feat(oauth2): try to support github

2024-11-22 07:43:33 +00:00 · 2024-02-16 13:52:27 +01:00 · 2024-02-16 13:52:27 +01:00 · 185fd4923f
commit 185fd4923f
parent e6f6e5ede3
3 changed files with 20 additions and 13 deletions
--- a/fly.toml
+++ b/fly.toml
@ -11,10 +11,9 @@ primary_region = 'waw'
  PORT = '8080'
  ROOT_URL = 'https://zdravko.fly.dev'
  # Other are defined in secrets
-  OAUTH2_ENDPOINT_TOKEN_URL = 'https://id.tjo.space/application/o/token/'
-  OAUTH2_ENDPOINT_AUTH_URL = 'https://id.tjo.space/application/o/authorize/'
-  OAUTH2_ENDPOINT_USER_INFO_URL = 'https://id.tjo.space/application/o/userinfo/'
-  OAUTH2_ENDPOINT_LOGOUT_URL = 'https://id.tjo.space/application/o/zdravko-development/end-session/'
+  OAUTH2_ENDPOINT_TOKEN_URL = 'https://github.com/login/oauth/access_token'
+  OAUTH2_ENDPOINT_AUTH_URL = 'https://github.com/login/oauth/authorize'
+  OAUTH2_ENDPOINT_USER_INFO_URL = 'https://api.github.com/user'

  TEMPORAL_UI_HOST = 'temporal.process.zdravko.internal:8223'
  TEMPORAL_SERVER_HOST = 'temporal.process.zdravko.internal:7233'
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -32,7 +32,7 @@ type OAuth2 struct {
 	EndpointTokenURL    string   `validate:"required"`
 	EndpointAuthURL     string   `validate:"required"`
 	EndpointUserInfoURL string   `validate:"required"`
-	EndpointLogoutURL   string   `validate:"required"`
+	EndpointLogoutURL   string   // Optional as not all SSO support this.
 }

 type Temporal struct {
--- a/internal/handlers/oauth2.go
+++ b/internal/handlers/oauth2.go
@ -16,6 +16,7 @@ import (
 )

 type UserInfo struct {
+	Id    string `json:"id"`
 	Sub   string `json:"sub"`
 	Email string `json:"email"`
 }
@ -137,8 +138,13 @@ func (h *BaseHandler) OAuth2CallbackGET(w http.ResponseWriter, r *http.Request)
 		return
 	}

+	userId := userInfo.Id
+	if userInfo.Sub != "" {
+		userId = userInfo.Sub
+	}
+
 	err = h.SetAuthenticatedUserForRequest(w, r, &AuthenticatedUser{
-		ID:                 userInfo.Sub,
+		ID:                 userId,
 		Email:              userInfo.Email,
 		OAuth2AccessToken:  tok.AccessToken,
 		OAuth2RefreshToken: tok.RefreshToken,
@ -154,15 +160,17 @@ func (h *BaseHandler) OAuth2CallbackGET(w http.ResponseWriter, r *http.Request)
 }

 func (h *BaseHandler) OAuth2LogoutGET(w http.ResponseWriter, r *http.Request, user *AuthenticatedUser) {
-	tok := h.AuthenticatedUserToOAuth2Token(user)
-	client := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(tok))
-	_, err := client.Get(h.config.OAuth2.EndpointLogoutURL)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
+	if h.config.OAuth2.EndpointLogoutURL != "" {
+		tok := h.AuthenticatedUserToOAuth2Token(user)
+		client := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(tok))
+		_, err := client.Get(h.config.OAuth2.EndpointLogoutURL)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
 	}

-	err = h.ClearAuthenticatedUserForRequest(w, r)
+	err := h.ClearAuthenticatedUserForRequest(w, r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 	}