further oidc

2025-12-19 12:13:01 -06:00 · 2021-07-22 11:52:17 +02:00 · 2021-07-22 11:52:17 +02:00 · 81206d93f3
commit 81206d93f3
parent 8e0d32d3e1
14 changed files with 227 additions and 70 deletions
--- a/internal/oidc/claims.go
+++ b/internal/oidc/claims.go
@ -20,6 +20,8 @@ package oidc

 // Claims represents claims as found in an id_token returned from an OIDC flow.
 type Claims struct {
-	Email  string   `json:"email"`
-	Groups []string `json:"groups"`
+	Email         string   `json:"email"`
+	EmailVerified bool     `json:"email_verified"`
+	Groups        []string `json:"groups"`
+	Name          string   `json:"name"`
 }
--- a/internal/oidc/handlecallback.go
+++ b/internal/oidc/handlecallback.go
@ -24,13 +24,8 @@ import (
 	"fmt"
 )

-func (i *idp) HandleCallback(ctx context.Context, state string, code string) (*Claims, error) {
+func (i *idp) HandleCallback(ctx context.Context, code string) (*Claims, error) {
 	l := i.log.WithField("func", "HandleCallback")
-
-	if state == "" {
-		return nil, errors.New("state was empty string")
-	}
-
 	if code == "" {
 		return nil, errors.New("code was empty string")
 	}
@ -48,7 +43,7 @@ func (i *idp) HandleCallback(ctx context.Context, state string, code string) (*C
 	if !ok {
 		return nil, errors.New("no id_token in oauth2token")
 	}
-	l.Debug("raw id token: %s", rawIDToken)
+	l.Debugf("raw id token: %s", rawIDToken)

 	// Parse and verify ID Token payload.
 	l.Debug("verifying id_token")
@ -66,3 +61,7 @@ func (i *idp) HandleCallback(ctx context.Context, state string, code string) (*C

 	return claims, nil
 }
+
+func (i *idp) AuthCodeURL(state string) string {
+	return i.oauth2Config.AuthCodeURL(state)
+}
--- a/internal/oidc/idp.go
+++ b/internal/oidc/idp.go
@ -31,13 +31,11 @@ import (
 const (
 	// CallbackPath is the API path for receiving callback tokens from external OIDC providers
 	CallbackPath = "/auth/callback"
-	profileScope = "profile"
-	emailScope   = "email"
-	groupsScope  = "groups"
 )

 type IDP interface {
-	HandleCallback(ctx context.Context, state string, code string) (*Claims, error)
+	HandleCallback(ctx context.Context, code string) (*Claims, error)
+	AuthCodeURL(state string) string
 }

 type idp struct {
@ -55,9 +53,6 @@ func NewIDP(config *config.Config, log *logrus.Logger) (IDP, error) {
 	}

 	// validate config fields
-	if config.OIDCConfig.IDPID == "" {
-		return nil, fmt.Errorf("not set: IDPID")
-	}
 	if config.OIDCConfig.IDPName == "" {
 		return nil, fmt.Errorf("not set: IDPName")
 	}