oauth2_proxy/providers/google.go

73 lines
1.6 KiB
Go
Raw Normal View History

package providers
import (
"encoding/base64"
"net/url"
"strings"
"github.com/bitly/go-simplejson"
)
type GoogleProvider struct {
*ProviderData
}
func NewGoogleProvider(p *ProviderData) *GoogleProvider {
p.ProviderName = "Google"
if p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{Scheme: "https",
Host: "accounts.google.com",
Path: "/o/oauth2/auth"}
}
if p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{Scheme: "https",
Host: "accounts.google.com",
Path: "/o/oauth2/token"}
}
2015-05-08 21:13:35 +00:00
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{Scheme: "https",
Host: "www.googleapis.com",
Path: "/oauth2/v1/tokeninfo"}
}
if p.Scope == "" {
p.Scope = "profile email"
}
return &GoogleProvider{ProviderData: p}
}
func (s *GoogleProvider) GetEmailAddress(auth_response *simplejson.Json,
unused_access_token string) (string, error) {
idToken, err := auth_response.Get("id_token").String()
if err != nil {
return "", err
}
// id_token is a base64 encode ID token payload
// https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo
jwt := strings.Split(idToken, ".")
b, err := jwtDecodeSegment(jwt[1])
if err != nil {
return "", err
}
data, err := simplejson.NewJson(b)
if err != nil {
return "", err
}
email, err := data.Get("email").String()
if err != nil {
return "", err
}
return email, nil
}
func jwtDecodeSegment(seg string) ([]byte, error) {
if l := len(seg) % 4; l > 0 {
seg += strings.Repeat("=", 4-l)
}
return base64.URLEncoding.DecodeString(seg)
}
2015-05-13 01:48:13 +00:00
func (p *GoogleProvider) ValidateToken(access_token string) bool {
return validateToken(p, access_token, nil)
}