Add support for OneLogin

Versent · Jul 18, 2018 · 242063f · 242063f
1 parent fb426de
commit 242063f
Show file tree

Hide file tree

Showing 14 changed files with 602 additions and 24 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/cmd/saml2aws/commands/configure.go b/cmd/saml2aws/commands/configure.go
@@ -3,15 +3,20 @@ package commands
 import (
 	"fmt"
 	"os"
+	"path"
 
 	"github.com/pkg/errors"
 	"github.com/versent/saml2aws"
 	"github.com/versent/saml2aws/helper/credentials"
 	"github.com/versent/saml2aws/pkg/cfg"
 	"github.com/versent/saml2aws/pkg/flags"
 	"github.com/versent/saml2aws/pkg/prompter"
+	"github.com/versent/saml2aws/pkg/provider/onelogin"
 )
 
+// OneLoginOAuthPath is the path used to generate OAuth token in order to access OneLogin's API.
+const OneLoginOAuthPath = "/auth/oauth2/v2/token"
+
 // Configure configure account profiles
 func Configure(configFlags *flags.CommonFlags) error {
 
@@ -78,5 +83,14 @@ func storeCredentials(configFlags *flags.CommonFlags, account *cfg.IDPAccount) e
 			fmt.Println("No password supplied")
 		}
 	}
+	if account.Provider == onelogin.ProviderName {
+		if configFlags.ClientID == "" || configFlags.ClientSecret == "" {
+			fmt.Println("OneLogin provider requires --client_id and --client_secret flags to be set.")
+			os.Exit(1)
+		}
+		if err := credentials.SaveCredentials(path.Join(account.URL, OneLoginOAuthPath), configFlags.ClientID, configFlags.ClientSecret); err != nil {
+			return errors.Wrap(err, "error storing client_id and client_secret in keychain")
+		}
+	}
 	return nil
 }
diff --git a/cmd/saml2aws/commands/login.go b/cmd/saml2aws/commands/login.go
@@ -128,7 +128,7 @@ func resolveLoginDetails(account *cfg.IDPAccount, loginFlags *flags.LoginExecFla
 
 	fmt.Printf("Using IDP Account %s to access %s %s\n", loginFlags.CommonFlags.IdpAccount, account.Provider, account.URL)
 
-	err := credentials.LookupCredentials(loginDetails)
+	err := credentials.LookupCredentials(loginDetails, account.Provider)
 	if err != nil {
 		if !credentials.IsErrCredentialsNotFound(err) {
 			return nil, errors.Wrap(err, "error loading saved password")
@@ -154,7 +154,7 @@ func resolveLoginDetails(account *cfg.IDPAccount, loginFlags *flags.LoginExecFla
 		return loginDetails, nil
 	}
 
-	err = saml2aws.PromptForLoginDetails(loginDetails)
+	err = saml2aws.PromptForLoginDetails(loginDetails, account.Provider)
 	if err != nil {
 		return nil, errors.Wrap(err, "Error occurred accepting input")
 	}