1// Package identity provides support for making OpenID Connect (OIDC) 2// and OAuth2 authenticated HTTP requests with third party identity providers. 3package identity 4 5import ( 6 "context" 7 "fmt" 8 "net/url" 9 10 "golang.org/x/oauth2" 11 12 "github.com/pomerium/pomerium/internal/identity/oauth" 13 "github.com/pomerium/pomerium/internal/identity/oauth/github" 14 "github.com/pomerium/pomerium/internal/identity/oidc" 15 "github.com/pomerium/pomerium/internal/identity/oidc/azure" 16 "github.com/pomerium/pomerium/internal/identity/oidc/gitlab" 17 "github.com/pomerium/pomerium/internal/identity/oidc/google" 18 "github.com/pomerium/pomerium/internal/identity/oidc/okta" 19 "github.com/pomerium/pomerium/internal/identity/oidc/onelogin" 20 "github.com/pomerium/pomerium/internal/sessions" 21) 22 23var ( 24 // compile time assertions that providers are satisfying the interface 25 _ Authenticator = &azure.Provider{} 26 _ Authenticator = &gitlab.Provider{} 27 _ Authenticator = &github.Provider{} 28 _ Authenticator = &google.Provider{} 29 _ Authenticator = &oidc.Provider{} 30 _ Authenticator = &okta.Provider{} 31 _ Authenticator = &onelogin.Provider{} 32 _ Authenticator = &MockProvider{} 33) 34 35// Authenticator is an interface representing the ability to authenticate with an identity provider. 36type Authenticator interface { 37 Authenticate(context.Context, string) (*sessions.State, error) 38 Refresh(context.Context, *sessions.State) (*sessions.State, error) 39 Revoke(context.Context, *oauth2.Token) error 40 GetSignInURL(state string) string 41 LogOut() (*url.URL, error) 42} 43 44// NewAuthenticator returns a new identity provider based on its name. 45func NewAuthenticator(o oauth.Options) (a Authenticator, err error) { 46 ctx := context.Background() 47 switch o.ProviderName { 48 case azure.Name: 49 a, err = azure.New(ctx, &o) 50 case gitlab.Name: 51 a, err = gitlab.New(ctx, &o) 52 case github.Name: 53 a, err = github.New(ctx, &o) 54 case google.Name: 55 a, err = google.New(ctx, &o) 56 case oidc.Name: 57 a, err = oidc.New(ctx, &o) 58 case okta.Name: 59 a, err = okta.New(ctx, &o) 60 case onelogin.Name: 61 a, err = onelogin.New(ctx, &o) 62 default: 63 return nil, fmt.Errorf("identity: unknown provider: %s", o.ProviderName) 64 } 65 if err != nil { 66 return nil, err 67 } 68 return a, nil 69} 70