authorizer/server/oauth/oauth.go

package oauth

import (
	"context"
	"fmt"

	"github.com/coreos/go-oidc/v3/oidc"
	"golang.org/x/oauth2"
	facebookOAuth2 "golang.org/x/oauth2/facebook"
	githubOAuth2 "golang.org/x/oauth2/github"
	linkedInOAuth2 "golang.org/x/oauth2/linkedin"
	microsoftOAuth2 "golang.org/x/oauth2/microsoft"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/memorystore"
)

// OAuthProviders is a struct that contains reference all the OAuth providers
type OAuthProvider struct {
	GoogleConfig    *oauth2.Config
	GithubConfig    *oauth2.Config
	FacebookConfig  *oauth2.Config
	LinkedInConfig  *oauth2.Config
	AppleConfig     *oauth2.Config
	TwitterConfig   *oauth2.Config
	MicrosoftConfig *oauth2.Config
}

// OIDCProviders is a struct that contains reference all the OpenID providers
type OIDCProvider struct {
	GoogleOIDC    *oidc.Provider
	MicrosoftOIDC *oidc.Provider
}

var (
	// OAuthProviders is a global variable that contains instance for all enabled the OAuth providers
	OAuthProviders OAuthProvider
	// OIDCProviders is a global variable that contains instance for all enabled the OpenID providers
	OIDCProviders OIDCProvider
)

// InitOAuth initializes the OAuth providers based on EnvData
func InitOAuth() error {
	ctx := context.Background()
	googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)
	if err != nil {
		googleClientID = ""
	}
	googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)
	if err != nil {
		googleClientSecret = ""
	}
	if googleClientID != "" && googleClientSecret != "" {
		p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
		if err != nil {
			return err
		}
		OIDCProviders.GoogleOIDC = p
		OAuthProviders.GoogleConfig = &oauth2.Config{
			ClientID:     googleClientID,
			ClientSecret: googleClientSecret,
			RedirectURL:  "/oauth_callback/google",
			Endpoint:     OIDCProviders.GoogleOIDC.Endpoint(),
			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
		}
	}

	githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)
	if err != nil {
		githubClientID = ""
	}
	githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)
	if err != nil {
		githubClientSecret = ""
	}
	if githubClientID != "" && githubClientSecret != "" {
		OAuthProviders.GithubConfig = &oauth2.Config{
			ClientID:     githubClientID,
			ClientSecret: githubClientSecret,
			RedirectURL:  "/oauth_callback/github",
			Endpoint:     githubOAuth2.Endpoint,
			Scopes:       []string{"read:user", "user:email"},
		}
	}

	facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)
	if err != nil {
		facebookClientID = ""
	}
	facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)
	if err != nil {
		facebookClientSecret = ""
	}
	if facebookClientID != "" && facebookClientSecret != "" {
		OAuthProviders.FacebookConfig = &oauth2.Config{
			ClientID:     facebookClientID,
			ClientSecret: facebookClientSecret,
			RedirectURL:  "/oauth_callback/facebook",
			Endpoint:     facebookOAuth2.Endpoint,
			Scopes:       []string{"public_profile", "email"},
		}
	}

	linkedInClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)
	if err != nil {
		linkedInClientID = ""
	}
	linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)
	if err != nil {
		linkedInClientSecret = ""
	}
	if linkedInClientID != "" && linkedInClientSecret != "" {
		OAuthProviders.LinkedInConfig = &oauth2.Config{
			ClientID:     linkedInClientID,
			ClientSecret: linkedInClientSecret,
			RedirectURL:  "/oauth_callback/linkedin",
			Endpoint:     linkedInOAuth2.Endpoint,
			Scopes:       []string{"r_liteprofile", "r_emailaddress"},
		}
	}

	appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)
	if err != nil {
		appleClientID = ""
	}
	appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)
	if err != nil {
		appleClientSecret = ""
	}
	if appleClientID != "" && appleClientSecret != "" {
		OAuthProviders.AppleConfig = &oauth2.Config{
			ClientID:     appleClientID,
			ClientSecret: appleClientSecret,
			RedirectURL:  "/oauth_callback/apple",
			Endpoint: oauth2.Endpoint{
				AuthURL:  "https://appleid.apple.com/auth/authorize",
				TokenURL: "https://appleid.apple.com/auth/token",
			},
		}
	}

	twitterClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientID)
	if err != nil {
		twitterClientID = ""
	}
	twitterClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientSecret)
	if err != nil {
		twitterClientSecret = ""
	}
	if twitterClientID != "" && twitterClientSecret != "" {
		OAuthProviders.TwitterConfig = &oauth2.Config{
			ClientID:     twitterClientID,
			ClientSecret: twitterClientSecret,
			RedirectURL:  "/oauth_callback/twitter",
			Endpoint: oauth2.Endpoint{
				// Endpoint is currently not yet part of oauth2-package. See https://go-review.googlesource.com/c/oauth2/+/350889 for status
				AuthURL:   "https://twitter.com/i/oauth2/authorize",
				TokenURL:  "https://api.twitter.com/2/oauth2/token",
				AuthStyle: oauth2.AuthStyleInHeader,
			},
			Scopes: []string{"tweet.read", "users.read"},
		}
	}

	microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)
	if err != nil {
		microsoftClientID = ""
	}
	microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)
	if err != nil {
		microsoftClientSecret = ""
	}
	microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
	if err != nil {
		microsoftActiveDirTenantID = "common"
	}
	if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {
		p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
		if err != nil {
			return err
		}
		OIDCProviders.MicrosoftOIDC = p
		OAuthProviders.MicrosoftConfig = &oauth2.Config{
			ClientID:     microsoftClientID,
			ClientSecret: microsoftClientSecret,
			RedirectURL:  "/oauth_callback/microsoft",
			Endpoint:     microsoftOAuth2.AzureADEndpoint(microsoftActiveDirTenantID),
			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
		}
	}

	return nil
}
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`package oauth`

			`import (`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`"context"`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`"fmt"`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00
			`"github.com/coreos/go-oidc/v3/oidc"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`"golang.org/x/oauth2"`
feat: add facebook login Resolves #36 2021-09-04 22:27:29 +00:00			`facebookOAuth2 "golang.org/x/oauth2/facebook"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`githubOAuth2 "golang.org/x/oauth2/github"`
feat: add linkedin login 2022-06-06 16:38:32 +00:00			`linkedInOAuth2 "golang.org/x/oauth2/linkedin"`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`microsoftOAuth2 "golang.org/x/oauth2/microsoft"`
feat: add loggging to all resolvers 2022-05-24 07:12:29 +00:00
			`"github.com/authorizerdev/authorizer/server/constants"`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// OAuthProviders is a struct that contains reference all the OAuth providers`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`type OAuthProvider struct {`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`GoogleConfig *oauth2.Config`
			`GithubConfig *oauth2.Config`
			`FacebookConfig *oauth2.Config`
			`LinkedInConfig *oauth2.Config`
			`AppleConfig *oauth2.Config`
			`TwitterConfig *oauth2.Config`
			`MicrosoftConfig *oauth2.Config`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// OIDCProviders is a struct that contains reference all the OpenID providers`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`type OIDCProvider struct {`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`GoogleOIDC *oidc.Provider`
			`MicrosoftOIDC *oidc.Provider`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`}`

			`var (`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// OAuthProviders is a global variable that contains instance for all enabled the OAuth providers`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`OAuthProviders OAuthProvider`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// OIDCProviders is a global variable that contains instance for all enabled the OpenID providers`
			`OIDCProviders OIDCProvider`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// InitOAuth initializes the OAuth providers based on EnvData`
fix: report error on initialization 2022-02-26 04:36:26 +00:00			`func InitOAuth() error {`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`ctx := context.Background()`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`googleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID)`
			`if err != nil {`
			`googleClientID = ""`
			`}`
			`googleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret)`
			`if err != nil {`
			`googleClientSecret = ""`
			`}`
			`if googleClientID != "" && googleClientSecret != "" {`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`p, err := oidc.NewProvider(ctx, "https://accounts.google.com")`
			`if err != nil {`
fix: report error on initialization 2022-02-26 04:36:26 +00:00			`return err`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`}`
			`OIDCProviders.GoogleOIDC = p`
			`OAuthProviders.GoogleConfig = &oauth2.Config{`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`ClientID: googleClientID,`
			`ClientSecret: googleClientSecret,`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`RedirectURL: "/oauth_callback/google",`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`Endpoint: OIDCProviders.GoogleOIDC.Endpoint(),`
			`Scopes: []string{oidc.ScopeOpenID, "profile", "email"},`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`
			`}`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00
			`githubClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID)`
			`if err != nil {`
			`githubClientID = ""`
			`}`
			`githubClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret)`
			`if err != nil {`
			`githubClientSecret = ""`
			`}`
			`if githubClientID != "" && githubClientSecret != "" {`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`OAuthProviders.GithubConfig = &oauth2.Config{`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`ClientID: githubClientID,`
			`ClientSecret: githubClientSecret,`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`RedirectURL: "/oauth_callback/github",`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`Endpoint: githubOAuth2.Endpoint,`
fix: scope for github auth 2022-09-14 06:15:38 +00:00			`Scopes: []string{"read:user", "user:email"},`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`
			`}`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00
			`facebookClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID)`
			`if err != nil {`
			`facebookClientID = ""`
			`}`
			`facebookClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret)`
			`if err != nil {`
			`facebookClientSecret = ""`
			`}`
			`if facebookClientID != "" && facebookClientSecret != "" {`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`OAuthProviders.FacebookConfig = &oauth2.Config{`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`ClientID: facebookClientID,`
			`ClientSecret: facebookClientSecret,`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`RedirectURL: "/oauth_callback/facebook",`
feat: add facebook login Resolves #36 2021-09-04 22:27:29 +00:00			`Endpoint: facebookOAuth2.Endpoint,`
			`Scopes: []string{"public_profile", "email"},`
			`}`
			`}`
fix: report error on initialization 2022-02-26 04:36:26 +00:00
feat: add linkedin login 2022-06-06 16:38:32 +00:00			`linkedInClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientID)`
			`if err != nil {`
			`linkedInClientID = ""`
			`}`
			`linkedInClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyLinkedInClientSecret)`
			`if err != nil {`
			`linkedInClientSecret = ""`
			`}`
			`if linkedInClientID != "" && linkedInClientSecret != "" {`
			`OAuthProviders.LinkedInConfig = &oauth2.Config{`
			`ClientID: linkedInClientID,`
			`ClientSecret: linkedInClientSecret,`
			`RedirectURL: "/oauth_callback/linkedin",`
			`Endpoint: linkedInOAuth2.Endpoint,`
			`Scopes: []string{"r_liteprofile", "r_emailaddress"},`
			`}`
			`}`

