forked from Kieran/void.cat
Fix google OAuth flow
This commit is contained in:
parent
1532d43189
commit
3af6af8b40
@ -20,4 +20,6 @@ public sealed class UserAuthToken
|
|||||||
public string RefreshToken { get; init; }
|
public string RefreshToken { get; init; }
|
||||||
|
|
||||||
public string Scope { get; init; }
|
public string Scope { get; init; }
|
||||||
|
|
||||||
|
public string IdToken { get; init; }
|
||||||
}
|
}
|
@ -61,7 +61,7 @@ public abstract class GenericOAuth2Service : IOAuthProvider
|
|||||||
{"response_type", "code"},
|
{"response_type", "code"},
|
||||||
{"client_id", Details.ClientId!},
|
{"client_id", Details.ClientId!},
|
||||||
{"scope", string.Join(" ", Scopes)},
|
{"scope", string.Join(" ", Scopes)},
|
||||||
{"prompt", "none"},
|
{"prompt", Prompt},
|
||||||
{"redirect_uri", new Uri(_uri, $"/auth/{Id}/token").ToString()}
|
{"redirect_uri", new Uri(_uri, $"/auth/{Id}/token").ToString()}
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -79,6 +79,11 @@ public abstract class GenericOAuth2Service : IOAuthProvider
|
|||||||
{"redirect_uri", new Uri(_uri, $"/auth/{Id}/token").ToString()}
|
{"redirect_uri", new Uri(_uri, $"/auth/{Id}/token").ToString()}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Prompt type for authorization
|
||||||
|
/// </summary>
|
||||||
|
protected virtual string Prompt => "none";
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Authorize url for this service
|
/// Authorize url for this service
|
||||||
/// </summary>
|
/// </summary>
|
||||||
@ -114,20 +119,29 @@ public abstract class GenericOAuth2Service : IOAuthProvider
|
|||||||
Expires = DateTime.UtcNow.AddSeconds(dto.ExpiresIn),
|
Expires = DateTime.UtcNow.AddSeconds(dto.ExpiresIn),
|
||||||
TokenType = dto.TokenType,
|
TokenType = dto.TokenType,
|
||||||
RefreshToken = dto.RefreshToken,
|
RefreshToken = dto.RefreshToken,
|
||||||
Scope = dto.Scope
|
Scope = dto.Scope,
|
||||||
|
IdToken = dto.IdToken
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
protected class OAuthAccessToken
|
protected class OAuthAccessToken
|
||||||
{
|
{
|
||||||
[JsonProperty("access_token")] public string AccessToken { get; init; }
|
[JsonProperty("access_token")]
|
||||||
|
public string AccessToken { get; init; }
|
||||||
|
|
||||||
[JsonProperty("expires_in")] public int ExpiresIn { get; init; }
|
[JsonProperty("expires_in")]
|
||||||
|
public int ExpiresIn { get; init; }
|
||||||
|
|
||||||
[JsonProperty("token_type")] public string TokenType { get; init; }
|
[JsonProperty("token_type")]
|
||||||
|
public string TokenType { get; init; }
|
||||||
|
|
||||||
[JsonProperty("refresh_token")] public string RefreshToken { get; init; }
|
[JsonProperty("refresh_token")]
|
||||||
|
public string RefreshToken { get; init; }
|
||||||
|
|
||||||
[JsonProperty("scope")] public string Scope { get; init; }
|
[JsonProperty("scope")]
|
||||||
|
public string Scope { get; init; }
|
||||||
|
|
||||||
|
[JsonProperty("id_token")]
|
||||||
|
public string IdToken { get; init; }
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -20,18 +20,28 @@ public class GoogleOAuthProvider : GenericOAuth2Service
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public override ValueTask<InternalUser?> GetUserDetails(UserAuthToken token)
|
public override ValueTask<InternalUser?> GetUserDetails(UserAuthToken token)
|
||||||
{
|
{
|
||||||
var jwt = JwtPayload.Base64UrlDeserialize(token.AccessToken);
|
var jwt = new JwtSecurityToken(token.IdToken);
|
||||||
|
|
||||||
|
string? GetPayloadValue(string key)
|
||||||
|
=> jwt.Payload.TryGetValue(key, out var v)
|
||||||
|
? v as string
|
||||||
|
: default;
|
||||||
|
|
||||||
return ValueTask.FromResult(new InternalUser()
|
return ValueTask.FromResult(new InternalUser()
|
||||||
{
|
{
|
||||||
Id = Guid.NewGuid(),
|
Id = Guid.NewGuid(),
|
||||||
Created = DateTimeOffset.UtcNow,
|
Created = DateTimeOffset.UtcNow,
|
||||||
LastLogin = DateTimeOffset.UtcNow,
|
LastLogin = DateTimeOffset.UtcNow,
|
||||||
AuthType = AuthType.OAuth2,
|
AuthType = AuthType.OAuth2,
|
||||||
Email = jwt.Jti,
|
Email = GetPayloadValue("email") ?? throw new InvalidOperationException("Failed to get email from Google JWT"),
|
||||||
DisplayName = jwt.Acr
|
DisplayName = GetPayloadValue("name"),
|
||||||
|
Avatar = GetPayloadValue("picture")
|
||||||
})!;
|
})!;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <inheritdoc />
|
||||||
|
protected override string Prompt => "select_account";
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
protected override Uri AuthorizeEndpoint => new("https://accounts.google.com/o/oauth2/v2/auth");
|
protected override Uri AuthorizeEndpoint => new("https://accounts.google.com/o/oauth2/v2/auth");
|
||||||
|
|
||||||
@ -44,8 +54,4 @@ public class GoogleOAuthProvider : GenericOAuth2Service
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
protected override string[] Scopes => new[]
|
protected override string[] Scopes => new[]
|
||||||
{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"};
|
{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"};
|
||||||
}
|
|
||||||
|
|
||||||
public sealed class GoogleUserAccount
|
|
||||||
{
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user