x/auth/callback.go

75 lines
1.8 KiB
Go

package auth
import (
"context"
"log"
"net/http"
oidc "github.com/coreos/go-oidc"
)
func NewCallbackHandler(c Config) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session, err := Store.Get(r, "auth-session")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if r.URL.Query().Get("state") != session.Values["state"] {
http.Error(w, "Invalid state parameter", http.StatusBadRequest)
return
}
authenticator, err := NewAuthenticator(c.Domain, c.ClientID, c.ClientSecret, c.CallbackURL)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
token, err := authenticator.Config.Exchange(context.TODO(), r.URL.Query().Get("code"))
if err != nil {
log.Printf("no token found: %v", err)
w.WriteHeader(http.StatusUnauthorized)
return
}
rawIDToken, ok := token.Extra("id_token").(string)
if !ok {
http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError)
return
}
oidcConfig := &oidc.Config{
ClientID: "ae1e02bTwXA35O3r3Xxk4kbRf31j5ge9",
}
idToken, err := authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken)
if err != nil {
http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
return
}
// Getting now the userInfo
var profile map[string]interface{}
if err := idToken.Claims(&profile); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
session.Values["id_token"] = rawIDToken
session.Values["access_token"] = token.AccessToken
session.Values["profile"] = profile
err = session.Save(r, w)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Redirect to logged in page
http.Redirect(w, r, "/user", http.StatusSeeOther)
}
}