add initial auth0 module

auth/auth0/authenticator/authenticator.go

@@ -0,0 +1,84 @@
+package authenticator
+
+import (
+	"context"
+	"os"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"golang.org/x/oauth2"
+)
+
+// Config defines required configuration values for Auth0.
+//
+// * Values are read from the environment.
+// They cannot be overridden or set from code.
+type Config struct {
+	Domain       string
+	ClientID     string
+	ClientSecret string
+	RedirectURI  string
+}
+
+type Authenticator struct {
+	*oidc.Provider
+	oauth2.Config
+	LogoutURL string
+}
+
+func New() (*Authenticator, error) {
+	cfg := Config{
+		Domain:       os.Getenv("AUTH0_DOMAIN"),
+		ClientID:     os.Getenv("AUTH0_CLIENT_ID"),
+		ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"),
+		RedirectURI:  os.Getenv("AUTH0_REDIRECT_URI"),
+	}
+
+	if cfg.Domain == "" {
+		return nil, ErrEmptyDomain
+	}
+
+	if cfg.ClientID == "" {
+		return nil, ErrEmptyClientID
+	}
+
+	if cfg.ClientSecret == "" {
+		return nil, ErrEmptyClientSecret
+	}
+
+	if cfg.RedirectURI == "" {
+		return nil, ErrEmptyRedirectURI
+	}
+
+	provider, err := oidc.NewProvider(
+		context.Background(),
+		"https://"+cfg.Domain+"/",
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Authenticator{
+		Provider: provider,
+		Config: oauth2.Config{
+			ClientID:     cfg.ClientID,
+			ClientSecret: cfg.ClientSecret,
+			RedirectURL:  cfg.RedirectURI,
+			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+			Endpoint:     provider.Endpoint(),
+		},
+		LogoutURL: "https://" + cfg.Domain + "/v2/logout",
+	}, nil
+}
+
+func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) {
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return nil, ErrNoIDToken
+	}
+
+	oidcConfig := &oidc.Config{
+		ClientID: a.ClientID,
+	}
+
+	return a.Verifier(oidcConfig).Verify(ctx, rawIDToken)
+}