mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 11:34:26 +00:00
598a4d2d4b
add basic structure and implement first providers for IDP templates to be able to manage and use them in the future
113 lines
3.0 KiB
Go
113 lines
3.0 KiB
Go
package oauth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/oidc/v2/pkg/client/rp"
|
|
"golang.org/x/oauth2"
|
|
|
|
"github.com/zitadel/zitadel/internal/idp"
|
|
)
|
|
|
|
var _ idp.Provider = (*Provider)(nil)
|
|
|
|
// Provider is the [idp.Provider] implementation for a generic OAuth 2.0 provider
|
|
type Provider struct {
|
|
rp.RelyingParty
|
|
options []rp.Option
|
|
name string
|
|
userEndpoint string
|
|
userMapper func() idp.User
|
|
isLinkingAllowed bool
|
|
isCreationAllowed bool
|
|
isAutoCreation bool
|
|
isAutoUpdate bool
|
|
}
|
|
|
|
type ProviderOpts func(provider *Provider)
|
|
|
|
// WithLinkingAllowed allows end users to link the federated user to an existing one.
|
|
func WithLinkingAllowed() ProviderOpts {
|
|
return func(p *Provider) {
|
|
p.isLinkingAllowed = true
|
|
}
|
|
}
|
|
|
|
// WithCreationAllowed allows end users to create a new user using the federated information.
|
|
func WithCreationAllowed() ProviderOpts {
|
|
return func(p *Provider) {
|
|
p.isCreationAllowed = true
|
|
}
|
|
}
|
|
|
|
// WithAutoCreation enables that federated users are automatically created if not already existing.
|
|
func WithAutoCreation() ProviderOpts {
|
|
return func(p *Provider) {
|
|
p.isAutoCreation = true
|
|
}
|
|
}
|
|
|
|
// WithAutoUpdate enables that information retrieved from the provider is automatically used to update
|
|
// the existing user on each authentication.
|
|
func WithAutoUpdate() ProviderOpts {
|
|
return func(p *Provider) {
|
|
p.isAutoUpdate = true
|
|
}
|
|
}
|
|
|
|
// WithRelyingPartyOption allows to set an additional [rp.Option] like [rp.WithPKCE].
|
|
func WithRelyingPartyOption(option rp.Option) ProviderOpts {
|
|
return func(p *Provider) {
|
|
p.options = append(p.options, option)
|
|
}
|
|
}
|
|
|
|
// New creates a generic OAuth 2.0 provider
|
|
func New(config *oauth2.Config, name, userEndpoint string, userMapper func() idp.User, options ...ProviderOpts) (provider *Provider, err error) {
|
|
provider = &Provider{
|
|
name: name,
|
|
userEndpoint: userEndpoint,
|
|
userMapper: userMapper,
|
|
}
|
|
for _, option := range options {
|
|
option(provider)
|
|
}
|
|
provider.RelyingParty, err = rp.NewRelyingPartyOAuth(config, provider.options...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return provider, nil
|
|
}
|
|
|
|
// Name implements the [idp.Provider] interface
|
|
func (p *Provider) Name() string {
|
|
return p.name
|
|
}
|
|
|
|
// BeginAuth implements the [idp.Provider] interface.
|
|
// It will create a [Session] with an OAuth2.0 authorization request as AuthURL.
|
|
func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...any) (idp.Session, error) {
|
|
url := rp.AuthURL(state, p.RelyingParty)
|
|
return &Session{AuthURL: url, Provider: p}, nil
|
|
}
|
|
|
|
// IsLinkingAllowed implements the [idp.Provider] interface.
|
|
func (p *Provider) IsLinkingAllowed() bool {
|
|
return p.isLinkingAllowed
|
|
}
|
|
|
|
// IsCreationAllowed implements the [idp.Provider] interface.
|
|
func (p *Provider) IsCreationAllowed() bool {
|
|
return p.isCreationAllowed
|
|
}
|
|
|
|
// IsAutoCreation implements the [idp.Provider] interface.
|
|
func (p *Provider) IsAutoCreation() bool {
|
|
return p.isAutoCreation
|
|
}
|
|
|
|
// IsAutoUpdate implements the [idp.Provider] interface.
|
|
func (p *Provider) IsAutoUpdate() bool {
|
|
return p.isAutoUpdate
|
|
}
|