admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
018f6045ee408ebdb897d4ec2ccbcb67a6f07127
kubesphere/pkg/models/auth/oauth.go
hongming 018f6045ee feat(auth): support multiple identity provider associations (#6299) 
Signed-off-by: hongming <coder.scala@gmail.com>
2025-02-28 16:48:36 +08:00

53 lines
1.7 KiB
Go
Raw Blame History

/*
* Please refer to the LICENSE file in the root directory of the project.
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
*/
package auth
import (
"context"
"fmt"
"net/http"
authuser "k8s.io/apiserver/pkg/authentication/user"
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
"kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider"
)
type oauthAuthenticator struct {
client runtimeclient.Client
userMapper UserMapper
idpConfigurationGetter identityprovider.ConfigurationGetter
}
func NewOAuthAuthenticator(client runtimeclient.Client) OAuthAuthenticator {
authenticator := &oauthAuthenticator{
client: client,
userMapper: &userMapper{cache: client},
idpConfigurationGetter: identityprovider.NewConfigurationGetter(client),
}
return authenticator
}
func (o *oauthAuthenticator) Authenticate(ctx context.Context, provider string, req *http.Request) (authuser.Info, error) {
providerConfig, err := o.idpConfigurationGetter.GetConfiguration(ctx, provider)
// identity provider not registered
if err != nil {
return nil, fmt.Errorf("failed to get identity provider configuration for %s, error: %v", provider, err)
}
oauthIdentityProvider, exist := identityprovider.SharedIdentityProviderController.GetOAuthProvider(provider)
if !exist {
return nil, fmt.Errorf("identity provider %s not exist", provider)
}
identity, err := oauthIdentityProvider.IdentityExchangeCallback(req)
if err != nil {
return nil, fmt.Errorf("failed to exchange identity for %s, error: %v", provider, err)
}
return authByIdentityProvider(ctx, o.client, o.userMapper, providerConfig, identity)
}
Reference in New Issue View Git Blame Copy Permalink