go/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7bc4e9b846396f132c45e23df70817c89e739d59
web/auth/auth0/handlers.go

108 lines
2.7 KiB
Go
Raw Blame History

package auth0
import (
"context"
"crypto/rand"
"encoding/base64"
"net/http"
"net/url"
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
)
const StateKey = "state"
func generateRandomState() (string, error) {
b := make([]byte, 32)
_, err := rand.Read(b)
if err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(b), err
}
func HandleLogin(deps *deps) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
state, err := generateRandomState()
if err != nil {
deps.log.Error("unable to generate random state", "error", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
deps.log.Info("generated state", "state", state)
deps.sessions.Put(r.Context(), StateKey, state)
http.Redirect(w, r, deps.auth.AuthCodeURL(state), http.StatusFound)
}
}
func HandleLogout(deps *deps) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
deps.sessions.Put(r.Context(), "user", nil)
deps.sessions.Put(r.Context(), StateKey, nil)
scheme := "http"
if r.TLS != nil {
scheme = "https"
}
returnTo := scheme + "://" + r.Host
logout := deps.logoutBase.ResolveReference(&url.URL{})
q := logout.Query()
q.Add("returnTo", returnTo)
q.Add("client_id", deps.auth.ClientID)
logout.RawQuery = q.Encode()
http.Redirect(w, r, logout.String(), http.StatusFound)
}
}
type Authenticator interface {
Exchange(context.Context, string) (*oauth2.Token, error)
VerifyIDToken(context.Context, *oauth2.Token) (*oidc.IDToken, error)
}
func HandleCallback(deps *deps) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
_, ok := deps.sessions.Get(r.Context(), StateKey).(string)
if !ok {
deps.log.Error("no state found in session")
http.Error(w, "no state found in session", http.StatusInternalServerError)
return
}
deps.sessions.Put(r.Context(), StateKey, nil)
token, err := deps.auth.Exchange(r.Context(), r.URL.Query().Get("code"))
if err != nil {
deps.log.Error("unable to exchange auth code for token", "error", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
idToken, err := deps.auth.VerifyIDToken(r.Context(), token)
if err != nil {
deps.log.Error("unable to verify ID token", "error", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
var profile map[string]any
if err = idToken.Claims(&profile); err != nil {
deps.log.Error("unable to decode ID token claims", "error", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
deps.sessions.Put(r.Context(), "user", profile)
deps.sessions.Put(r.Context(), "access_token", token.AccessToken)
http.Redirect(w, r, "/", http.StatusFound)
}
}
Reference in New Issue View Git Blame Copy Permalink