traefik-forward-auth/internal/provider/providers.go

package provider

import (
	"context"
	// "net/url"

	"golang.org/x/oauth2"
	"github.com/sirupsen/logrus"
)

// Providers contains all the implemented providers
type Providers struct {
	Google       Google       `group:"Google Provider" namespace:"google" env-namespace:"GOOGLE"`
	OIDC         OIDC         `group:"OIDC Provider" namespace:"oidc" env-namespace:"OIDC"`
	GenericOAuth GenericOAuth `group:"Generic OAuth2 Provider" namespace:"generic-oauth" env-namespace:"GENERIC_OAUTH"`
}

// Provider is used to authenticate users
type Provider interface {
	Name() string
	GetLoginURL(redirectURI, state string) string
	ExchangeCode(redirectURI, code string) (string, error)
	GetUser(token string) (User, error)
	Setup(*logrus.Logger) error
}

type token struct {
	Token string `json:"access_token"`
}

// User is the authenticated user
type User struct {
	Email string `json:"email"`
}

// OAuthProvider is a provider using the oauth2 library
type OAuthProvider struct {
	Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"`

	Config *oauth2.Config
	ctx    context.Context
}

// ConfigCopy returns a copy of the oauth2 config with the given redirectURI
// which ensures the underlying config is not modified
func (p *OAuthProvider) ConfigCopy(redirectURI string) oauth2.Config {
	config := *p.Config
	config.RedirectURL = redirectURI
	return config
}

// OAuthGetLoginURL provides a base "GetLoginURL" for proiders using OAauth2
func (p *OAuthProvider) OAuthGetLoginURL(redirectURI, state string) string {
	config := p.ConfigCopy(redirectURI)

	if p.Resource != "" {
		return config.AuthCodeURL(state, oauth2.SetAuthURLParam("resource", p.Resource))
	}

	return config.AuthCodeURL(state)
}

// OAuthExchangeCode provides a base "ExchangeCode" for proiders using OAauth2
func (p *OAuthProvider) OAuthExchangeCode(redirectURI, code string) (*oauth2.Token, error) {
	config := p.ConfigCopy(redirectURI)
	return config.Exchange(p.ctx, code)
}
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			`package provider`

Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`import (`
			`"context"`
			`// "net/url"`

			`"golang.org/x/oauth2"`
debugging for analyzing token 2023-11-06 18:15:03 +01:00			`"github.com/sirupsen/logrus"`
Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`)`

			`// Providers contains all the implemented providers`
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			`type Providers struct {`
Add Generic OAuth Provider (#138) 2020-06-29 21:04:42 +01:00			Google Google `group:"Google Provider" namespace:"google" env-namespace:"GOOGLE"`
			OIDC OIDC `group:"OIDC Provider" namespace:"oidc" env-namespace:"OIDC"`
			GenericOAuth GenericOAuth `group:"Generic OAuth2 Provider" namespace:"generic-oauth" env-namespace:"GENERIC_OAUTH"`
Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`}`

			`// Provider is used to authenticate users`
			`type Provider interface {`
			`Name() string`
			`GetLoginURL(redirectURI, state string) string`
			`ExchangeCode(redirectURI, code string) (string, error)`
			`GetUser(token string) (User, error)`
debugging for analyzing token 2023-11-06 18:15:03 +01:00			`Setup(*logrus.Logger) error`
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			`}`

Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`type token struct {`
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			Token string `json:"access_token"`
			`}`

Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`// User is the authenticated user`
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			`type User struct {`
Remove unused user fields (#141) These aren't actually used anywhere and can result in a parse error if the ID field isn't a string 2020-06-29 21:01:59 +01:00			Email string `json:"email"`
Begin refactor + selective auth 2019-01-30 16:52:47 +00:00			`}`
Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00
			`// OAuthProvider is a provider using the oauth2 library`
			`type OAuthProvider struct {`
Add support for resource indicator to OIDC provider (#131) 2020-06-11 12:24:51 +01:00			Resource string `long:"resource" env:"RESOURCE" description:"Optional resource indicator"`

Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`Config *oauth2.Config`
			`ctx context.Context`
			`}`

			`// ConfigCopy returns a copy of the oauth2 config with the given redirectURI`
			`// which ensures the underlying config is not modified`
			`func (p *OAuthProvider) ConfigCopy(redirectURI string) oauth2.Config {`
			`config := *p.Config`
			`config.RedirectURL = redirectURI`
			`return config`
			`}`

			`// OAuthGetLoginURL provides a base "GetLoginURL" for proiders using OAauth2`
			`func (p *OAuthProvider) OAuthGetLoginURL(redirectURI, state string) string {`
			`config := p.ConfigCopy(redirectURI)`
Add support for resource indicator to OIDC provider (#131) 2020-06-11 12:24:51 +01:00
			`if p.Resource != "" {`
			`return config.AuthCodeURL(state, oauth2.SetAuthURLParam("resource", p.Resource))`
			`}`

Multiple provider support + OIDC provider 2019-09-18 17:55:52 +01:00			`return config.AuthCodeURL(state)`
			`}`

			`// OAuthExchangeCode provides a base "ExchangeCode" for proiders using OAauth2`
			`func (p OAuthProvider) OAuthExchangeCode(redirectURI, code string) (oauth2.Token, error) {`
			`config := p.ConfigCopy(redirectURI)`
			`return config.Exchange(p.ctx, code)`
			`}`