Merge pull request #580 from ajanthan/facebookconnector

Connector: Connector for Facebook
2016-10-11 10:47:57 -07:00 · 2016-10-11 10:47:57 -07:00 · b692252814
commit b692252814
parent 372e4a0576 464b7fb1af
3 changed files with 265 additions and 0 deletions
--- a/Documentation/connectors-configuration.md
+++ b/Documentation/connectors-configuration.md
@ -273,3 +273,49 @@ and the `serverURL` should be the fully-qualified URL to your UAA server)_:
 The `uaa` connector requests only the `openid` scope which allows dex the ability to query the user's identity
 information.
 ### `facebook` connector
 This connector config lets users authenticate through [Facebook](https://www.facebook.com/). In addition to `id` and `type`, the `facebook` connector takes the following additional fields:
 * clientID: a `string`. The Facebook App ID.
 * clientSecret: a `string`. The Facebook App Secret.
 To begin, register an App in facebook and configure it according to following steps.
 * Go to [https://developers.facebook.com/](https://developers.facebook.com/) and log in using your Facebook credentials.
 * If you haven't created developer account follow step 2 in [https://developers.facebook.com/docs/apps/register](https://developers.facebook.com/docs/apps/register).
 * Click on `My Apps` and then click `Create a New App`.
 * Choose the platform you wish to use. Select `Website` if you are testing dex sample app.
 * Enter the name of your new app in the window that appears and click `Create App ID`.
 * Enter a `Display Name`, `Contact Email` and select an appropriate `category` from the dropdown. Click `Create App ID`.
 * Click on `Dashboard` from the left menu to go to the developer Dashboard. You can find the `App ID` and `App Secret` there. Click Show to view the `App Secret`.
 * Click `Settings` on the left menu and navigate to the Basic tab. Add the dex worker domain(if dex is running on localhost, you can add `localhost` as the `App Domain`) and click `Add Platform`.
 * Select `Website`  as the platform for the application and enter the dex URL (if dex is running on localhost, you can add `http://localhost:5556`). Click `Save Changes`.
 * On the left panel, click `Add Product` and click Get Started for a `Facebook Login` product.
 * You can configure the Client OAuth Settings on the window that appears. `Client OAuth Login` should be set to `Yes`. `Web OAuth Login` should be set to `Yes`. `Valid OAuth redirect URIs` should be set to in following format.
 ```
 $ISSUER_URL/auth/$CONNECTOR_ID/callback
 ```
 For example runnning a connector with ID `"facebook"` and an issuer URL of `"https://auth.example.com/spaz"` the redirect would be.
 ```
 https://auth.example.com/spaz/auth/facebook/callback
 ```
 * Scroll down and click the Save Changes button to save the change.
 Here's an example of a `facebook` connector configuration; the clientID and clientSecret should be replaced by App ID and App Secret values provided by Facebook.
 ```
    {
        "type": "facebook",
        "id": "facebook",
        "clientID": "$DEX_FACEBOOK_CLIENT_ID",
        "clientSecret": "$DEX_FACEBOOK_CLIENT_SECRET"
    }
 ```
--- a/connector/connector_facebook.go
+++ b/connector/connector_facebook.go
@ -0,0 +1,148 @@
 package connector
 import (
 	"encoding/json"
 	"fmt"
 	chttp "github.com/coreos/go-oidc/http"
 	"github.com/coreos/go-oidc/oauth2"
 	"github.com/coreos/go-oidc/oidc"
 	"html/template"
 	"net/http"
 	"net/url"
 	"path"
 )
 const (
 	FacebookConnectorType    = "facebook"
 	facebookConnectorAuthURL = "https://www.facebook.com/dialog/oauth"
 	facebookTokenURL         = "https://graph.facebook.com/v2.3/oauth/access_token"
 	facebookGraphAPIURL      = "https://graph.facebook.com/me?fields=id,name,email"
 )
 type FacebookConnectorConfig struct {
 	ID           string `json:"id"`
 	ClientID     string `json:"clientID"`
 	ClientSecret string `json:"clientSecret"`
 }
 func init() {
 	RegisterConnectorConfigType(FacebookConnectorType, func() ConnectorConfig { return &FacebookConnectorConfig{} })
 }
 func (cfg *FacebookConnectorConfig) ConnectorID() string {
 	return cfg.ID
 }
 func (cfg *FacebookConnectorConfig) ConnectorType() string {
 	return FacebookConnectorType
 }
 func (cfg *FacebookConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error) {
 	ns.Path = path.Join(ns.Path, httpPathCallback)
 	oauth2Conn, err := newFacebookConnector(cfg.ClientID, cfg.ClientSecret, ns.String())
 	if err != nil {
 		return nil, err
 	}
