func (c *AuthConfig) getOAuthProvider(identityProvider configapi.IdentityProvider) (external.Provider, error) { switch provider := identityProvider.Provider.Object.(type) { case (*configapi.GitHubIdentityProvider): return github.NewProvider(identityProvider.Name, provider.ClientID, provider.ClientSecret), nil case (*configapi.GoogleIdentityProvider): return google.NewProvider(identityProvider.Name, provider.ClientID, provider.ClientSecret, provider.HostedDomain) case (*configapi.OpenIDIdentityProvider): transport, err := cmdutil.TransportFor(provider.CA, "", "") if err != nil { return nil, err } // OpenID Connect requests MUST contain the openid scope value // http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scopes := util.NewStringSet("openid") scopes.Insert(provider.ExtraScopes...) config := openid.Config{ ClientID: provider.ClientID, ClientSecret: provider.ClientSecret, Scopes: scopes.List(), ExtraAuthorizeParameters: provider.ExtraAuthorizeParameters, AuthorizeURL: provider.URLs.Authorize, TokenURL: provider.URLs.Token, UserInfoURL: provider.URLs.UserInfo, IDClaims: provider.Claims.ID, PreferredUsernameClaims: provider.Claims.PreferredUsername, EmailClaims: provider.Claims.Email, NameClaims: provider.Claims.Name, } return openid.NewProvider(identityProvider.Name, transport, config) default: return nil, fmt.Errorf("No OAuth provider found that matches %v. The OAuth server cannot start!", identityProvider) } }
func (c *AuthConfig) getPasswordAuthenticator(identityProvider configapi.IdentityProvider) (authenticator.Password, error) { identityMapper := identitymapper.NewAlwaysCreateUserIdentityToUserMapper(c.IdentityRegistry, c.UserRegistry) switch provider := identityProvider.Provider.Object.(type) { case (*configapi.AllowAllPasswordIdentityProvider): return allowanypassword.New(identityProvider.Name, identityMapper), nil case (*configapi.DenyAllPasswordIdentityProvider): return denypassword.New(), nil case (*configapi.HTPasswdPasswordIdentityProvider): htpasswdFile := provider.File if len(htpasswdFile) == 0 { return nil, fmt.Errorf("HTPasswdFile is required to support htpasswd auth") } if htpasswordAuth, err := htpasswd.New(identityProvider.Name, htpasswdFile, identityMapper); err != nil { return nil, fmt.Errorf("Error loading htpasswd file %s: %v", htpasswdFile, err) } else { return htpasswordAuth, nil } case (*configapi.BasicAuthPasswordIdentityProvider): connectionInfo := provider.RemoteConnectionInfo if len(connectionInfo.URL) == 0 { return nil, fmt.Errorf("URL is required for BasicAuthPasswordIdentityProvider") } transport, err := cmdutil.TransportFor(connectionInfo.CA, connectionInfo.ClientCert.CertFile, connectionInfo.ClientCert.KeyFile) if err != nil { return nil, fmt.Errorf("Error building BasicAuthPasswordIdentityProvider client: %v", err) } return basicauthpassword.New(identityProvider.Name, connectionInfo.URL, transport, identityMapper), nil default: return nil, fmt.Errorf("No password auth found that matches %v. The OAuth server cannot start!", identityProvider) } }