forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
gitlab_mux.go
40 lines (32 loc) · 1.33 KB
/
gitlab_mux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package gitlab
import (
"net/http"
"net/url"
"strings"
"github.com/openshift/origin/pkg/oauthserver/oauth/external"
"github.com/golang/glog"
)
// The hosted version of GitLab is guaranteed to be using the latest stable version
// meaning that we can count on it having OIDC support (and no sub claim bug)
const gitlabHostedDomain = "gitlab.com"
func NewProvider(providerName, URL, clientID, clientSecret string, transport http.RoundTripper, legacy *bool) (external.Provider, error) {
if isLegacy(legacy, URL) {
glog.Infof("Using legacy OAuth2 for GitLab identity provider %s url=%s clientID=%s", providerName, URL, clientID)
return NewOAuthProvider(providerName, URL, clientID, clientSecret, transport)
}
glog.Infof("Using OIDC for GitLab identity provider %s url=%s clientID=%s", providerName, URL, clientID)
return NewOIDCProvider(providerName, URL, clientID, clientSecret, transport)
}
func isLegacy(legacy *bool, URL string) bool {
// if a value is specified, honor it
if legacy != nil {
return *legacy
}
// use OIDC if we know it will work since the hosted version is being used
// validation handles URL parsing errors so we can ignore them here
if u, err := url.Parse(URL); err == nil && strings.EqualFold(u.Hostname(), gitlabHostedDomain) {
return false
}
// otherwise use OAuth2 (to be safe for now)
return true
}