add OAuth2 auth type [#523]

.secrets.baseline

@@ -133,7 +133,7 @@
         "filename": "core/auth/auth.go",
         "hashed_secret": "4d55af37dbbb6a42088d917caa1ca25428ec42c9",
         "is_verified": false,
-        "line_number": 2388
+        "line_number": 2389
       }
     ],
     "core/auth/auth_type_email.go": [
@@ -279,5 +279,5 @@
       }
     ]
   },
-  "generated_at": "2022-08-09T22:15:53Z"
+  "generated_at": "2022-08-15T22:35:05Z"
 }

core/auth/auth.go

@@ -184,6 +184,7 @@ func NewAuth(serviceID string, host string, authPrivKey *rsa.PrivateKey, storage
 
 	initOidcAuth(auth)
 	initSamlAuth(auth)
+	initOAuth2Auth(auth)
 
 	initStaticTokenServiceAuth(auth)
 	initSignatureServiceAuth(auth)
@@ -1400,7 +1401,7 @@ func (a *Auth) constructAccount(context storage.TransactionContext, authType mod
 	appOrg model.ApplicationOrganization, credential *model.Credential, unverified bool, externalIDs map[string]string, profile model.Profile,
 	preferences map[string]interface{}, permissionNames []string, roleIDs []string, groupIDs []string, assignerPermissions []string, l *logs.Log) (*model.AccountAuthType, error) {
 	//create account auth type
-	accountAuthType, credential, err := a.prepareAccountAuthType(authType, userIdentifier, accountAuthTypeParams, credential, unverified, false)
+	accountAuthType, _, err := a.prepareAccountAuthType(authType, userIdentifier, accountAuthTypeParams, credential, unverified, false)
 	if err != nil {
 		return nil, errors.WrapErrorAction(logutils.ActionCreate, model.TypeAccountAuthType, nil, err)
 	}

core/auth/auth_type_oauth2.go

@@ -0,0 +1,83 @@
+// Copyright 2022 Board of Trustees of the University of Illinois.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"core-building-block/core/model"
+
+	"github.com/rokwire/logging-library-go/errors"
+	"github.com/rokwire/logging-library-go/logs"
+	"github.com/rokwire/logging-library-go/logutils"
+)
+
+const (
+	//AuthTypeOAuth2 oauth2 auth type
+	AuthTypeOAuth2 string = "oauth2"
+
+	typeOAuth2AuthConfig logutils.MessageDataType = "oauth2 auth config"
+	typeOAuth2Token      logutils.MessageDataType = "oauth2 token"
+)
+
+// OAuth2 implementation of authType
+type oauth2AuthImpl struct {
+	auth     *Auth
+	authType string
+}
+
+type oauth2AuthConfig struct {
+	Host         string `json:"host" validate:"required"`
+	AuthorizeURL string `json:"authorize_url"`
+	TokenURL     string `json:"token_url"`
+	UserInfoURL  string `json:"userinfo_url"`
+	Scopes       string `json:"scopes"`
+	AllowSignUp  bool   `json:"allow_signup"`
+	ClientID     string `json:"client_id" validate:"required"`
+	ClientSecret string `json:"client_secret"`
+}
+
+type oauth2Token struct {
+	AccessToken string `json:"access_token" validate:"required"`
+	Scope       string `json:"scope" validate:"required"`
+	TokenType   string `json:"token_type" validate:"required"`
+}
+
+func (a *oauth2AuthImpl) externalLogin(authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization, creds string, params string, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
+	return nil, nil, errors.New(logutils.Unimplemented)
+}
+
+// refresh must be implemented for OIDC auth
+func (a *oauth2AuthImpl) refresh(params map[string]interface{}, authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
+	return nil, nil, errors.New(logutils.Unimplemented)
+}
+
+func (a *oauth2AuthImpl) getLoginURL(authType model.AuthType, appType model.ApplicationType, redirectURI string, l *logs.Log) (string, map[string]interface{}, error) {
+	return "", nil, errors.New(logutils.Unimplemented)
+}
+
+func (a *oauth2AuthImpl) checkToken(idToken string, authType model.AuthType, appType model.ApplicationType, oidcConfig *oidcAuthConfig, l *logs.Log) (string, error) {
+	return "", errors.New(logutils.Unimplemented)
+}
+
+// initOAuth2Auth initializes and registers a new OAuth2 auth instance
+func initOAuth2Auth(auth *Auth) (*oauth2AuthImpl, error) {
+	oauth2 := &oauth2AuthImpl{auth: auth, authType: AuthTypeOAuth2}
+
+	err := auth.registerExternalAuthType(oauth2.authType, oauth2)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionRegister, typeAuthType, nil, err)
+	}
+
+	return oauth2, nil
+}

core/auth/auth_type_oidc.go

@@ -21,7 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -402,7 +402,7 @@ func (a *oidcAuthImpl) loadOidcTokenWithParams(params map[string]string, oidcCon
 	}
 
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, errors.WrapErrorAction(logutils.ActionRead, logutils.TypeRequestBody, nil, err)
 	}
@@ -448,7 +448,7 @@ func (a *oidcAuthImpl) loadOidcUserInfo(token *oidcToken, url string) ([]byte, e
 	}
 
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, errors.WrapErrorAction(logutils.ActionRead, logutils.TypeResponse, nil, err)
 	}

core/auth/auth_type_phone.go

@@ -12,20 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Copyright 2022 Board of Trustees of the University of Illinois.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 package auth
 
 import (
@@ -34,7 +20,7 @@ import (
 	"core-building-block/utils"
 	"encoding/base64"
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"regexp"
@@ -275,7 +261,7 @@ func makeRequest(ctx context.Context, method string, pathPart string, data url.V
 	}
 
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, errors.WrapErrorAction(logutils.ActionRead, logutils.TypeRequestBody, nil, err)
 	}