mirror of
https://git.mirrors.martin98.com/https://github.com/SigNoz/signoz
synced 2025-07-22 10:14:24 +08:00
87932de668
* [feat] initial version for google oauth * chore: arranged the sso packages and added prepare request for google auth * feat: added google auth config page and backend to handle the request * chore: code cleanup for domain SSO parsing * Update constants.go * chore: moved redirect sso error * chore: lint issue fixed with domain * chore: added tooltip for enforce sso and few changes to auth domain * chore: moved question mark in enforce sso * fix: resolved pr review comments * chore: fixed type check for saml config * fix: fixed saml config form * chore: added util for transformed form values to samlconfig Co-authored-by: mindhash <mindhash@mindhashs-MacBook-Pro.local> Co-authored-by: Srikanth Chekuri <srikanth.chekuri92@gmail.com> Co-authored-by: Ankit Nayan <ankit@signoz.io>
69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package model
|
|
|
|
import (
|
|
"fmt"
|
|
"context"
|
|
"net/url"
|
|
"golang.org/x/oauth2"
|
|
"github.com/coreos/go-oidc/v3/oidc"
|
|
"go.signoz.io/signoz/ee/query-service/sso"
|
|
)
|
|
|
|
// SamlConfig contans SAML params to generate and respond to the requests
|
|
// from SAML provider
|
|
type SamlConfig struct {
|
|
SamlEntity string `json:"samlEntity"`
|
|
SamlIdp string `json:"samlIdp"`
|
|
SamlCert string `json:"samlCert"`
|
|
}
|
|
|
|
// GoogleOauthConfig contains a generic config to support oauth
|
|
type GoogleOAuthConfig struct {
|
|
ClientID string `json:"clientId"`
|
|
ClientSecret string `json:"clientSecret"`
|
|
RedirectURI string `json:"redirectURI"`
|
|
}
|
|
|
|
|
|
const (
|
|
googleIssuerURL = "https://accounts.google.com"
|
|
)
|
|
|
|
func (g *GoogleOAuthConfig) GetProvider(domain string, siteUrl *url.URL) (sso.OAuthCallbackProvider, error) {
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
provider, err := oidc.NewProvider(ctx, googleIssuerURL)
|
|
if err != nil {
|
|
cancel()
|
|
return nil, fmt.Errorf("failed to get provider: %v", err)
|
|
}
|
|
|
|
// default to email and profile scope as we just use google auth
|
|
// to verify identity and start a session.
|
|
scopes := []string{"email"}
|
|
|
|
// this is the url google will call after login completion
|
|
redirectURL := fmt.Sprintf("%s://%s/%s",
|
|
siteUrl.Scheme,
|
|
siteUrl.Host,
|
|
"api/v1/complete/google")
|
|
|
|
return &sso.GoogleOAuthProvider{
|
|
RedirectURI: g.RedirectURI,
|
|
OAuth2Config: &oauth2.Config{
|
|
ClientID: g.ClientID,
|
|
ClientSecret: g.ClientSecret,
|
|
Endpoint: provider.Endpoint(),
|
|
Scopes: scopes,
|
|
RedirectURL: redirectURL,
|
|
},
|
|
Verifier: provider.Verifier(
|
|
&oidc.Config{ClientID: g.ClientID},
|
|
),
|
|
Cancel: cancel,
|
|
HostedDomain: domain,
|
|
}, nil
|
|
}
|
|
|