53 lines
1021 B
Go
53 lines
1021 B
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/coreos/go-oidc/v3/oidc"
|
|
)
|
|
|
|
type Claims struct {
|
|
Sub string
|
|
Email string
|
|
Name string
|
|
Groups []string
|
|
}
|
|
|
|
type Verifier struct {
|
|
verifier *oidc.IDTokenVerifier
|
|
}
|
|
|
|
func NewVerifier(ctx context.Context, issuerURL, clientID string) (*Verifier, error) {
|
|
provider, err := oidc.NewProvider(ctx, issuerURL)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
verifier := provider.Verifier(&oidc.Config{ClientID: clientID})
|
|
return &Verifier{verifier: verifier}, nil
|
|
}
|
|
|
|
func (v *Verifier) Verify(ctx context.Context, rawToken string) (*Claims, error) {
|
|
token, err := v.verifier.Verify(ctx, rawToken)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var claims struct {
|
|
Sub string `json:"sub"`
|
|
Email string `json:"email"`
|
|
Name string `json:"name"`
|
|
Groups []string `json:"groups"`
|
|
}
|
|
if err := token.Claims(&claims); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &Claims{
|
|
Sub: claims.Sub,
|
|
Email: claims.Email,
|
|
Name: claims.Name,
|
|
Groups: claims.Groups,
|
|
}, nil
|
|
}
|