/*
* Copyright (C) 2023 Jonni Liljamo <jonni@liljamo.com>
*
* This file is licensed under AGPL-3.0-or-later, see NOTICE and LICENSE for
* more information.
*/
package auth
import (
"context"
"log"
"tixe/config"
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
)
func NewProviderAndConfig() (*oidc.Provider, oauth2.Config, error) {
var providerUrl string
if config.TixeConfig.OidcIssuerTrailingSlash {
providerUrl = "https://" + config.TixeConfig.OidcDomain + "/"
} else {
providerUrl = "https://" + config.TixeConfig.OidcDomain
}
provider, err := oidc.NewProvider(context.Background(), providerUrl)
if err != nil {
log.Printf("[tixe/auth] Failed to create new custom provider")
return nil, oauth2.Config{}, err
}
config := oauth2.Config{
ClientID: config.TixeConfig.OidcClientID,
ClientSecret: config.TixeConfig.OidcSecret,
RedirectURL: config.TixeConfig.Scheme + "://" + config.TixeConfig.Host + "/auth",
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
return provider, config, nil
}