + "\"> " + text + "</a>"
|
|
}
|