server/handlers/oauth_login.go

package handlers

import (
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	log "github.com/sirupsen/logrus"
	"golang.org/x/oauth2"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/oauth"
	"github.com/authorizerdev/authorizer/server/parsers"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/authorizerdev/authorizer/server/validators"
)

// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback
func OAuthLoginHandler() gin.HandlerFunc {
	return func(c *gin.Context) {
		hostname := parsers.GetHost(c)
		// deprecating redirectURL instead use redirect_uri
		redirectURI := strings.TrimSpace(c.Query("redirectURL"))
		if redirectURI == "" {
			redirectURI = strings.TrimSpace(c.Query("redirect_uri"))
		}
		roles := strings.TrimSpace(c.Query("roles"))
		state := strings.TrimSpace(c.Query("state"))
		scopeString := strings.TrimSpace(c.Query("scope"))

		if redirectURI == "" {
			log.Debug("redirect_uri is empty")
			c.JSON(400, gin.H{
				"error": "invalid redirect uri",
			})
			return
		}

		if state == "" {
			log.Debug("state is empty")
			c.JSON(400, gin.H{
				"error": "invalid state",
			})
			return
		}

		var scope []string
		if scopeString == "" {
			scope = []string{"openid", "profile", "email"}
		} else {
			scope = strings.Split(scopeString, " ")
		}

		if roles != "" {
			// validate role
			rolesSplit := strings.Split(roles, ",")

			// use protected roles verification for admin login only.
			// though if not associated with user, it will be rejected from oauth_callback
			rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
			roles := []string{}
			if err != nil {
				log.Debug("Error getting roles: ", err)
				rolesString = ""
			} else {
				roles = strings.Split(rolesString, ",")
			}

			protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
			protectedRoles := []string{}
			if err != nil {
				log.Debug("Error getting protected roles: ", err)
				protectedRolesString = ""
			} else {
				protectedRoles = strings.Split(protectedRolesString, ",")
			}

			if !validators.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) {
				log.Debug("Invalid roles: ", roles)
				c.JSON(400, gin.H{
					"error": "invalid role",
				})
				return
			}
		} else {
			defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
			if err != nil {
				log.Debug("Error getting default roles: ", err)
				c.JSON(400, gin.H{
					"error": "invalid role",
				})
				return
			}
			roles = defaultRoles

		}

		oauthStateString := state + "___" + redirectURI + "___" + roles + "___" + strings.Join(scope, " ")

		provider := c.Param("oauth_provider")
		isProviderConfigured := true
		switch provider {
		case constants.AuthRecipeMethodGoogle:
			if oauth.OAuthProviders.GoogleConfig == nil {
				log.Debug("Google OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodGoogle)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			// during the init of OAuthProvider authorizer url might be empty
			oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodGoogle
			url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodGithub:
			if oauth.OAuthProviders.GithubConfig == nil {
				log.Debug("Github OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodGithub)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodGithub
			url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodFacebook:
			if oauth.OAuthProviders.FacebookConfig == nil {
				log.Debug("Facebook OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodFacebook)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodFacebook
			url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodLinkedIn:
			if oauth.OAuthProviders.LinkedInConfig == nil {
				log.Debug("Linkedin OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodLinkedIn)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			oauth.OAuthProviders.LinkedInConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodLinkedIn
			url := oauth.OAuthProviders.LinkedInConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodTwitter:
			if oauth.OAuthProviders.TwitterConfig == nil {
				log.Debug("Twitter OAuth provider is not configured")
				isProviderConfigured = false
				break
			}

			verifier, challenge := utils.GenerateCodeChallenge()

