oauth2_proxy/providers/google.go

package providers

import (
	"encoding/base64"
	"encoding/json"
	"errors"
	"net/url"
	"strings"
)

type GoogleProvider struct {
	*ProviderData
}

func NewGoogleProvider(p *ProviderData) *GoogleProvider {
	p.ProviderName = "Google"
	if p.LoginUrl.String() == "" {
		p.LoginUrl = &url.URL{Scheme: "https",
			Host: "accounts.google.com",
			Path: "/o/oauth2/auth"}
	}
	if p.RedeemUrl.String() == "" {
		p.RedeemUrl = &url.URL{Scheme: "https",
			Host: "accounts.google.com",
			Path: "/o/oauth2/token"}
	}
	if p.ValidateUrl.String() == "" {
		p.ValidateUrl = &url.URL{Scheme: "https",
			Host: "www.googleapis.com",
			Path: "/oauth2/v1/tokeninfo"}
	}
	if p.Scope == "" {
		p.Scope = "profile email"
	}
	return &GoogleProvider{ProviderData: p}
}

func (s *GoogleProvider) GetEmailAddress(body []byte, access_token string) (string, error) {
	var response struct {
		IdToken string `json:"id_token"`
	}

	if err := json.Unmarshal(body, &response); err != nil {
		return "", err
	}

	// id_token is a base64 encode ID token payload
	// https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo
	jwt := strings.Split(response.IdToken, ".")
	b, err := jwtDecodeSegment(jwt[1])
	if err != nil {
		return "", err
	}

	var email struct {
		Email string `json:"email"`
	}
	err = json.Unmarshal(b, &email)
	if err != nil {
		return "", err
	}
	if email.Email == "" {
		return "", errors.New("missing email")
	}
	return email.Email, nil
}

func jwtDecodeSegment(seg string) ([]byte, error) {
	if l := len(seg) % 4; l > 0 {
		seg += strings.Repeat("=", 4-l)
	}

	return base64.URLEncoding.DecodeString(seg)
}

func (p *GoogleProvider) ValidateToken(access_token string) bool {
	return validateToken(p, access_token, nil)
}
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`package providers`

			`import (`
			`"encoding/base64"`
Github provider 2015-05-21 03:23:48 +00:00			`"encoding/json"`
			`"errors"`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`"net/url"`
			`"strings"`
			`)`

			`type GoogleProvider struct {`
			`*ProviderData`
			`}`

			`func NewGoogleProvider(p ProviderData) GoogleProvider {`
Add ProviderName field; use in sign_in template 2015-03-31 16:59:07 +00:00			`p.ProviderName = "Google"`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`if p.LoginUrl.String() == "" {`
			`p.LoginUrl = &url.URL{Scheme: "https",`
			`Host: "accounts.google.com",`
			`Path: "/o/oauth2/auth"}`
			`}`
			`if p.RedeemUrl.String() == "" {`
			`p.RedeemUrl = &url.URL{Scheme: "https",`
			`Host: "accounts.google.com",`
			`Path: "/o/oauth2/token"}`
			`}`
Introduce `validate-url` flag/config 2015-05-08 21:13:35 +00:00			`if p.ValidateUrl.String() == "" {`
			`p.ValidateUrl = &url.URL{Scheme: "https",`
			`Host: "www.googleapis.com",`
			`Path: "/oauth2/v1/tokeninfo"}`
			`}`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`if p.Scope == "" {`
			`p.Scope = "profile email"`
			`}`
			`return &GoogleProvider{ProviderData: p}`
			`}`

Github provider 2015-05-21 03:23:48 +00:00			`func (s *GoogleProvider) GetEmailAddress(body []byte, access_token string) (string, error) {`
			`var response struct {`
			IdToken string `json:"id_token"`
			`}`

			`if err := json.Unmarshal(body, &response); err != nil {`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`return "", err`
			`}`
Github provider 2015-05-21 03:23:48 +00:00
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`// id_token is a base64 encode ID token payload`
			`// https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo`
Github provider 2015-05-21 03:23:48 +00:00			`jwt := strings.Split(response.IdToken, ".")`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`b, err := jwtDecodeSegment(jwt[1])`
			`if err != nil {`
			`return "", err`
			`}`
Github provider 2015-05-21 03:23:48 +00:00
			`var email struct {`
			Email string `json:"email"`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`}`
Github provider 2015-05-21 03:23:48 +00:00			`err = json.Unmarshal(b, &email)`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`if err != nil {`
			`return "", err`
			`}`
Github provider 2015-05-21 03:23:48 +00:00			`if email.Email == "" {`
			`return "", errors.New("missing email")`
			`}`
			`return email.Email, nil`
Create providers package with Google default 2015-03-30 19:30:27 +00:00			`}`

			`func jwtDecodeSegment(seg string) ([]byte, error) {`
			`if l := len(seg) % 4; l > 0 {`
			`seg += strings.Repeat("=", 4-l)`
			`}`

			`return base64.URLEncoding.DecodeString(seg)`
			`}`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00
			`func (p *GoogleProvider) ValidateToken(access_token string) bool {`
			`return validateToken(p, access_token, nil)`
			`}`