Ejemplo n.º 1
0
// oidcAddRoutes adds OpenID Connect endpoints to an existing gin.IRouter.
func oidcAddRoutes(router gin.IRouter, origin string, rsakey *rsa.PrivateKey) {
	jwksPath := "/jwks.json"
	authPath := "/authorize"

	router.GET("/.well-known/openid-configuration", discovery(origin, jwksPath, authPath))
	router.GET(jwksPath, keyset(&rsakey.PublicKey))
	router.POST(authPath, authorize(origin, rsakey))
}
Ejemplo n.º 2
0
func (a *authManager) RegisterRoutes(login, callback, logout string, r gin.IRouter) {
	a.loginRoute = login
	r.GET(login, func(ctx *gin.Context) {
		state := &oauthState{
			RedirectPath: ctx.DefaultQuery("redirect", "/"),
			Random:       make([]byte, 15),
		}
		rand.Read(state.Random)
		b, err := json.Marshal(state)
		if err != nil {
			return
		}
		stateStr := a.encrypt(b)
		rand.Read(state.Random)
		ctx.Redirect(302, a.conf.AuthCodeURL(stateStr))
	})
	r.GET(callback, func(ctx *gin.Context) {
		state := a.decrypt(ctx.Query("state"))
		if state == "" {
			ctx.Redirect(302, "/")
		}
		s := &oauthState{}
		if err := json.Unmarshal([]byte(state), s); err != nil {
			ctx.Redirect(302, "/")
		}
		tok, err := a.conf.Exchange(context.Background(), ctx.Query("code"))
		if err != nil {
			ctx.Redirect(302, "/")
		}
		c := client(tok.AccessToken)
		u, _, err := c.Users.Get("")
		if err != nil {
			ctx.Redirect(302, "/")
		}
		user := &GithubUser{
			Token:     tok.AccessToken,
			Login:     *u.Login,
			AvatarURL: *u.AvatarURL,
			ID:        *u.ID,
		}
		a.SetCookie(ctx, user)
		ctx.Redirect(302, s.RedirectPath)

	})
	r.GET(logout, func(ctx *gin.Context) {
		a.ClearCookie(ctx)
		ctx.Redirect(302, "/")
	})
}