// oidcAddRoutes adds OpenID Connect endpoints to an existing gin.IRouter. func oidcAddRoutes(router gin.IRouter, origin string, rsakey *rsa.PrivateKey) { jwksPath := "/jwks.json" authPath := "/authorize" router.GET("/.well-known/openid-configuration", discovery(origin, jwksPath, authPath)) router.GET(jwksPath, keyset(&rsakey.PublicKey)) router.POST(authPath, authorize(origin, rsakey)) }
func (a *authManager) RegisterRoutes(login, callback, logout string, r gin.IRouter) { a.loginRoute = login r.GET(login, func(ctx *gin.Context) { state := &oauthState{ RedirectPath: ctx.DefaultQuery("redirect", "/"), Random: make([]byte, 15), } rand.Read(state.Random) b, err := json.Marshal(state) if err != nil { return } stateStr := a.encrypt(b) rand.Read(state.Random) ctx.Redirect(302, a.conf.AuthCodeURL(stateStr)) }) r.GET(callback, func(ctx *gin.Context) { state := a.decrypt(ctx.Query("state")) if state == "" { ctx.Redirect(302, "/") } s := &oauthState{} if err := json.Unmarshal([]byte(state), s); err != nil { ctx.Redirect(302, "/") } tok, err := a.conf.Exchange(context.Background(), ctx.Query("code")) if err != nil { ctx.Redirect(302, "/") } c := client(tok.AccessToken) u, _, err := c.Users.Get("") if err != nil { ctx.Redirect(302, "/") } user := &GithubUser{ Token: tok.AccessToken, Login: *u.Login, AvatarURL: *u.AvatarURL, ID: *u.ID, } a.SetCookie(ctx, user) ctx.Redirect(302, s.RedirectPath) }) r.GET(logout, func(ctx *gin.Context) { a.ClearCookie(ctx) ctx.Redirect(302, "/") }) }