This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/proxyv2/application/auth_basic.go
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421)
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00

60 lines
1.6 KiB
Go

package application
import (
"context"
"encoding/json"
"net/http"
"net/url"
"strings"
)
type TokenResponse struct {
AccessToken string `json:"access_token"`
IDToken string `json:"id_token"`
}
func (a *Application) attemptBasicAuth(username, password string) *Claims {
values := url.Values{
"grant_type": []string{"client_credentials"},
"client_id": []string{a.oauthConfig.ClientID},
"username": []string{username},
"password": []string{password},
"scope": []string{strings.Join(a.oauthConfig.Scopes, " ")},
}
req, err := http.NewRequest("POST", a.endpoint.TokenURL, strings.NewReader(values.Encode()))
if err != nil {
a.log.WithError(err).Warning("failed to create token request")
return nil
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
res, err := a.httpClient.Do(req)
if err != nil || res.StatusCode > 200 {
a.log.WithError(err).Warning("failed to send token request")
return nil
}
var token TokenResponse
err = json.NewDecoder(res.Body).Decode(&token)
if err != nil {
a.log.WithError(err).Warning("failed to parse token response")
return nil
}
// Parse and verify ID Token payload.
idToken, err := a.tokenVerifier.Verify(context.Background(), token.IDToken)
if err != nil {
a.log.WithError(err).Warning("failed to verify token")
return nil
}
// Extract custom claims
var claims *Claims
if err := idToken.Claims(&claims); err != nil {
a.log.WithError(err).Warning("failed to convert token to claims")
return nil
}
if claims.Proxy == nil {
claims.Proxy = &ProxyClaims{}
}
claims.RawToken = token.IDToken
return claims
}