From 265046643cd7674b85000a09020e65b68f718464 Mon Sep 17 00:00:00 2001 From: Alexey Kirpichnikov Date: Fri, 12 Sep 2014 16:32:19 +0600 Subject: [PATCH 1/2] add header basic authorization --- README.md | 1 + main.go | 3 ++- oauthproxy.go | 9 ++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bee57e1fb..0c55d79a3 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ Usage of ./gooauth_proxy: -client-secret="": the OAuth Client Secret -cookie-domain="": an optional cookie domain to force cookies to -cookie-secret="": the seed string for secure cookies + -header-basic-auth=false: use Authorization: Basic header for authorization (see [RFC 2617 section 2](http://tools.ietf.org/html/rfc2617#section-2)) -google-apps-domain="": authenticate against the given google apps domain -http-address="127.0.0.1:4180": : to listen on for HTTP clients -pass-basic-auth=true: pass HTTP Basic Auth information to upstream diff --git a/main.go b/main.go index 09ad8817d..2a180517e 100644 --- a/main.go +++ b/main.go @@ -19,6 +19,7 @@ var ( redirectUrl = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") clientID = flag.String("client-id", "", "the Oauth Client ID: ie: \"123456.apps.googleusercontent.com\"") clientSecret = flag.String("client-secret", "", "the OAuth Client Secret") + headerBasicAuth = flag.Bool("header-basic-auth", false, "use Authorization: Basic header for authorization") loginUrl = flag.String("login-url", "", "the OAuth Login URL") redemptionUrl = flag.String("redemption-url", "", "the OAuth code redemption URL") cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies") @@ -79,7 +80,7 @@ func main() { } validator := NewCommandValidator(*userVerificationCommand) - oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *loginUrl, *redemptionUrl, *oauthScope, validator) + oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *headerBasicAuth, *loginUrl, *redemptionUrl, *oauthScope, validator) oauthproxy.SetRedirectUrl(redirectUrl) listener, err := net.Listen("tcp", *httpAddr) diff --git a/oauthproxy.go b/oauthproxy.go index 31fbce541..3ec3d8112 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "encoding/base64" "errors" "fmt" "github.com/bitly/go-simplejson" @@ -29,11 +30,12 @@ type OauthProxy struct { oauthScope string clientID string clientSecret string + headerBasicAuth bool SignInMessage string serveMux *http.ServeMux } -func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy { +func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, headerBasicAuth bool, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy { login, _ := url.Parse(oauthLoginUrl) redeem, _ := url.Parse(oauthRedemptionUrl) serveMux := http.NewServeMux() @@ -50,6 +52,7 @@ func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, o clientID: clientID, clientSecret: clientSecret, + headerBasicAuth: headerBasicAuth, oauthScope: oauthScope, oauthRedemptionUrl: redeem, oauthLoginUrl: login, @@ -104,6 +107,10 @@ func (p *OauthProxy) redeemCode(code string) (string, error) { params.Add("grant_type", "authorization_code") req, err := http.NewRequest("POST", p.oauthRedemptionUrl.String(), bytes.NewBufferString(params.Encode())) req.Header.Set("Accept", "application/json") + if p.headerBasicAuth { + token := fmt.Sprintf("%s:%s", p.clientID, p.clientSecret) + req.Header.Set("Authorization", fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString(token))) + } if err != nil { log.Printf("failed building request %s", err.Error()) return "", err From b4d4ba6671d090146889bb6fb70f7fa5841d7d3c Mon Sep 17 00:00:00 2001 From: Alexey Kirpichnikov Date: Fri, 12 Sep 2014 16:32:19 +0600 Subject: [PATCH 2/2] add header basic authorization --- README.md | 1 + main.go | 3 ++- oauthproxy.go | 9 ++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bee57e1fb..70709bcf5 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ Usage of ./gooauth_proxy: -client-secret="": the OAuth Client Secret -cookie-domain="": an optional cookie domain to force cookies to -cookie-secret="": the seed string for secure cookies + -header-basic-auth=false: use Authorization: Basic header for authorization (see RFC 2617 section 2) -google-apps-domain="": authenticate against the given google apps domain -http-address="127.0.0.1:4180": : to listen on for HTTP clients -pass-basic-auth=true: pass HTTP Basic Auth information to upstream diff --git a/main.go b/main.go index 09ad8817d..2a180517e 100644 --- a/main.go +++ b/main.go @@ -19,6 +19,7 @@ var ( redirectUrl = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"") clientID = flag.String("client-id", "", "the Oauth Client ID: ie: \"123456.apps.googleusercontent.com\"") clientSecret = flag.String("client-secret", "", "the OAuth Client Secret") + headerBasicAuth = flag.Bool("header-basic-auth", false, "use Authorization: Basic header for authorization") loginUrl = flag.String("login-url", "", "the OAuth Login URL") redemptionUrl = flag.String("redemption-url", "", "the OAuth code redemption URL") cookieSecret = flag.String("cookie-secret", "", "the seed string for secure cookies") @@ -79,7 +80,7 @@ func main() { } validator := NewCommandValidator(*userVerificationCommand) - oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *loginUrl, *redemptionUrl, *oauthScope, validator) + oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *headerBasicAuth, *loginUrl, *redemptionUrl, *oauthScope, validator) oauthproxy.SetRedirectUrl(redirectUrl) listener, err := net.Listen("tcp", *httpAddr) diff --git a/oauthproxy.go b/oauthproxy.go index 31fbce541..e4eaa0203 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "encoding/base64" "errors" "fmt" "github.com/bitly/go-simplejson" @@ -29,11 +30,12 @@ type OauthProxy struct { oauthScope string clientID string clientSecret string + headerBasicAuth bool SignInMessage string serveMux *http.ServeMux } -func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy { +func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, headerBasicAuth bool, oauthLoginUrl string, oauthRedemptionUrl string, oauthScope string, validator func(string) bool) *OauthProxy { login, _ := url.Parse(oauthLoginUrl) redeem, _ := url.Parse(oauthRedemptionUrl) serveMux := http.NewServeMux() @@ -50,6 +52,7 @@ func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, o clientID: clientID, clientSecret: clientSecret, + headerBasicAuth: headerBasicAuth, oauthScope: oauthScope, oauthRedemptionUrl: redeem, oauthLoginUrl: login, @@ -104,6 +107,10 @@ func (p *OauthProxy) redeemCode(code string) (string, error) { params.Add("grant_type", "authorization_code") req, err := http.NewRequest("POST", p.oauthRedemptionUrl.String(), bytes.NewBufferString(params.Encode())) req.Header.Set("Accept", "application/json") + if p.headerBasicAuth { + token := []byte(fmt.Sprintf("%s:%s", p.clientID, p.clientSecret)) + req.Header.Set("Authorization", fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString(token))) + } if err != nil { log.Printf("failed building request %s", err.Error()) return "", err