			err := memorystore.Provider.SetState(oauthStateString, verifier)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			oauth.OAuthProviders.TwitterConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodTwitter
			url := oauth.OAuthProviders.TwitterConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("code_challenge", challenge), oauth2.SetAuthURLParam("code_challenge_method", "S256"))
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodApple:
			if oauth.OAuthProviders.AppleConfig == nil {
				log.Debug("Apple OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodApple)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodApple
			// there is scope encoding issue with oauth2 and how apple expects, hence added scope manually
			// check: https://github.com/golang/oauth2/issues/449
			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.AuthRecipeMethodMicrosoft:
			if oauth.OAuthProviders.MicrosoftConfig == nil {
				log.Debug("Microsoft OAuth provider is not configured")
				isProviderConfigured = false
				break
			}
			err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodMicrosoft)
			if err != nil {
				log.Debug("Error setting state: ", err)
				c.JSON(500, gin.H{
					"error": "internal server error",
				})
				return
			}
			// during the init of OAuthProvider authorizer url might be empty
			oauth.OAuthProviders.MicrosoftConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodMicrosoft
			url := oauth.OAuthProviders.MicrosoftConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		default:
			log.Debug("Invalid oauth provider: ", provider)
			c.JSON(422, gin.H{
				"message": "Invalid oauth provider",
			})
		}

		if !isProviderConfigured {
			c.JSON(422, gin.H{
				"message": provider + " not configured",
			})
		}
	}
}
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`package handlers`

			`import (`
			`"net/http"`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 22:11:41 +05:30			`"strings"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`"github.com/gin-gonic/gin"`
			`log "github.com/sirupsen/logrus"`
fix: apple login params 2022-06-14 12:06:46 +05:30			`"golang.org/x/oauth2"`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30
fix: add location middleware to get exact host 2021-08-04 15:55:13 +05:30			`"github.com/authorizerdev/authorizer/server/constants"`
fix: move sessionstore -> memstore 2022-05-27 23:20:38 +05:30			`"github.com/authorizerdev/authorizer/server/memorystore"`
chore: rename project 2021-07-23 21:57:44 +05:30			`"github.com/authorizerdev/authorizer/server/oauth"`
fix: import cycle issues 2022-05-30 11:54:16 +05:30			`"github.com/authorizerdev/authorizer/server/parsers"`
feat: Adds login via twitter 2022-08-14 20:19:48 +02:00			`"github.com/authorizerdev/authorizer/server/utils"`
fix: import cycle issues 2022-05-30 11:54:16 +05:30			`"github.com/authorizerdev/authorizer/server/validators"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`)`

Feat/dashboard (#105) 2022-01-17 11:32:13 +05:30			`// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 12:18:57 +05:30			`func OAuthLoginHandler() gin.HandlerFunc {`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`return func(c *gin.Context) {`
fix: import cycle issues 2022-05-30 11:54:16 +05:30			`hostname := parsers.GetHost(c)`
fix: token + redirect 2022-03-16 21:44:57 +05:30			`// deprecating redirectURL instead use redirect_uri`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`redirectURI := strings.TrimSpace(c.Query("redirectURL"))`
fix: token + redirect 2022-03-16 21:44:57 +05:30			`if redirectURI == "" {`
			`redirectURI = strings.TrimSpace(c.Query("redirect_uri"))`
			`}`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`roles := strings.TrimSpace(c.Query("roles"))`
			`state := strings.TrimSpace(c.Query("state"))`
			`scopeString := strings.TrimSpace(c.Query("scope"))`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 12:18:57 +05:30
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`if redirectURI == "" {`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("redirect_uri is empty")`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 12:18:57 +05:30			`c.JSON(400, gin.H{`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`"error": "invalid redirect uri",`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 12:18:57 +05:30			`})`
			`return`
			`}`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 10:36:26 +05:30
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`if state == "" {`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("state is empty")`
fix: add token information in redirect url 2022-03-08 12:36:26 +05:30			`c.JSON(400, gin.H{`
			`"error": "invalid state",`
			`})`
			`return`
			`}`

			`var scope []string`
			`if scopeString == "" {`
			`scope = []string{"openid", "profile", "email"}`
			`} else {`
			`scope = strings.Split(scopeString, " ")`
			`}`

feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 22:11:41 +05:30			`if roles != "" {`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 10:36:26 +05:30			`// validate role`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 22:11:41 +05:30			`rolesSplit := strings.Split(roles, ",")`

