gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

handlecallback.go (2401B)

      1 // GoToSocial
      2 // Copyright (C) GoToSocial Authors admin@gotosocial.org
      3 // SPDX-License-Identifier: AGPL-3.0-or-later
      4 //
      5 // This program is free software: you can redistribute it and/or modify
      6 // it under the terms of the GNU Affero General Public License as published by
      7 // the Free Software Foundation, either version 3 of the License, or
      8 // (at your option) any later version.
      9 //
     10 // This program is distributed in the hope that it will be useful,
     11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 // GNU Affero General Public License for more details.
     14 //
     15 // You should have received a copy of the GNU Affero General Public License
     16 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
     17 
     18 package oidc
     19 
     20 import (
     21 	"context"
     22 	"errors"
     23 	"fmt"
     24 
     25 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
     26 	"github.com/superseriousbusiness/gotosocial/internal/log"
     27 )
     28 
     29 func (i *idp) HandleCallback(ctx context.Context, code string) (*Claims, gtserror.WithCode) {
     30 	if code == "" {
     31 		err := errors.New("code was empty string")
     32 		return nil, gtserror.NewErrorBadRequest(err, err.Error())
     33 	}
     34 
     35 	log.Debug(ctx, "exchanging code for oauth2token")
     36 	oauth2Token, err := i.oauth2Config.Exchange(ctx, code)
     37 	if err != nil {
     38 		err := fmt.Errorf("error exchanging code for oauth2token: %s", err)
     39 		return nil, gtserror.NewErrorInternalError(err)
     40 	}
     41 
     42 	log.Debug(ctx, "extracting id_token")
     43 	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
     44 	if !ok {
     45 		err := errors.New("no id_token in oauth2token")
     46 		return nil, gtserror.NewErrorBadRequest(err, err.Error())
     47 	}
     48 	log.Debugf(ctx, "raw id token: %s", rawIDToken)
     49 
     50 	// Parse and verify ID Token payload.
     51 	log.Debug(ctx, "verifying id_token")
     52 	idTokenVerifier := i.provider.Verifier(i.oidcConf)
     53 	idToken, err := idTokenVerifier.Verify(ctx, rawIDToken)
     54 	if err != nil {
     55 		err = fmt.Errorf("could not verify id token: %s", err)
     56 		return nil, gtserror.NewErrorUnauthorized(err, err.Error())
     57 	}
     58 
     59 	log.Debug(ctx, "extracting claims from id_token")
     60 	claims := &Claims{}
     61 	if err := idToken.Claims(claims); err != nil {
     62 		err := fmt.Errorf("could not parse claims from idToken: %s", err)
     63 		return nil, gtserror.NewErrorInternalError(err, err.Error())
     64 	}
     65 
     66 	return claims, nil
     67 }
     68 
     69 func (i *idp) AuthCodeURL(state string) string {
     70 	return i.oauth2Config.AuthCodeURL(state)
     71 }