bit more progress

2025-12-18 12:33:01 -06:00 · 2021-07-21 19:00:45 +02:00 · 2021-07-21 19:00:45 +02:00 · 8e0d32d3e1
commit 8e0d32d3e1
parent 40917c2cd9
9 changed files with 241 additions and 80 deletions
--- a/internal/api/client/auth/auth.go
+++ b/internal/api/client/auth/auth.go
@ -38,7 +38,10 @@ const (
 	// OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user)
 	OauthAuthorizePath = "/oauth/authorize"
 	// CallbackPath is the API path for receiving callback tokens from external OIDC providers
-	CallbackPath = "/auth/callback"
+	CallbackPath = oidc.CallbackPath
+
+	callbackStateParam = "state"
+	callbackCodeParam  = "code"

 	sessionUserID       = "userid"
 	sessionClientID     = "client_id"
@ -89,6 +92,8 @@ func (m *Module) Route(s router.Router) error {
 	s.AttachHandler(http.MethodGet, OauthAuthorizePath, m.AuthorizeGETHandler)
 	s.AttachHandler(http.MethodPost, OauthAuthorizePath, m.AuthorizePOSTHandler)

+	s.AttachHandler(http.MethodGet, CallbackPath, m.CallbackGETHandler)
+
 	s.AttachMiddleware(m.OauthTokenMiddleware)
 	return nil
 }
--- a/internal/api/client/auth/callback.go
+++ b/internal/api/client/auth/callback.go
@ -18,4 +18,22 @@

 package auth

+import (
+	"net/http"

+	"github.com/gin-gonic/gin"
+)
+
+// CallbackGETHandler parses a token from an external auth provider.
+func (m *Module) CallbackGETHandler(c *gin.Context) {
+	state := c.Query(callbackStateParam)
+	code := c.Query(callbackCodeParam)
+
+	claims, err := m.idp.HandleCallback(c.Request.Context(), state, code)
+	if err != nil {
+		c.String(http.StatusForbidden, err.Error())
+		return
+	}
+
+	c.JSON(http.StatusOK, claims)
+}
--- a/internal/api/client/auth/signin.go
+++ b/internal/api/client/auth/signin.go
@ -39,7 +39,13 @@ type login struct {
 // The idea is to present a sign in page to the user, where they can enter their username and password.
 // The form will then POST to the sign in page, which will be handled by SignInPOSTHandler
 func (m *Module) SignInGETHandler(c *gin.Context) {
-	m.log.WithField("func", "SignInGETHandler").Trace("serving sign in html")
+	l := m.log.WithField("func", "SignInGETHandler")
+	l.Trace("entering sign in handler")
+	if m.idp != nil && m.config.OIDCConfig.Issuer != "" {
+		l.Debug("redirecting to external idp at %s", m.config.OIDCConfig.Issuer)
+		c.Redirect(http.StatusFound, m.config.OIDCConfig.Issuer)
+		return
+	}
 	c.HTML(http.StatusOK, "sign-in.tmpl", gin.H{})
 }