deprecated-oc-search/controllers/oidc.go
2023-08-26 22:04:56 +02:00

97 lines
2.3 KiB
Go

package controllers
import (
"fmt"
"net/http"
beego "github.com/beego/beego/v2/server/web"
oidc "github.com/coreos/go-oidc"
"golang.org/x/net/context"
"golang.org/x/oauth2"
)
// OidcController is the controller in oidc
type OidcController struct {
beego.Controller
}
var oauth2Config oauth2.Config
var idTokenVerifier *oidc.IDTokenVerifier
var ctx context.Context
// Connect implements open id connection to openid provider
func (c *OidcController) Connect() {
ctx = context.Background()
// Initialize a provider by specifying dex's issuer URL.
provider, err := oidc.NewProvider(ctx, "http://127.0.0.1:5556/dex")
if err != nil {
fmt.Println(err.Error())
return
}
// Configure the OAuth2 config with the client values.
oauth2Config = oauth2.Config{
// client_id and client_secret of the client.
ClientID: "opencloud-search",
ClientSecret: "ZXhhbXBsZS1hcHAtc2VjcmV0",
// The redirectURL.
RedirectURL: "http://127.0.0.1:8080/oidc-callback",
// Discovery returns the OAuth2 endpoints.
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
//
// Other scopes, such as "groups" can be requested.
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "groups"},
}
// Create an ID token parser.
idTokenVerifier = provider.Verifier(&oidc.Config{ClientID: "opencloud-search"})
//state := newState()
c.Redirect(oauth2Config.AuthCodeURL("foobar"), http.StatusFound)
}
// Callback implements open id callback from openid provider
func (c *OidcController) Callback() {
state := c.GetString("state")
code := c.GetString("code")
_ = state
// Verify state.
oauth2Token, err := oauth2Config.Exchange(ctx, code)
if err != nil {
fmt.Println(err.Error())
}
// Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
// handle missing token
}
fmt.Println(rawIDToken)
// Parse and verify ID Token payload.
idToken, err := idTokenVerifier.Verify(ctx, rawIDToken)
if err != nil {
// handle error
}
// Extract custom claims.
var claims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
Groups []string `json:"groups"`
}
if err := idToken.Claims(&claims); err != nil {
// handle error
}
c.SetSession("login", claims.Email)
c.Redirect("/user", http.StatusFound)
}