forked from canonical/candid
/
google.go
84 lines (72 loc) · 2.42 KB
/
google.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// Copyright 2017 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
// Package google is an identity provider that authenticates with google.
package google
import (
oidc "github.com/coreos/go-oidc"
"gopkg.in/errgo.v1"
"github.com/kian99/candid/idp"
"github.com/kian99/candid/idp/openid"
)
func init() {
idp.Register("google", func(unmarshal func(interface{}) error) (idp.IdentityProvider, error) {
var p Params
if err := unmarshal(&p); err != nil {
return nil, errgo.Notef(err, "cannot unmarshal google parameters")
}
if p.ClientID == "" {
return nil, errgo.Newf("client-id not specified")
}
if p.ClientSecret == "" {
return nil, errgo.Newf("client-secret not specified")
}
return NewIdentityProvider(p), nil
})
}
type Params struct {
// Name is the name that will be given to the identity provider.
Name string `yaml:"name"`
// Description is the description that will be used with the
// identity provider. If this is not set then Name will be used.
Description string `yaml:"description"`
// Icon contains the URL or path of an icon.
Icon string `yaml:"icon"`
// Domain is the domain with which all identities created by this
// identity provider will be tagged (not including the @ separator).
Domain string `yaml:"domain"`
// ClientID contains the Application Id for the application
// registered at
// https://console.developers.google.com/apis/credentials.
ClientID string `yaml:"client-id"`
// ClientSecret contains a password type Application Secret for
// the application as generated on
// https://console.developers.google.com/apis/credentials.
ClientSecret string `yaml:"client-secret"`
// Hidden is set if the IDP should be hidden from interactive
// prompts.
Hidden bool `yaml:"hidden"`
}
// NewIdentityProvider creates a google identity provider with the
// configuration defined by p.
func NewIdentityProvider(p Params) idp.IdentityProvider {
if p.Name == "" {
p.Name = "google"
}
if p.Domain == "" {
p.Domain = "google"
}
if p.Icon == "" {
p.Icon = "/static/images/icons/google.svg"
}
return openid.NewOpenIDConnectIdentityProvider(openid.OpenIDConnectParams{
Name: p.Name,
Issuer: "https://accounts.google.com",
Domain: p.Domain,
Description: p.Description,
Icon: p.Icon,
Scopes: []string{oidc.ScopeOpenID, "email"},
ClientID: p.ClientID,
ClientSecret: p.ClientSecret,
Hidden: p.Hidden,
})
}