Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add kakao OIDC #1381

Merged
merged 2 commits into from
Mar 5, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions internal/api/provider/kakao.go
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ import (
const (
defaultKakaoAuthBase = "kauth.kakao.com"
defaultKakaoAPIBase = "kapi.kakao.com"
IssuerKakao = "https://kauth.kakao.com"
)

type kakaoProvider struct {
40 changes: 40 additions & 0 deletions internal/api/provider/oidc.go
Original file line number Diff line number Diff line change
@@ -59,6 +59,8 @@ func ParseIDToken(ctx context.Context, provider *oidc.Provider, config *oidc.Con
token, data, err = parseAppleIDToken(token)
case IssuerLinkedin:
token, data, err = parseLinkedinIDToken(token)
case IssuerKakao:
token, data, err = parseKakaoIDToken(token)
default:
if IsAzureIssuer(token.Issuer) {
token, data, err = parseAzureIDToken(token)
@@ -312,6 +314,44 @@ func parseAzureIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, e
return token, &data, nil
}

type KakaoIDTokenClaims struct {
jwt.StandardClaims

Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
J0 marked this conversation as resolved.
Show resolved Hide resolved
Name string `json:"name"`
Picture string `json:"picture"`
}

func parseKakaoIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, error) {
var claims KakaoIDTokenClaims

if err := token.Claims(&claims); err != nil {
return nil, nil, err
}

var data UserProvidedData

if claims.Email != "" {
data.Emails = append(data.Emails, Email{
Email: claims.Email,
Verified: claims.EmailVerified,
Primary: true,
})
}

data.Metadata = &Claims{
Issuer: token.Issuer,
Subject: token.Subject,
Name: claims.Name,
PreferredUsername: claims.Name,
ProviderId: token.Subject,
Picture: claims.Picture,
}

return token, &data, nil
}

func parseGenericIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, error) {
var data UserProvidedData

6 changes: 6 additions & 0 deletions internal/api/token_oidc.go
Original file line number Diff line number Diff line change
@@ -75,6 +75,12 @@ func (p *IdTokenGrantParams) getProvider(ctx context.Context, config *conf.Globa
issuer = config.External.Keycloak.URL
acceptableClientIDs = append(acceptableClientIDs, config.External.Keycloak.ClientID...)

case p.Provider == "kakao" || p.Issuer == provider.IssuerKakao:
cfg = &config.External.Kakao
providerType = "kakao"
issuer = provider.IssuerKakao
acceptableClientIDs = append(acceptableClientIDs, config.External.Kakao.ClientID...)

default:
log.WithField("issuer", p.Issuer).WithField("client_id", p.ClientID).Warn("Use of POST /token with arbitrary issuer and client_id is deprecated for security reasons. Please switch to using the API with provider only!")

Loading