-
Notifications
You must be signed in to change notification settings - Fork 0
/
google.go
48 lines (42 loc) · 1.23 KB
/
google.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package oidc
import (
"context"
"fmt"
"net/http"
"github.com/konstantinfoerster/card-service-go/internal/common"
"google.golang.org/api/idtoken"
"google.golang.org/api/option"
)
func googleProvider(client *http.Client) (*provider, error) {
validator, err := idtoken.NewValidator(context.Background(), option.WithHTTPClient(client))
if err != nil {
return nil, err
}
return &provider{
name: "google",
authURL: "https://accounts.google.com/o/oauth2/auth",
tokenURL: "https://accounts.google.com/o/oauth2/token",
revokeURL: "https://oauth2.googleapis.com/revoke",
client: client,
clientID: "",
secret: "",
scope: "openid email",
validate: func(ctx context.Context, token *JSONWebToken, clientID string) (*claims, error) {
payload, err := validator.Validate(ctx, token.IDToken, clientID)
if err != nil {
return nil, common.NewUnknownError(fmt.Errorf("id token invalid %w", err), "invalid-token")
}
email := payload.Claims["email"]
sub := payload.Claims["sub"]
c := claims{ID: sub.(string)}
if email != nil {
var ok bool
c.Email, ok = email.(string)
if !ok {
return nil, fmt.Errorf("claims.email is not a string but %T", email)
}
}
return &c, nil
},
}, nil
}