			`// use protected roles verification for admin login only.`
			`// though if not associated with user, it will be rejected from oauth_callback`
fix: slice envs 2022-05-31 08:14:03 +05:30			`rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)`
			`roles := []string{}`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error getting roles: ", err)`
fix: slice envs 2022-05-31 08:14:03 +05:30			`rolesString = ""`
			`} else {`
			`roles = strings.Split(rolesString, ",")`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`}`
fix: slice envs 2022-05-31 08:14:03 +05:30
			`protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)`
			`protectedRoles := []string{}`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error getting protected roles: ", err)`
fix: slice envs 2022-05-31 08:14:03 +05:30			`protectedRolesString = ""`
			`} else {`
			`protectedRoles = strings.Split(protectedRolesString, ",")`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`}`

fix: import cycle issues 2022-05-30 11:54:16 +05:30			`if !validators.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) {`
fix: format logs 2022-05-25 12:30:22 +05:30			`log.Debug("Invalid roles: ", roles)`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 10:36:26 +05:30			`c.JSON(400, gin.H{`
			`"error": "invalid role",`
			`})`
			`return`
			`}`
			`} else {`
fix: slice envs 2022-05-31 08:14:03 +05:30			`defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error getting default roles: ", err)`
			`c.JSON(400, gin.H{`
			`"error": "invalid role",`
			`})`
			`return`
			`}`
fix: slice envs 2022-05-31 08:14:03 +05:30			`roles = defaultRoles`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 10:36:26 +05:30			`}`

fix: Uses whitespace as seperator for oauth scopes in state-string This is necessary, as the previous delimiter (,) was being redacted after a redirect. This resulted in the scopes not being correctly parseable and the state not being fetched correctly after the oauth-callback 2022-08-22 09:19:09 +02:00			`oauthStateString := state + "___" + redirectURI + "___" + roles + "___" + strings.Join(scope, " ")`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 12:18:57 +05:30
fix: rename server_url -> authorizer_domain 2021-07-28 16:38:55 +05:30			`provider := c.Param("oauth_provider")`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`isProviderConfigured := true`
fix: rename server_url -> authorizer_domain 2021-07-28 16:38:55 +05:30			`switch provider {`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`case constants.AuthRecipeMethodGoogle:`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`if oauth.OAuthProviders.GoogleConfig == nil {`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("Google OAuth provider is not configured")`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`isProviderConfigured = false`
			`break`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodGoogle)`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
fix: add location middleware to get exact host 2021-08-04 15:55:13 +05:30			`// during the init of OAuthProvider authorizer url might be empty`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodGoogle`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`case constants.AuthRecipeMethodGithub:`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`if oauth.OAuthProviders.GithubConfig == nil {`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("Github OAuth provider is not configured")`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`isProviderConfigured = false`
			`break`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodGithub)`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodGithub`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)`
Add github login Resolves #18 2021-07-18 04:48:42 +05:30			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`case constants.AuthRecipeMethodFacebook:`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`if oauth.OAuthProviders.FacebookConfig == nil {`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("Facebook OAuth provider is not configured")`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`isProviderConfigured = false`
			`break`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodFacebook)`
fix: update store method till handlers 2022-05-29 17:22:46 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodFacebook`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30			`url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)`
feat: add facebook login Resolves #36 2021-09-05 03:57:29 +05:30			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`case constants.AuthRecipeMethodLinkedIn:`
feat: add linkedin login 2022-06-06 22:08:32 +05:30			`if oauth.OAuthProviders.LinkedInConfig == nil {`
			`log.Debug("Linkedin OAuth provider is not configured")`
			`isProviderConfigured = false`
			`break`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodLinkedIn)`
feat: add linkedin login 2022-06-06 22:08:32 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`oauth.OAuthProviders.LinkedInConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodLinkedIn`
feat: add linkedin login 2022-06-06 22:08:32 +05:30			`url := oauth.OAuthProviders.LinkedInConfig.AuthCodeURL(oauthStateString)`
			`c.Redirect(http.StatusTemporaryRedirect, url)`
feat: bootstrap twitter login config 2022-08-13 12:35:00 +05:30			`case constants.AuthRecipeMethodTwitter:`
			`if oauth.OAuthProviders.TwitterConfig == nil {`
			`log.Debug("Twitter OAuth provider is not configured")`
			`isProviderConfigured = false`
			`break`
			`}`
feat: Adds login via twitter 2022-08-14 20:19:48 +02:00
			`verifier, challenge := utils.GenerateCodeChallenge()`

