3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: support reloading IDP settings (#1273)

Browse source 
* identity: add name method to provider

* authenticate: support dynamically loading the provider
This commit is contained in:
Caleb Doxsey 2020-08-13 12:14:30 -06:00 committed by GitHub
parent 332324fa2d
commit 045c10edc6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 146 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/identity/mock_provider.go
View file

@ -45,3 +45,8 @@ func (mp MockProvider) LogOut() (*url.URL, error) { return &mp.LogOutResponse, m
func (mp MockProvider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error {
return mp.UpdateUserInfoError
}
// Name returns the provider name.
func (mp MockProvider) Name() string {
return "mock"
}

5
internal/identity/oauth/github/github.go
View file

@ -238,3 +238,8 @@ func (p *Provider) GetSignInURL(state string) string {
func (p *Provider) LogOut() (*url.URL, error) {
return nil, oidc.ErrSignoutNotImplemented
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/azure/microsoft.go
View file

@ -47,3 +47,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
return &p, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/gitlab/gitlab.go
View file

@ -45,3 +45,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
return &p, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/google/google.go
View file

@ -53,3 +53,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
}
return &p, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/oidc.go
View file

@ -239,3 +239,8 @@ func (p *Provider) GetSubject(v interface{}) (string, error) {
}
return s.Subject, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/okta/okta.go
View file

@ -33,3 +33,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
return &p, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

5
internal/identity/oidc/onelogin/onelogin.go
View file

@ -44,3 +44,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
p.Provider = genericOidc
return &p, nil
}
// Name returns the provider name.
func (p *Provider) Name() string {
return Name
}

41
internal/identity/providers.go
View file

@ -6,6 +6,7 @@ import (
"context"
"fmt"
"net/url"
"sync/atomic"
"golang.org/x/oauth2"
@ -19,24 +20,13 @@ import (
"github.com/pomerium/pomerium/internal/identity/oidc/onelogin"
)
var (
// compile time assertions that providers are satisfying the interface
_ Authenticator = &azure.Provider{}
_ Authenticator = &github.Provider{}
_ Authenticator = &gitlab.Provider{}
_ Authenticator = &google.Provider{}
_ Authenticator = &MockProvider{}
_ Authenticator = &oidc.Provider{}
_ Authenticator = &okta.Provider{}
_ Authenticator = &onelogin.Provider{}
)
// Authenticator is an interface representing the ability to authenticate with an identity provider.
type Authenticator interface {
Authenticate(context.Context, string, interface{}) (*oauth2.Token, error)
Refresh(context.Context, *oauth2.Token, interface{}) (*oauth2.Token, error)
Revoke(context.Context, *oauth2.Token) error
GetSignInURL(state string) string
Name() string
LogOut() (*url.URL, error)
UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error
}
@ -67,3 +57,30 @@ func NewAuthenticator(o oauth.Options) (a Authenticator, err error) {
}
return a, nil
}
// wrap the Authenticator for the AtomicAuthenticator to support a nil default value.
type authenticatorValue struct {
Authenticator
}
// An AtomicAuthenticator is a strongly-typed atomic.Value for storing an authenticator.
type AtomicAuthenticator struct {
current atomic.Value
}
// NewAtomicAuthenticator creates a new AtomicAuthenticator.
func NewAtomicAuthenticator() *AtomicAuthenticator {
a := &AtomicAuthenticator{}
a.current.Store(authenticatorValue{})
return a
}
// Load loads the current authenticator.
func (a *AtomicAuthenticator) Load() Authenticator {
return a.current.Load().(authenticatorValue)
}
// Store stores the authenticator.
func (a *AtomicAuthenticator) Store(value Authenticator) {
a.current.Store(authenticatorValue{value})
}