mirror of
https://github.com/typeable/oauth2-proxy.git
synced 2024-10-03 23:28:20 +03:00
initial version of atlassian-cloud provider
This commit is contained in:
parent
c5a98c6d03
commit
e4c0388f0d
94
providers/atlassian-cloud.go
Normal file
94
providers/atlassian-cloud.go
Normal file
@ -0,0 +1,94 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/url"
|
||||
"errors"
|
||||
|
||||
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
|
||||
)
|
||||
|
||||
// AtlassianProvider represents an Atlassian based Identity Provider
|
||||
type AtlassianProvider struct {
|
||||
*ProviderData
|
||||
}
|
||||
|
||||
var _ Provider = (*AtlassianProvider)(nil)
|
||||
|
||||
const (
|
||||
atlassianProviderName = "Atlassian"
|
||||
atlassianDefaultScope = "read:me"
|
||||
atlassianPrompt = "consent"
|
||||
atlassianAudience = "api.atlassian.com"
|
||||
)
|
||||
|
||||
var (
|
||||
// Default Login URL for Atlassian.
|
||||
// Pre-parsed URL of https://atlassian.org/site/oauth2/authorize.
|
||||
atlassianDefaultLoginURL = &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "auth.atlassian.com",
|
||||
Path: "/authorize",
|
||||
}
|
||||
|
||||
// Default Redeem URL for Atlassian.
|
||||
// Pre-parsed URL of https://atlassian.org/site/oauth2/access_token.
|
||||
atlassianDefaultRedeemURL = &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "auth.atlassian.com",
|
||||
Path: "/oauth/token",
|
||||
}
|
||||
|
||||
// Default Validation URL for Atlassian.
|
||||
// This simply returns the email of the authenticated user.
|
||||
// Atlassian does not have a Profile URL to use.
|
||||
// Pre-parsed URL of https://api.atlassian.org/2.0/user/emails.
|
||||
atlassianDefaultValidateURL = &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "api.atlassian.com",
|
||||
Path: "/me",
|
||||
}
|
||||
)
|
||||
|
||||
// NewAtlassianProvider initiates a new AtlassianProvider
|
||||
func NewAtlassianProvider(p *ProviderData) *AtlassianProvider {
|
||||
p.setProviderDefaults(providerDefaults{
|
||||
name: atlassianProviderName,
|
||||
loginURL: atlassianDefaultLoginURL,
|
||||
redeemURL: atlassianDefaultRedeemURL,
|
||||
profileURL: nil,
|
||||
validateURL: atlassianDefaultValidateURL,
|
||||
scope: atlassianDefaultScope,
|
||||
})
|
||||
p.Prompt = atlassianPrompt
|
||||
return &AtlassianProvider{ProviderData: p}
|
||||
}
|
||||
func (p *AtlassianProvider) GetLoginURL(redirectURI, state, _ string) string {
|
||||
extraParams := url.Values{}
|
||||
extraParams.Add("audience", atlassianAudience)
|
||||
loginURL := makeLoginURL(p.ProviderData, redirectURI, state, extraParams)
|
||||
return loginURL.String()
|
||||
}
|
||||
func (p *AtlassianProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
|
||||
return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
|
||||
}
|
||||
func (p *AtlassianProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
|
||||
type me_email struct {
|
||||
Email string `json:"email"`
|
||||
}
|
||||
var email me_email
|
||||
err := requests.New(atlassianDefaultValidateURL.String()).
|
||||
WithContext(ctx).
|
||||
WithHeaders(makeOIDCHeader(s.AccessToken)).
|
||||
Do().
|
||||
UnmarshalInto(&email)
|
||||
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if email.Email == "" {
|
||||
return "", errors.New("No email in respose")
|
||||
}
|
||||
return email.Email, nil
|
||||
}
|
@ -51,6 +51,8 @@ func New(provider string, p *ProviderData) Provider {
|
||||
return NewDigitalOceanProvider(p)
|
||||
case "google":
|
||||
return NewGoogleProvider(p)
|
||||
case "atlassian":
|
||||
return NewAtlassianProvider(p)
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user