oauth2_proxy/providers/providers.go

package providers

import (
	"github.com/pusher/oauth2_proxy/cookie"
	"github.com/pusher/oauth2_proxy/pkg/apis/sessions"
)

// Provider represents an upstream identity provider implementation
type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*sessions.SessionState) (string, error)
	GetUserName(*sessions.SessionState) (string, error)
	Redeem(string, string) (*sessions.SessionState, error)
	ValidateGroup(string) bool
	ValidateSessionState(*sessions.SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*sessions.SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*sessions.SessionState, error)
	CookieForSession(*sessions.SessionState, *cookie.Cipher) (string, error)
}

// New provides a new Provider based on the configured provider string
func New(provider string, p *ProviderData) Provider {
	switch provider {
	case "linkedin":
		return NewLinkedInProvider(p)
	case "facebook":
		return NewFacebookProvider(p)
	case "github":
		return NewGitHubProvider(p)
	case "azure":
		return NewAzureProvider(p)
	case "gitlab":
		return NewGitLabProvider(p)
	case "oidc":
		return NewOIDCProvider(p)
	case "login.gov":
		return NewLoginGovProvider(p)
	default:
		return NewGoogleProvider(p)
	}
}
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`package providers`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`import (`
Move imports from bitly to pusher 2018-11-27 11:45:05 +00:00			`"github.com/pusher/oauth2_proxy/cookie"`
Move SessionState to its own package 2019-05-05 12:33:13 +00:00			`"github.com/pusher/oauth2_proxy/pkg/apis/sessions"`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`)`

Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00			`// Provider represents an upstream identity provider implementation`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`type Provider interface {`
			`Data() *ProviderData`
Move SessionState to its own package 2019-05-05 12:33:13 +00:00			`GetEmailAddress(*sessions.SessionState) (string, error)`
			`GetUserName(*sessions.SessionState) (string, error)`
			`Redeem(string, string) (*sessions.SessionState, error)`
google: Support restricting access to a specific group(s) 2015-08-20 10:07:02 +00:00			`ValidateGroup(string) bool`
Move SessionState to its own package 2019-05-05 12:33:13 +00:00			`ValidateSessionState(*sessions.SessionState) bool`
More complete HTTP error logging 2015-06-06 18:15:43 +00:00			`GetLoginURL(redirectURI, finalRedirect string) string`
Move SessionState to its own package 2019-05-05 12:33:13 +00:00			`RefreshSessionIfNeeded(*sessions.SessionState) (bool, error)`
			`SessionFromCookie(string, cookie.Cipher) (sessions.SessionState, error)`
			`CookieForSession(sessions.SessionState, cookie.Cipher) (string, error)`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`}`

Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00			`// New provides a new Provider based on the configured provider string`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`func New(provider string, p *ProviderData) Provider {`
			`switch provider {`
LinkedIn OAuth support. 2015-04-17 22:33:17 +00:00			`case "linkedin":`
			`return NewLinkedInProvider(p)`
Facebook Authentication Provider * will not re-prompt if the email permission is denied, or if you previously authorized the same FB app without the email scope. 2016-06-23 12:29:44 +00:00			`case "facebook":`
			`return NewFacebookProvider(p)`
Github provider 2015-05-21 03:23:48 +00:00			`case "github":`
			`return NewGitHubProvider(p)`
Add Azure Provider 2015-11-09 08:28:34 +00:00			`case "azure":`
			`return NewAzureProvider(p)`
Add GitLab provider 2016-02-17 12:19:52 +00:00			`case "gitlab":`
			`return NewGitLabProvider(p)`
: add an OpenID Connect provider See the README for usage with Dex or any other OIDC provider. To test run a backend: python3 -m http.server Run dex and modify the example config with the proxy callback: go get github.com/coreos/dex/cmd/dex cd $GOPATH/src/github.com/coreos/dex sed -i.bak \ 's\|http://127.0.0.1:5555/callback\|http://127.0.0.1:5555/oauth2/callback\|g' \ examples/config-dev.yaml make ./bin/dex serve examples/config-dev.yaml Then run the oauth2_proxy oauth2_proxy \ --oidc-issuer-url http://127.0.0.1:5556/dex \ --upstream http://localhost:8000 \ --client-id example-app \ --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \ --cookie-secret foo \ --email-domain '' \ --http-address http://127.0.0.1:5555 \ --redirect-url http://127.0.0.1:5555/oauth2/callback \ --cookie-secure=false Login with the username/password "admin@example.com:password" 2017-05-09 18:20:35 +00:00			`case "oidc":`
			`return NewOIDCProvider(p)`
add login.gov provider (#55) * first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero 2019-03-20 13:44:51 +00:00			`case "login.gov":`
			`return NewLoginGovProvider(p)`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`default:`
			`return NewGoogleProvider(p)`
			`}`
			`}`