forked from mystiq/dex
85 lines
2.5 KiB
Go
85 lines
2.5 KiB
Go
|
// Copyright 2011 Google Inc. All rights reserved.
|
||
|
// Use of this source code is governed by the Apache 2.0
|
||
|
// license that can be found in the LICENSE file.
|
||
|
|
||
|
// Package user provides a client for App Engine's user authentication service.
|
||
|
package user // import "google.golang.org/appengine/user"
|
||
|
|
||
|
import (
|
||
|
"strings"
|
||
|
|
||
|
"github.com/golang/protobuf/proto"
|
||
|
"golang.org/x/net/context"
|
||
|
|
||
|
"google.golang.org/appengine/internal"
|
||
|
pb "google.golang.org/appengine/internal/user"
|
||
|
)
|
||
|
|
||
|
// User represents a user of the application.
|
||
|
type User struct {
|
||
|
Email string
|
||
|
AuthDomain string
|
||
|
Admin bool
|
||
|
|
||
|
// ID is the unique permanent ID of the user.
|
||
|
// It is populated if the Email is associated
|
||
|
// with a Google account, or empty otherwise.
|
||
|
ID string
|
||
|
|
||
|
// ClientID is the ID of the pre-registered client so its identity can be verified.
|
||
|
// See https://developers.google.com/console/help/#generatingoauth2 for more information.
|
||
|
ClientID string
|
||
|
|
||
|
FederatedIdentity string
|
||
|
FederatedProvider string
|
||
|
}
|
||
|
|
||
|
// String returns a displayable name for the user.
|
||
|
func (u *User) String() string {
|
||
|
if u.AuthDomain != "" && strings.HasSuffix(u.Email, "@"+u.AuthDomain) {
|
||
|
return u.Email[:len(u.Email)-len("@"+u.AuthDomain)]
|
||
|
}
|
||
|
if u.FederatedIdentity != "" {
|
||
|
return u.FederatedIdentity
|
||
|
}
|
||
|
return u.Email
|
||
|
}
|
||
|
|
||
|
// LoginURL returns a URL that, when visited, prompts the user to sign in,
|
||
|
// then redirects the user to the URL specified by dest.
|
||
|
func LoginURL(c context.Context, dest string) (string, error) {
|
||
|
return LoginURLFederated(c, dest, "")
|
||
|
}
|
||
|
|
||
|
// LoginURLFederated is like LoginURL but accepts a user's OpenID identifier.
|
||
|
func LoginURLFederated(c context.Context, dest, identity string) (string, error) {
|
||
|
req := &pb.CreateLoginURLRequest{
|
||
|
DestinationUrl: proto.String(dest),
|
||
|
}
|
||
|
if identity != "" {
|
||
|
req.FederatedIdentity = proto.String(identity)
|
||
|
}
|
||
|
res := &pb.CreateLoginURLResponse{}
|
||
|
if err := internal.Call(c, "user", "CreateLoginURL", req, res); err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
return *res.LoginUrl, nil
|
||
|
}
|
||
|
|
||
|
// LogoutURL returns a URL that, when visited, signs the user out,
|
||
|
// then redirects the user to the URL specified by dest.
|
||
|
func LogoutURL(c context.Context, dest string) (string, error) {
|
||
|
req := &pb.CreateLogoutURLRequest{
|
||
|
DestinationUrl: proto.String(dest),
|
||
|
}
|
||
|
res := &pb.CreateLogoutURLResponse{}
|
||
|
if err := internal.Call(c, "user", "CreateLogoutURL", req, res); err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
return *res.LogoutUrl, nil
|
||
|
}
|
||
|
|
||
|
func init() {
|
||
|
internal.RegisterErrorCodeMap("user", pb.UserServiceError_ErrorCode_name)
|
||
|
}
|