Oidc (#109)

* add oidc config * inching forward with oidc idp * lil webfingy fix * bit more progress * further oidc * oidc now working * document dex config * replace broken images * add additional credits * tiny doc update * update * add oidc config * inching forward with oidc idp * bit more progress * further oidc * oidc now working * document dex config * replace broken images * add additional credits * tiny doc update * update * document * docs + comments
2025-06-05 21:59:39 +02:00 · 2021-07-23 10:36:28 +02:00
parent 113186ce4e
commit 05e9af089c
61 changed files with 2597 additions and 757 deletions
--- a/internal/api/client/auth/auth.go
+++ b/internal/api/client/auth/auth.go
@ -26,6 +26,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/oidc"
 	"github.com/superseriousbusiness/gotosocial/internal/router"
 )

@ -36,40 +37,37 @@ const (
 	OauthTokenPath = "/oauth/token"
 	// OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user)
 	OauthAuthorizePath = "/oauth/authorize"
+	// CallbackPath is the API path for receiving callback tokens from external OIDC providers
+	CallbackPath = oidc.CallbackPath
+
+	callbackStateParam = "state"
+	callbackCodeParam  = "code"

 	sessionUserID       = "userid"
 	sessionClientID     = "client_id"
 	sessionRedirectURI  = "redirect_uri"
 	sessionForceLogin   = "force_login"
 	sessionResponseType = "response_type"
-	sessionCode         = "code"
 	sessionScope        = "scope"
+	sessionState        = "state"
 )

-var sessionKeys []string = []string{
-	sessionUserID,
-	sessionClientID,
-	sessionRedirectURI,
-	sessionForceLogin,
-	sessionResponseType,
-	sessionCode,
-	sessionScope,
-}
-
 // Module implements the ClientAPIModule interface for
 type Module struct {
 	config *config.Config
 	db     db.DB
 	server oauth.Server
+	idp    oidc.IDP
 	log    *logrus.Logger
 }

 // New returns a new auth module
-func New(config *config.Config, db db.DB, server oauth.Server, log *logrus.Logger) api.ClientModule {
+func New(config *config.Config, db db.DB, server oauth.Server, idp oidc.IDP, log *logrus.Logger) api.ClientModule {
 	return &Module{
 		config: config,
 		db:     db,
 		server: server,
+		idp:    idp,
 		log:    log,
 	}
 }
@ -84,6 +82,8 @@ func (m *Module) Route(s router.Router) error {
 	s.AttachHandler(http.MethodGet, OauthAuthorizePath, m.AuthorizeGETHandler)
 	s.AttachHandler(http.MethodPost, OauthAuthorizePath, m.AuthorizePOSTHandler)

+	s.AttachHandler(http.MethodGet, CallbackPath, m.CallbackGETHandler)
+
 	s.AttachMiddleware(m.OauthTokenMiddleware)
 	return nil
 }