Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update comments

Browse source
This commit is contained in:
Joel Speed 2018-02-05 21:53:32 +00:00
parent c03c98b951
commit 6a9bc889b5
No known key found for this signature in database
GPG key ID: 6E80578D6751DEFB
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
connector/google/google.go
View file

@ -22,7 +22,7 @@ const (
issuerURL = "https://accounts.google.com"
)
// Config holds configuration options for OpenID Connect logins.
// Config holds configuration options for Google logins.
type Config struct {
ClientID string `json:"clientID"`
ClientSecret string `json:"clientSecret"`
@ -45,8 +45,7 @@ type Config struct {
AdminEmail string
}
// Open returns a connector which can be used to login users through an upstream
// OpenID Connect provider.
// Open returns a connector which can be used to login users through Google.
func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) {
ctx, cancel := context.WithCancel(context.Background())
@ -151,7 +150,6 @@ func (c *googleConnector) HandleCallback(s connector.Scopes, r *http.Request) (i
return c.createIdentity(r.Context(), identity, s, token)
}
// Refresh is implemented for backwards compatibility, even though it's a no-op.
func (c *googleConnector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
t := &oauth2.Token{
RefreshToken: string(identity.ConnectorData),
@ -218,6 +216,8 @@ func (c *googleConnector) createIdentity(ctx context.Context, identity connector
return identity, nil
}
// getGroups creates a connection to the admin directory service and lists
// all groups the user is a member of
func (c *googleConnector) getGroups(email string) ([]string, error) {
srv, err := createDirectoryService(c.serviceAccountFilePath, c.adminEmail)
if err != nil {
@ -237,6 +237,9 @@ func (c *googleConnector) getGroups(email string) ([]string, error) {
return userGroups, nil
}
// createDirectoryService loads a google service account credentials file,
// sets up super user impersonation and creates an admin client for calling
// the google admin api
func createDirectoryService(serviceAccountFilePath string, email string) (*admin.Service, error) {
jsonCredentials, err := ioutil.ReadFile(serviceAccountFilePath)
if err != nil {
@ -248,6 +251,7 @@ func createDirectoryService(serviceAccountFilePath string, email string) (*admin
return nil, fmt.Errorf("unable to parse client secret file to config: %v", err)
}
// Impersonate an admin. This is mandatory for the admin APIs.
config.Subject = email
ctx := context.Background()