Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b457c74d49 | |||
| 9278ddf029 | |||
| ec095a3955 |
@@ -2,6 +2,7 @@ package auth0
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/gob"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
@@ -11,6 +12,10 @@ import (
|
||||
"git.citc.tech/go/web/auth/auth0/authenticator"
|
||||
)
|
||||
|
||||
func init() {
|
||||
gob.Register(SessionUser{})
|
||||
}
|
||||
|
||||
type Logger interface {
|
||||
Debug(msg string, args ...any)
|
||||
Info(msg string, args ...any)
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
@@ -92,14 +93,39 @@ func HandleCallback(deps *deps) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
var profile map[string]any
|
||||
if err = idToken.Claims(&profile); err != nil {
|
||||
var rawClaims map[string]json.RawMessage
|
||||
if err = idToken.Claims(&rawClaims); err != nil {
|
||||
deps.log.Error("unable to decode ID token claims", "error", err)
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
deps.sessions.Put(r.Context(), "user", profile)
|
||||
var user SessionUser
|
||||
if sub, ok := rawClaims["sub"]; ok {
|
||||
json.Unmarshal(sub, &user)
|
||||
}
|
||||
if name, ok := rawClaims["name"]; ok {
|
||||
json.Unmarshal(name, &user.Name)
|
||||
}
|
||||
if email, ok := rawClaims["email"]; ok {
|
||||
json.Unmarshal(email, &user.Email)
|
||||
}
|
||||
if picture, ok := rawClaims["picture"]; ok {
|
||||
json.Unmarshal(picture, &user.Picture)
|
||||
}
|
||||
|
||||
customMap := make(map[string]json.RawMessage)
|
||||
for k, v := range rawClaims {
|
||||
if k != "sub" && k != "name" && k != "email" && k != "picture" {
|
||||
customMap[k] = v
|
||||
}
|
||||
}
|
||||
|
||||
if len(customMap) > 0 {
|
||||
user.Custom, _ = json.Marshal(customMap)
|
||||
}
|
||||
|
||||
deps.sessions.Put(r.Context(), "user", user)
|
||||
deps.sessions.Put(r.Context(), "access_token", token.AccessToken)
|
||||
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
|
||||
@@ -33,6 +33,6 @@ func authenticatedMiddleware(deps *deps, next http.Handler) http.Handler {
|
||||
})
|
||||
}
|
||||
|
||||
func CurrentUser(r *http.Request) any {
|
||||
return r.Context().Value(userContextKey{})
|
||||
func CurrentUser(r *http.Request) SessionUser {
|
||||
return r.Context().Value(userContextKey{}).(SessionUser)
|
||||
}
|
||||
|
||||
25
auth/auth0/session.go
Normal file
25
auth/auth0/session.go
Normal file
@@ -0,0 +1,25 @@
|
||||
package auth0
|
||||
|
||||
import "encoding/json"
|
||||
|
||||
type SessionUser struct {
|
||||
Sub string `json:"sub"`
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
Picture string `json:"picture"`
|
||||
|
||||
Custom json.RawMessage `json:"-"`
|
||||
}
|
||||
|
||||
func (u *SessionUser) CustomClaims() (map[string]any, error) {
|
||||
if len(u.Custom) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
var claims map[string]any
|
||||
if err := json.Unmarshal(u.Custom, &claims); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return claims, nil
|
||||
}
|
||||
Reference in New Issue
Block a user