			`err := memorystore.Provider.SetState(oauthStateString, verifier)`
feat: bootstrap twitter login config 2022-08-13 12:35:00 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
			`oauth.OAuthProviders.TwitterConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodTwitter`
feat: Adds login via twitter 2022-08-14 20:19:48 +02:00			`url := oauth.OAuthProviders.TwitterConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("code_challenge", challenge), oauth2.SetAuthURLParam("code_challenge_method", "S256"))`
feat: bootstrap twitter login config 2022-08-13 12:35:00 +05:30			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`case constants.AuthRecipeMethodApple:`
feat: add test code to process apple user 2022-06-12 18:30:33 +05:30			`if oauth.OAuthProviders.AppleConfig == nil {`
fix: apple login params 2022-06-14 12:06:46 +05:30			`log.Debug("Apple OAuth provider is not configured")`
feat: add test code to process apple user 2022-06-12 18:30:33 +05:30			`isProviderConfigured = false`
			`break`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodApple)`
feat: add test code to process apple user 2022-06-12 18:30:33 +05:30			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
fix: add namespace to session token keys 2022-06-29 22:24:00 +05:30			`oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodApple`
fix: add comment for scope 2022-06-14 15:47:08 +05:30			`// there is scope encoding issue with oauth2 and how apple expects, hence added scope manually`
			`// check: https://github.com/golang/oauth2/issues/449`
			`url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post")) + "&scope=name email"`
feat: add test code to process apple user 2022-06-12 18:30:33 +05:30			`c.Redirect(http.StatusTemporaryRedirect, url)`
feat: add microsoft login 2023-02-26 05:23:02 +05:30			`case constants.AuthRecipeMethodMicrosoft:`
			`if oauth.OAuthProviders.MicrosoftConfig == nil {`
			`log.Debug("Microsoft OAuth provider is not configured")`
			`isProviderConfigured = false`
			`break`
			`}`
			`err := memorystore.Provider.SetState(oauthStateString, constants.AuthRecipeMethodMicrosoft)`
			`if err != nil {`
			`log.Debug("Error setting state: ", err)`
			`c.JSON(500, gin.H{`
			`"error": "internal server error",`
			`})`
			`return`
			`}`
			`// during the init of OAuthProvider authorizer url might be empty`
			`oauth.OAuthProviders.MicrosoftConfig.RedirectURL = hostname + "/oauth_callback/" + constants.AuthRecipeMethodMicrosoft`
			`url := oauth.OAuthProviders.MicrosoftConfig.AuthCodeURL(oauthStateString)`
			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: rename server_url -> authorizer_domain 2021-07-28 16:38:55 +05:30			`default:`
feat: add logs for http handlers 2022-05-23 11:52:51 +05:30			`log.Debug("Invalid oauth provider: ", provider)`
fix: rename server_url -> authorizer_domain 2021-07-28 16:38:55 +05:30			`c.JSON(422, gin.H{`
			`"message": "Invalid oauth provider",`
			`})`
Add github login Resolves #18 2021-07-18 04:48:42 +05:30			`}`
feat: add oidc for google login 2021-12-03 22:55:27 +05:30
			`if !isProviderConfigured {`
			`c.JSON(422, gin.H{`
			`"message": provider + " not configured",`
			`})`
			`}`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 21:59:50 +05:30			`}`
			`}`