nodejs/hanko
1
0
Fork 0
mirror of https://github.com/teamhanko/hanko.git synced 2025-10-27 22:27:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
hanko/backend/thirdparty/provider_linkedin.go
Lennart Fleischmann 062aee4d45 fix: SAML issues (#2041) 
Rename identities table columns for more clarity. Rename parameters,
arguments etc. to accommodate these changes.
    
Change that the SAML provider domain is persisted in the identities
table as the provider ID. Use the SAML Entity ID/Issuer ID of the
IdP instead.
    
Introduce saml identity entity (including migrations and a persister)
as a specialization of an identity to allow for determining the
correct provider name to return to the client/frontend and for assisting
in determining whether an identity is a SAML identity (i.e. SAML
identities should have a corresponding SAML Identity instance while
OAuth/OIDC entities do not).
2025-01-31 14:17:52 +01:00

113 lines
2.7 KiB
Go
Raw Blame History

package thirdparty
import (
"context"
"errors"
"fmt"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/teamhanko/hanko/backend/config"
"golang.org/x/oauth2"
)
const (
LinkedInIssuer = "https://www.linkedin.com/oauth"
)
var DefaultLinkedinScopes = []string{
"openid",
"profile",
"email",
}
type LinkedinUser struct {
ID string `json:"sub"`
Name string `json:"name"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Picture string `json:"picture"`
Locale struct {
Country string `json:"country"`
Language string `json:"language"`
} `json:"locale"`
Email string `json:"email"`
Verified bool `json:"email_verified"`
}
type linkedInProvider struct {
config config.ThirdPartyProvider
oidcProvider *oidc.Provider
oauthConfig *oauth2.Config
}
// NewLinkedInProvider creates a LinkedIn third party provider.
func NewLinkedInProvider(config config.ThirdPartyProvider, redirectURL string) (OAuthProvider, error) {
if !config.Enabled {
return nil, errors.New("linkedIn provider is disabled")
}
oidcProvider, err := oidc.NewProvider(context.Background(), LinkedInIssuer)
if err != nil {
return nil, err
}
endpoint := oidcProvider.Endpoint()
return &linkedInProvider{
config: config,
oidcProvider: oidcProvider,
oauthConfig: &oauth2.Config{
ClientID: config.ClientID,
ClientSecret: config.Secret,
Endpoint: endpoint,
Scopes: DefaultLinkedinScopes,
RedirectURL: redirectURL,
},
}, nil
}
func (g linkedInProvider) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string {
return g.oauthConfig.AuthCodeURL(state, opts...)
}
func (g linkedInProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
return g.oauthConfig.Exchange(context.Background(), code)
}
func (g linkedInProvider) GetUserData(token *oauth2.Token) (*UserData, error) {
var user LinkedinUser
if err := makeRequest(token, g.oauthConfig, g.oidcProvider.UserInfoEndpoint(), &user); err != nil {
return nil, err
}
data := &UserData{}
if user.Email != "" {
data.Emails = append(data.Emails, Email{
Email: user.Email,
Verified: user.Verified,
Primary: true,
})
}
if len(data.Emails) <= 0 {
return nil, errors.New("unable to find email with LinkedIn provider")
}
data.Metadata = &Claims{
Issuer: LinkedInIssuer,
Subject: user.ID,
Name: user.Name,
FamilyName: user.FamilyName,
GivenName: user.GivenName,
Picture: user.Picture,
Locale: fmt.Sprintf("%s-%s", user.Locale.Country, user.Locale.Language),
Email: user.Email,
EmailVerified: user.Verified,
}
return data, nil
}
func (g linkedInProvider) ID() string {
return g.config.ID
}
Reference in New Issue View Git Blame Copy Permalink