Commit eeae5737e06795d390f04a1098d542b46d100aa7

Parents: fea3faa040398d9f31e86071fb3aa0aa43b9b5e4

From: Moritz Poldrack <git@moritz.sh>
Date: Sat Jan 27 23:54:57 2024 +0700

app-password: implement authentication using traditional app password

		

Stats

app-password.go +61/-0
examples_test.go +10/-0

Changeset

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
diff --git a/app-password.go b/app-password.go
new file mode 100644
index 0000000000000000000000000000000000000000..34a1ad5d8aebca3d7caab580f34be0112d216833
--- /dev/null
+++ b/app-password.go
@@ -0,0 +1,61 @@
+package oidc
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+func (c *Configuration) UseAppPassword(username, password string) (*Token, error) {
+	data := url.Values{}
+	data.Set("grant_type", "password")
+	data.Set("client_id", c.oauthCfg.ClientID)
+	data.Set("client_secret", c.oauthCfg.ClientSecret)
+	data.Set("username", username)
+	data.Set("password", password)
+	data.Set("scope", strings.Join(c.oauthCfg.Scopes, " "))
+
+	req, err := http.NewRequest("POST", c.oauthCfg.Endpoint.TokenURL, strings.NewReader(data.Encode()))
+	if err != nil {
+		return nil, fmt.Errorf("failed to build request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get token: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("failed to get token: %s", resp.Status)
+	}
+
+	var tok map[string]any
+	err = json.NewDecoder(resp.Body).Decode(&tok)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse token: %w", err)
+	}
+
+	exp, err := strconv.Atoi(fmt.Sprint(tok["expires_in"]))
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse token expiration: %w", err)
+	}
+
+	OA2Token := &oauth2.Token{
+		AccessToken: fmt.Sprint(tok["access_token"]),
+		TokenType:   fmt.Sprint(tok["token_type"]),
+		Expiry:      time.Now().Add(time.Duration(exp) * time.Second),
+	}
+	OA2Token = OA2Token.WithExtra(tok)
+
+	t := c.newToken(OA2Token)
+
+	return t, nil
+}
diff --git a/examples_test.go b/examples_test.go
index 3445b149d4bd8c0b9d42daa7262bb4013d70a969..182a9d1bab5188a174e169c4123ba990287c018b 100644
--- a/examples_test.go
+++ b/examples_test.go
@@ -36,6 +36,16 @@ 	// Output: https://sso.provi.de/application/o/authorize/?access_type=online&client_id=&code_challenge=oyQwzDDJjdk7v3zbcyrI2W6a2tJP5cIWhHkI5m4d6wE&code_challenge_method=S256&response_type=code&scope=openid+email+profile&state=7a705c4650a57e5a
 	fmt.Println(redirectTo)
 }
 
+func ExampleConfiguration_UseAppPassword() {
+	cfg, _ := oidc.Configure("https://sso.provi.de/application/o/my-cool-app/", "")
+	cfg.SetCredentials("my-cool-app", "my-cool-app-secret")
+
+	tok, _ := cfg.UseAppPassword("moritz", "NOTA-REAL-PASS-WORD")
+
+	// Output: Moritz Poldrack
+	tok.Name()
+}
+
 func ExampleToken_GetField() {
 	const token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Nzby5wcm92aS5kZS9hcHBsaWNhdGlvbi9vL215LWNvb2wtYXBwLyIsInN1YiI6InVzdWFsbHkgd2F5IHRvbyBsb25nIiwiZXhwIjoxNzA0OTY4MTQxLCJpYXQiOjE3MDQ5NjYzNDEsImF1dGhfdGltZSI6MTcwNDk2NjM0MSwibmFtZSI6Ik1vcml0eiBQb2xkcmFjayIsImdyb3VwcyI6WyJhZG1pbiIsInVzZXJzIiwidnBuIl19.YTz718lKH8fU_uyaxM9lIKSc_ciM1nsCDzqkVjv6pZa6xIbhJmZdK43fnGm5S1NRqqQ554onqk0UroL5v47debT-hQcPCwAxuFg21qXgrIYZupbN-xZLITiodQKgUElTNLtDlwvO4rnd7VD5I2JGO4vrMK8zcSWQ9TQ5gzs6k00HRJWsUcM6Pv_MKti1unyCvBhCos4Oa3B_lOMDUx_FBHxkzSkEOdtOOeXByvcrz5CAY2lqWByMXAXl4oR95JYRk3cJuVaCT9v5X6ZREB6gej9f869aCcLjmOGImt84kIZlGBeaNdl9-DKHDxQaOhI6H6TGqyDxB6Kiy7zKxhv7mQ"