forked from canonical/candid
/
azure.go
53 lines (46 loc) · 1.54 KB
/
azure.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Copyright 2017 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
// Package azure is an identity provider that authenticates with azure.
package azure
import (
oidc "github.com/coreos/go-oidc"
"gopkg.in/errgo.v1"
"github.com/CanonicalLtd/candid/idp"
"github.com/CanonicalLtd/candid/idp/openid"
)
func init() {
idp.Register("azure", func(unmarshal func(interface{}) error) (idp.IdentityProvider, error) {
var p Params
if err := unmarshal(&p); err != nil {
return nil, errgo.Notef(err, "cannot unmarshal azure parameters")
}
if p.ClientID == "" {
return nil, errgo.Newf("client-id not specified")
}
if p.ClientSecret == "" {
return nil, errgo.Newf("client-secret not specified")
}
return NewIdentityProvider(p), nil
})
}
type Params struct {
// ClientID contains the Application Id for the application
// registered at https://apps.dev.microsoft.com.
ClientID string `yaml:"client-id"`
// ClientSecret contains a password type Application Secret for
// the application as generated on
// https://apps.dev.microsoft.com.
ClientSecret string `yaml:"client-secret"`
}
// NewIdentityProvider creates an azure identity provider with the
// configuration defined by p.
func NewIdentityProvider(p Params) idp.IdentityProvider {
return openid.NewOpenIDConnectIdentityProvider(openid.OpenIDConnectParams{
Name: "azure",
Issuer: "https://login.live.com",
Domain: "azure",
Scopes: []string{oidc.ScopeOpenID, "profile"},
ClientID: p.ClientID,
ClientSecret: p.ClientSecret,
})
}