last demo import - cleaned
This commit is contained in:
ycc
96
controllers/oidc.go
Normal file
96
controllers/oidc.go
Normal file
@@ -0,0 +1,96 @@
|
||||
package controllers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
beego "github.com/beego/beego/v2/server/web"
|
||||
|
||||
oidc "github.com/coreos/go-oidc"
|
||||
"golang.org/x/net/context"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
// OidcController is the controller in oidc
|
||||
type OidcController struct {
|
||||
beego.Controller
|
||||
}
|
||||
|
||||
var oauth2Config oauth2.Config
|
||||
var idTokenVerifier *oidc.IDTokenVerifier
|
||||
var ctx context.Context
|
||||
|
||||
// Connect implements open id connection to openid provider
|
||||
func (c *OidcController) Connect() {
|
||||
ctx = context.Background()
|
||||
|
||||
// Initialize a provider by specifying dex's issuer URL.
|
||||
provider, err := oidc.NewProvider(ctx, "http://127.0.0.1:5556/dex")
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// Configure the OAuth2 config with the client values.
|
||||
oauth2Config = oauth2.Config{
|
||||
// client_id and client_secret of the client.
|
||||
ClientID: "opencloud-search",
|
||||
ClientSecret: "ZXhhbXBsZS1hcHAtc2VjcmV0",
|
||||
|
||||
// The redirectURL.
|
||||
RedirectURL: "http://127.0.0.1:8080/oidc-callback",
|
||||
|
||||
// Discovery returns the OAuth2 endpoints.
|
||||
Endpoint: provider.Endpoint(),
|
||||
|
||||
// "openid" is a required scope for OpenID Connect flows.
|
||||
//
|
||||
// Other scopes, such as "groups" can be requested.
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "groups"},
|
||||
}
|
||||
|
||||
// Create an ID token parser.
|
||||
idTokenVerifier = provider.Verifier(&oidc.Config{ClientID: "opencloud-search"})
|
||||
|
||||
//state := newState()
|
||||
c.Redirect(oauth2Config.AuthCodeURL("foobar"), http.StatusFound)
|
||||
|
||||
}
|
||||
|
||||
// Callback implements open id callback from openid provider
|
||||
func (c *OidcController) Callback() {
|
||||
|
||||
state := c.GetString("state")
|
||||
code := c.GetString("code")
|
||||
_ = state
|
||||
// Verify state.
|
||||
|
||||
oauth2Token, err := oauth2Config.Exchange(ctx, code)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
}
|
||||
|
||||
// Extract the ID Token from OAuth2 token.
|
||||
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
||||
if !ok {
|
||||
// handle missing token
|
||||
}
|
||||
fmt.Println(rawIDToken)
|
||||
// Parse and verify ID Token payload.
|
||||
idToken, err := idTokenVerifier.Verify(ctx, rawIDToken)
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
|
||||
// Extract custom claims.
|
||||
var claims struct {
|
||||
Email string `json:"email"`
|
||||
Verified bool `json:"email_verified"`
|
||||
Groups []string `json:"groups"`
|
||||
}
|
||||
if err := idToken.Claims(&claims); err != nil {
|
||||
// handle error
|
||||
}
|
||||
c.SetSession("login", claims.Email)
|
||||
c.Redirect("/user", http.StatusFound)
|
||||
}
|
||||
Reference in New Issue
Block a user