Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth connector #1630

Merged
merged 15 commits into from
Dec 2, 2021
+568 −2
Merged

OAuth connector #1630

Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
1cb4b32
chore: upgrade alpine
sagikazarmark Nov 15, 2021
9284ffb
Add generic oauth connector
May 4, 2018
a087c05
Make oauth user name and user id configurable
Feb 27, 2019
930b331
use PreferredUsername
Jan 16, 2020
fdf19e8
add docs for oauth connector
Jul 31, 2020
9952851
add configurable preferred_username key
Aug 4, 2020
60b8875
use testify in oauth tests
Oct 7, 2020
02860da
use claim mappings when retrieving user identity
Oct 20, 2020
49cb30a
readme minor fix for oauth connector
Nov 5, 2020
8ea121b
move oauth connector doc to dex website repo
Mar 15, 2021
f980d3e
cleanup and optimization
May 10, 2021
45932bd
skymarshal: behaviour: Handle groups as maps
vladsf Oct 25, 2021
7c80e44
Add a test case
vladsf Nov 3, 2021
8b86516
fix minor compilation error for group claim
Nov 17, 2021
539e08b
small refactors and cleanup
Dec 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
use PreferredUsername 
Signed-off-by: Rui Yang <ryang@pivotal.io>
Rui Yang authored and Rui Yang committed Nov 17, 2021
commit 930b331a5b2953d7955404e1e6a27698b6c82ac6
13 changes: 6 additions & 7 deletions connector/oauth/oauth.go
View file
Original file line number Diff line number Diff line change
@@ -14,9 +14,10 @@ import (
"strings"
"time"

"golang.org/x/oauth2"

"github.com/dexidp/dex/connector"
"github.com/dexidp/dex/pkg/log"
"golang.org/x/oauth2"
)

type oauthConnector struct {
@@ -113,7 +114,6 @@ func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, err
}

func (c *oauthConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) {

if c.redirectURI != callbackURL {
return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI)
}
@@ -130,7 +130,6 @@ func (c *oauthConnector) LoginURL(scopes connector.Scopes, callbackURL, state st
}

func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) {

q := r.URL.Query()
if errType := q.Get("error"); errType != "" {
return identity, errors.New(q.Get("error_description"))
@@ -185,7 +184,7 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id

identity.UserID, _ = userInfoResult[c.userIDKey].(string)
identity.Username, _ = userInfoResult[c.userNameKey].(string)
identity.Name, _ = userInfoResult["name"].(string)
identity.PreferredUsername, _ = userInfoResult["name"].(string)
identity.Email, _ = userInfoResult["email"].(string)
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)

@@ -195,7 +194,7 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
c.addGroupsFromMap(groups, userInfoResult)
c.addGroupsFromToken(groups, token.AccessToken)

for groupName, _ := range groups {
for groupName := range groups {
identity.Groups = append(identity.Groups, groupName)
}
}
@@ -215,7 +214,7 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
func (c *oauthConnector) addGroupsFromMap(groups map[string]bool, result map[string]interface{}) error {
groupsClaim, ok := result[c.groupsKey].([]interface{})
if !ok {
return errors.New("Cant convert to array")
return errors.New("cant convert to array")
}

for _, group := range groupsClaim {
@@ -230,7 +229,7 @@ func (c *oauthConnector) addGroupsFromMap(groups map[string]bool, result map[str
func (c *oauthConnector) addGroupsFromToken(groups map[string]bool, token string) error {
parts := strings.Split(token, ".")
if len(parts) < 2 {
return errors.New("Invalid token")
return errors.New("invalid token")
}

decoded, err := decode(parts[1])
10 changes: 4 additions & 6 deletions connector/oauth/oauth_test.go
View file
Original file line number Diff line number Diff line change
@@ -13,9 +13,10 @@ import (
"sort"
"testing"

"github.com/dexidp/dex/connector"
"github.com/sirupsen/logrus"
jose "gopkg.in/square/go-jose.v2"

"github.com/dexidp/dex/connector"
)

func TestOpen(t *testing.T) {
@@ -67,7 +68,6 @@ func TestLoginURL(t *testing.T) {
}

func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {

tokenClaims := map[string]interface{}{}

userInfoClaims := map[string]interface{}{
@@ -92,15 +92,14 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
expectEqual(t, len(identity.Groups), 2)
expectEqual(t, identity.Groups[0], "admin-group")
expectEqual(t, identity.Groups[1], "user-group")
expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.PreferredUsername, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true)
}

func TestHandleCallBackForGroupsInToken(t *testing.T) {

tokenClaims := map[string]interface{}{
"groups_key": []string{"test-group"},
}
@@ -124,15 +123,14 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {

expectEqual(t, len(identity.Groups), 1)
expectEqual(t, identity.Groups[0], "test-group")
expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.PreferredUsername, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true)
}

func testSetup(t *testing.T, tokenClaims map[string]interface{}, userInfoClaims map[string]interface{}) *httptest.Server {

key, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
t.Fatal("Failed to generate rsa key", err)