feat: add base for apple login 2022-06-12 09:19:48 +00:00			`appleClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientID)`
			`if err != nil {`
			`appleClientID = ""`
			`}`
			`appleClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppleClientSecret)`
			`if err != nil {`
			`appleClientSecret = ""`
			`}`
			`if appleClientID != "" && appleClientSecret != "" {`
			`OAuthProviders.AppleConfig = &oauth2.Config{`
			`ClientID: appleClientID,`
fix: apple client secret field 2022-06-14 05:41:09 +00:00			`ClientSecret: appleClientSecret,`
feat: add base for apple login 2022-06-12 09:19:48 +00:00			`RedirectURL: "/oauth_callback/apple",`
			`Endpoint: oauth2.Endpoint{`
			`AuthURL: "https://appleid.apple.com/auth/authorize",`
			`TokenURL: "https://appleid.apple.com/auth/token",`
			`},`
			`}`
			`}`

feat: Adds login via twitter 2022-08-14 18:19:48 +00:00			`twitterClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientID)`
			`if err != nil {`
			`twitterClientID = ""`
			`}`
			`twitterClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyTwitterClientSecret)`
			`if err != nil {`
			`twitterClientSecret = ""`
			`}`
			`if twitterClientID != "" && twitterClientSecret != "" {`
			`OAuthProviders.TwitterConfig = &oauth2.Config{`
			`ClientID: twitterClientID,`
			`ClientSecret: twitterClientSecret,`
			`RedirectURL: "/oauth_callback/twitter",`
			`Endpoint: oauth2.Endpoint{`
			`// Endpoint is currently not yet part of oauth2-package. See https://go-review.googlesource.com/c/oauth2/+/350889 for status`
			`AuthURL: "https://twitter.com/i/oauth2/authorize",`
			`TokenURL: "https://api.twitter.com/2/oauth2/token",`
			`AuthStyle: oauth2.AuthStyleInHeader,`
			`},`
			`Scopes: []string{"tweet.read", "users.read"},`
			`}`
			`}`
feat: bootstrap twitter login config 2022-08-13 07:05:00 +00:00
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`microsoftClientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientID)`
			`if err != nil {`
			`microsoftClientID = ""`
			`}`
			`microsoftClientSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftClientSecret)`
			`if err != nil {`
			`microsoftClientSecret = ""`
			`}`
			`microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)`
			`if err != nil {`
fix: allow multi tenant for microsooft 2023-07-25 06:15:04 +00:00			`microsoftActiveDirTenantID = "common"`
feat: add microsoft login 2023-02-25 23:53:02 +00:00			`}`
			`if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {`
			`p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))`
			`if err != nil {`
			`return err`
			`}`
			`OIDCProviders.MicrosoftOIDC = p`
			`OAuthProviders.MicrosoftConfig = &oauth2.Config{`
			`ClientID: microsoftClientID,`
			`ClientSecret: microsoftClientSecret,`
			`RedirectURL: "/oauth_callback/microsoft",`
			`Endpoint: microsoftOAuth2.AzureADEndpoint(microsoftActiveDirTenantID),`
			`Scopes: []string{oidc.ScopeOpenID, "profile", "email"},`
			`}`
			`}`

fix: report error on initialization 2022-02-26 04:36:26 +00:00			`return nil`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`