 	return &OAuth2Connector{
 		id:        cfg.ID,
 		loginFunc: lf,
 		cbURL:     ns,
 		conn:      oauth2Conn,
 	}, nil
 }
 type facebookOAuth2Connector struct {
 	clientID     string
 	clientSecret string
 	client       *oauth2.Client
 }
 func newFacebookConnector(clientID, clientSecret, cbURL string) (oauth2Connector, error) {
 	config := oauth2.Config{
 		Credentials: oauth2.ClientCredentials{ID: clientID, Secret: clientSecret},
 		AuthURL:     facebookConnectorAuthURL,
 		TokenURL:    facebookTokenURL,
 		AuthMethod:  oauth2.AuthMethodClientSecretPost,
 		RedirectURL: cbURL,
 		Scope:       []string{"email"},
 	}
 	cli, err := oauth2.NewClient(http.DefaultClient, config)
 	if err != nil {
 		return nil, err
 	}
 	return &facebookOAuth2Connector{
 		clientID:     clientID,
 		clientSecret: clientSecret,
 		client:       cli,
 	}, nil
 }
 func (c *facebookOAuth2Connector) Client() *oauth2.Client {
 	return c.client
 }
 func (c *facebookOAuth2Connector) Healthy() error {
 	return nil
 }
 func (c *facebookOAuth2Connector) TrustedEmailProvider() bool {
 	return false
 }
 type ErrorMessage struct {
 	Message        string `json:"message"`
 	Type           string `json:"type"`
 	Code           int    `json:"code"`
 	ErrorSubCode   int    `json:"error_subcode"`
 	ErrorUserTitle string `json:"error_user_title"`
 	ErrorUserMsg   string `json:"error_user_msg"`
 	FbTraceId      string `json:"fbtrace_id"`
 }
 type facebookErr struct {
 	ErrorMessage ErrorMessage `json:"error"`
 }
 func (err facebookErr) Error() string {
 	return fmt.Sprintf("facebook: %s", err.ErrorMessage.Message)
 }
 func (c *facebookOAuth2Connector) Identity(cli chttp.Client) (oidc.Identity, error) {
 	var user struct {
 		ID    string `json:"id"`
 		Email string `json:"email"`
 		Name  string `json:"name"`
 	}
 	req, err := http.NewRequest("GET", facebookGraphAPIURL, nil)
 	if err != nil {
 		return oidc.Identity{}, err
 	}
 	resp, err := cli.Do(req)
 	if err != nil {
 		return oidc.Identity{}, fmt.Errorf("get: %v", err)
 	}
 	defer resp.Body.Close()
 	switch {
 	case resp.StatusCode >= 400 && resp.StatusCode < 600:
 		var authErr facebookErr
 		if err := json.NewDecoder(resp.Body).Decode(&authErr); err != nil {
 			return oidc.Identity{}, oauth2.NewError(oauth2.ErrorAccessDenied)
 		}
 		return oidc.Identity{}, authErr
 	case resp.StatusCode == http.StatusOK:
 	default:
 		return oidc.Identity{}, fmt.Errorf("unexpected status from providor %s", resp.Status)
 	}
 	if err := json.NewDecoder(resp.Body).Decode(&user); err != nil {
 		return oidc.Identity{}, fmt.Errorf("decode body: %v", err)
 	}
 	return oidc.Identity{
 		ID:    user.ID,
 		Name:  user.Name,
 		Email: user.Email,
 	}, nil
 }
--- a/connector/connector_facebook_test.go
+++ b/connector/connector_facebook_test.go
@ -0,0 +1,71 @@
 package connector
 import (
 	"github.com/coreos/go-oidc/oidc"
 	"net/http"
 	"testing"
 )
 var facebookUser1 = `{
 	"id":"testUser1",
 	"name":"testUser1Fname testUser1Lname",
 	"email":  "testUser1@facebook.com"
 	}`
 var facebookUser2 = `{
 	"id":"testUser2",
 	"name":"testUser2Fname testUser2Lname",
 	"email":  "testUser2@facebook.com"
 	}`
 var facebookExampleError = `{
   "error": {
      "message": "Invalid OAuth access token signature.",
      "type": "OAuthException",
      "code": 190,
      "fbtrace_id": "Ee/6W0EfrWP"
   }
 }`
 func TestFacebookIdentity(t *testing.T) {
 	tests := []oauth2IdentityTest{
 		{
 			urlResps: map[string]response{
 				facebookGraphAPIURL: {http.StatusOK, facebookUser1},
 			},
 			want: oidc.Identity{
 				Name:  "testUser1Fname testUser1Lname",
 				ID:    "testUser1",
 				Email: "testUser1@facebook.com",
 			},
 		},
 		{
 			urlResps: map[string]response{
 				facebookGraphAPIURL: {http.StatusOK, facebookUser2},
 			},
 			want: oidc.Identity{
 				Name:  "testUser2Fname testUser2Lname",
 				ID:    "testUser2",
 				Email: "testUser2@facebook.com",
 			},
 		},
 		{
 			urlResps: map[string]response{
 				facebookGraphAPIURL: {http.StatusUnauthorized, facebookExampleError},
 			},
 			wantErr: facebookErr{
 				ErrorMessage: ErrorMessage{
 					Code:      190,
 					Type:      "OAuthException",
 					Message:   "Invalid OAuth access token signature.",
 					FbTraceId: "Ee/6W0EfrWP",
 				},
 			},
 		},
 	}
 	conn, err := newFacebookConnector("fakeFacebookAppID", "fakeFacebookAppSecret", "http://example.com/auth/facebook/callback")
 	if err != nil {
 		t.Fatal(err)
 	}
 	runOAuth2IdentityTests(t, conn, tests)
 }