package auth import ( "context" "log" "net/http" oidc "github.com/coreos/go-oidc" ) func NewCallbackHandler(c Config) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { session, err := Store.Get(r, "auth-session") if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } if r.URL.Query().Get("state") != session.Values["state"] { http.Error(w, "Invalid state parameter", http.StatusBadRequest) return } authenticator, err := NewAuthenticator(c.Domain, c.ClientID, c.ClientSecret, c.CallbackURL) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } token, err := authenticator.Config.Exchange(context.TODO(), r.URL.Query().Get("code")) if err != nil { log.Printf("no token found: %v", err) w.WriteHeader(http.StatusUnauthorized) return } rawIDToken, ok := token.Extra("id_token").(string) if !ok { http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError) return } oidcConfig := &oidc.Config{ ClientID: "ae1e02bTwXA35O3r3Xxk4kbRf31j5ge9", } idToken, err := authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken) if err != nil { http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError) return } // Getting now the userInfo var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } session.Values["id_token"] = rawIDToken session.Values["access_token"] = token.AccessToken session.Values["profile"] = profile err = session.Save(r, w) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // Redirect to logged in page http.Redirect(w, r, "/user", http.StatusSeeOther) } }