[#1377] added Authentik OAuth2 provider
Co-authored-by: Marc Singer <ms@pr0.tech>
This commit is contained in:
Gani Georgiev
@@ -112,6 +112,8 @@ func NewProviderByName(name string) (Provider, error) {
|
||||
return NewGiteeProvider(), nil
|
||||
case NameLivechat:
|
||||
return NewLivechatProvider(), nil
|
||||
case NameAuthentik:
|
||||
return NewAuthentikProvider(), nil
|
||||
default:
|
||||
return nil, errors.New("Missing provider " + name)
|
||||
}
|
||||
|
||||
@@ -135,4 +135,13 @@ func TestNewProviderByName(t *testing.T) {
|
||||
if _, ok := p.(*auth.Livechat); !ok {
|
||||
t.Error("Expected to be instance of *auth.Livechat")
|
||||
}
|
||||
|
||||
// authentik
|
||||
p, err = auth.NewProviderByName(auth.NameAuthentik)
|
||||
if err != nil {
|
||||
t.Errorf("Expected nil, got error %v", err)
|
||||
}
|
||||
if _, ok := p.(*auth.Authentik); !ok {
|
||||
t.Error("Expected to be instance of *auth.Authentik")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
var _ Provider = (*Authentik)(nil)
|
||||
|
||||
// NameAuthentik is the unique name of the Authentik provider.
|
||||
const NameAuthentik string = "authentik"
|
||||
|
||||
// Authentik allows authentication via Authentik OAuth2.
|
||||
type Authentik struct {
|
||||
*baseProvider
|
||||
}
|
||||
|
||||
// NewAuthentikProvider creates new Authentik provider instance with some defaults.
|
||||
func NewAuthentikProvider() *Authentik {
|
||||
return &Authentik{&baseProvider{
|
||||
scopes: []string{
|
||||
"openid", // minimal requirement to return the id
|
||||
"email",
|
||||
"profile",
|
||||
},
|
||||
}}
|
||||
}
|
||||
|
||||
// FetchAuthUser returns an AuthUser instance based the Authentik's user api.
|
||||
//
|
||||
// API reference: https://goauthentik.io/docs/providers/oauth2/
|
||||
func (p *Authentik) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
|
||||
data, err := p.FetchRawUserData(token)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
rawUser := map[string]any{}
|
||||
if err := json.Unmarshal(data, &rawUser); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
extracted := struct {
|
||||
Id string `json:"sub"`
|
||||
Name string `json:"name"`
|
||||
Username string `json:"preferred_username"`
|
||||
Picture string `json:"picture"`
|
||||
Email string `json:"email"`
|
||||
EmailVerified bool `json:"email_verified"`
|
||||
}{}
|
||||
if err := json.Unmarshal(data, &extracted); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user := &AuthUser{
|
||||
Id: extracted.Id,
|
||||
Name: extracted.Name,
|
||||
Username: extracted.Username,
|
||||
AvatarUrl: extracted.Picture,
|
||||
RawUser: rawUser,
|
||||
AccessToken: token.AccessToken,
|
||||
RefreshToken: token.RefreshToken,
|
||||
}
|
||||
|
||||
if extracted.EmailVerified {
|
||||
user.Email = extracted.Email
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
@@ -58,7 +58,6 @@ func (p *Strava) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
|
||||
}
|
||||
|
||||
user := &AuthUser{
|
||||
Id: strconv.Itoa(extracted.Id),
|
||||
Name: extracted.FirstName + " " + extracted.LastName,
|
||||
Username: extracted.Username,
|
||||
AvatarUrl: extracted.ProfileImageUrl,
|
||||
@@ -67,5 +66,9 @@ func (p *Strava) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
|
||||
RefreshToken: token.RefreshToken,
|
||||
}
|
||||
|
||||
if extracted.Id != 0 {
|
||||
user.Id = strconv.Itoa(extracted.Id)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user