forked from influxdata/influxdb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth0.go
106 lines (82 loc) · 2.13 KB
/
auth0.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package oauth2
import (
"encoding/json"
"net/http"
"net/url"
"github.com/influxdata/influxdb/chronograf"
)
var _ Provider = &Auth0{}
type Auth0 struct {
Generic
Organizations map[string]bool // the set of allowed organizations users may belong to
}
func (a *Auth0) PrincipalID(provider *http.Client) (string, error) {
type Account struct {
Email string `json:"email"`
Organization string `json:"organization"`
}
resp, err := provider.Get(a.Generic.APIURL)
if err != nil {
return "", err
}
defer resp.Body.Close()
act := Account{}
if err = json.NewDecoder(resp.Body).Decode(&act); err != nil {
return "", err
}
// check for organization membership if required
if len(a.Organizations) > 0 && !a.Organizations[act.Organization] {
a.Logger.
WithField("org", act.Organization).
Error(ErrOrgMembership)
return "", ErrOrgMembership
}
return act.Email, nil
}
func (a *Auth0) Group(provider *http.Client) (string, error) {
type Account struct {
Email string `json:"email"`
Organization string `json:"organization"`
}
resp, err := provider.Get(a.Generic.APIURL)
if err != nil {
return "", err
}
defer resp.Body.Close()
act := Account{}
if err = json.NewDecoder(resp.Body).Decode(&act); err != nil {
return "", err
}
return act.Organization, nil
}
func NewAuth0(auth0Domain, clientID, clientSecret, redirectURL string, organizations []string, logger chronograf.Logger) (Auth0, error) {
domain, err := url.Parse(auth0Domain)
if err != nil {
return Auth0{}, err
}
domain.Scheme = "https"
domain.Path = "/authorize"
authURL := domain.String()
domain.Path = "/oauth/token"
tokenURL := domain.String()
domain.Path = "/userinfo"
apiURL := domain.String()
a0 := Auth0{
Generic: Generic{
PageName: "auth0",
ClientID: clientID,
ClientSecret: clientSecret,
RequiredScopes: []string{"openid", "email"},
RedirectURL: redirectURL,
AuthURL: authURL,
TokenURL: tokenURL,
APIURL: apiURL,
Logger: logger,
},
Organizations: make(map[string]bool, len(organizations)),
}
for _, org := range organizations {
a0.Organizations[org] = true
}
return a0, nil
}