added amore robust user model, and some notes on a subscription based callback redirect
This commit is contained in:
parent
af37be92bc
commit
291a3f80c3
@ -42,7 +42,7 @@ func NewCallbackHandler(c Config) http.HandlerFunc {
|
|||||||
}
|
}
|
||||||
|
|
||||||
oidcConfig := &oidc.Config{
|
oidcConfig := &oidc.Config{
|
||||||
ClientID: "ae1e02bTwXA35O3r3Xxk4kbRf31j5ge9",
|
ClientID: c.ClientID,
|
||||||
}
|
}
|
||||||
|
|
||||||
idToken, err := authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken)
|
idToken, err := authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken)
|
||||||
@ -53,22 +53,39 @@ func NewCallbackHandler(c Config) http.HandlerFunc {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Getting now the userInfo
|
// Getting now the userInfo
|
||||||
var profile map[string]interface{}
|
user := User{}
|
||||||
if err := idToken.Claims(&profile); err != nil {
|
|
||||||
|
// var profile map[string]interface{}
|
||||||
|
if err := idToken.Claims(&user); err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
session.Values["id_token"] = rawIDToken
|
session.Values["id_token"] = rawIDToken
|
||||||
session.Values["access_token"] = token.AccessToken
|
session.Values["access_token"] = token.AccessToken
|
||||||
session.Values["profile"] = profile
|
session.Values["profile"] = user
|
||||||
err = session.Save(r, w)
|
err = session.Save(r, w)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to logged in page
|
// if application ID is non existent, and therefore does not have a tenant
|
||||||
http.Redirect(w, r, "/user", http.StatusSeeOther)
|
// Create or associate?
|
||||||
|
// Create:
|
||||||
|
// - Create Tenant
|
||||||
|
// - Specify plan
|
||||||
|
// - Specify payment info
|
||||||
|
// - Associate Tenant
|
||||||
|
// - by email address domain?
|
||||||
|
//set tenant ID on application ID in App Metadata on user
|
||||||
|
|
||||||
|
if c.CallbackFunc != nil {
|
||||||
|
c.CallbackFunc(c, user)
|
||||||
|
} else {
|
||||||
|
// Redirect to logged in page
|
||||||
|
http.Redirect(w, r, "/user", http.StatusSeeOther)
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,17 +10,21 @@ type Config struct {
|
|||||||
ClientID string
|
ClientID string
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
CallbackURL string
|
CallbackURL string
|
||||||
|
CallbackFunc CallbackFunc
|
||||||
}
|
}
|
||||||
|
|
||||||
func FromEnv() Config {
|
func FromEnv(c CallbackFunc) Config {
|
||||||
return Config{
|
return Config{
|
||||||
Domain: os.Getenv("AUTH_DOMAIN"),
|
Domain: os.Getenv("AUTH_DOMAIN"),
|
||||||
ClientID: os.Getenv("AUTH_CLIENT_ID"),
|
ClientID: os.Getenv("AUTH_CLIENT_ID"),
|
||||||
ClientSecret: os.Getenv("AUTH_CLIENT_SECRET"),
|
ClientSecret: os.Getenv("AUTH_CLIENT_SECRET"),
|
||||||
CallbackURL: os.Getenv("AUTH_CALLBACK_URL"),
|
CallbackURL: os.Getenv("AUTH_CALLBACK_URL"),
|
||||||
|
CallbackFunc: c,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func PrintConfig() {
|
func PrintConfig() {
|
||||||
fmt.Printf("%#v\n", FromEnv())
|
fmt.Printf("%#v\n", FromEnv(nil))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type CallbackFunc func(c Config, u User) error
|
||||||
|
@ -11,6 +11,7 @@ func IsAuthenticated(w http.ResponseWriter, r *http.Request, next http.HandlerFu
|
|||||||
}
|
}
|
||||||
|
|
||||||
if _, ok := session.Values["profile"]; !ok {
|
if _, ok := session.Values["profile"]; !ok {
|
||||||
|
//TODO allow customization of redirect
|
||||||
http.Redirect(w, r, "/", http.StatusSeeOther)
|
http.Redirect(w, r, "/", http.StatusSeeOther)
|
||||||
} else {
|
} else {
|
||||||
next(w, r)
|
next(w, r)
|
||||||
|
@ -13,5 +13,7 @@ var (
|
|||||||
func Init() error {
|
func Init() error {
|
||||||
Store = sessions.NewFilesystemStore("", []byte("something-very-secret"))
|
Store = sessions.NewFilesystemStore("", []byte("something-very-secret"))
|
||||||
gob.Register(map[string]interface{}{})
|
gob.Register(map[string]interface{}{})
|
||||||
|
gob.Register(User{})
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
22
auth/user.go
22
auth/user.go
@ -16,3 +16,25 @@ func UserHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
jchenry_http.RenderTemplate(w, "user", session.Values["profile"])
|
jchenry_http.RenderTemplate(w, "user", session.Values["profile"])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type User struct {
|
||||||
|
Email string `json:"email"`
|
||||||
|
FirstName string `json:"given_name"`
|
||||||
|
LastName string `json:"family_name"`
|
||||||
|
Picture string `json:"picture"`
|
||||||
|
Nickname string `json:"nickname"`
|
||||||
|
AppMetadata AppMetadata `json:"app_metadata"`
|
||||||
|
|
||||||
|
//UserMetadata UserMetadata `json:"user_metadata"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type AppMetadata struct {
|
||||||
|
Apps map[string]string // an association between the unique applicationID and the tenantID that the user is associated with
|
||||||
|
// Apps []struct {
|
||||||
|
// ApplicationID string
|
||||||
|
// TenantID string
|
||||||
|
// }
|
||||||
|
}
|
||||||
|
|
||||||
|
// type UserMetadata struct {
|
||||||
|
// }
|
||||||
|
@ -18,7 +18,7 @@ func StartServer() {
|
|||||||
auth.PrintConfig()
|
auth.PrintConfig()
|
||||||
s := jch_http.NewServer(negroni.New()).
|
s := jch_http.NewServer(negroni.New()).
|
||||||
Static("/public/*filepath", http.Dir("public/")).
|
Static("/public/*filepath", http.Dir("public/")).
|
||||||
Service("", auth.Service(auth.FromEnv())).
|
Service("", auth.Service(auth.FromEnv(nil))).
|
||||||
GET("/", "", http.HandlerFunc(HomeHandler))
|
GET("/", "", http.HandlerFunc(HomeHandler))
|
||||||
|
|
||||||
port := os.Getenv("PORT")
|
port := os.Getenv("PORT")
|
||||||
|
@ -15,8 +15,8 @@
|
|||||||
<div class="container">
|
<div class="container">
|
||||||
<div class="login-page clearfix">
|
<div class="login-page clearfix">
|
||||||
<div class="logged-in-box auth0-box logged-in">
|
<div class="logged-in-box auth0-box logged-in">
|
||||||
<img class="avatar" src="{{.picture}}"/>
|
<img class="avatar" src="{{.Picture}}"/>
|
||||||
<h2>Welcome {{.nickname}}</h2>
|
<h2>Welcome {{.Nickname}}</h2>
|
||||||
<a id="qsLogoutBtn" class="btn btn-primary btn-lg btn-logout btn-block" href="/logout">Logout</a>
|
<a id="qsLogoutBtn" class="btn btn-primary btn-lg btn-logout btn-block" href="/logout">Logout</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user