search

rzrbld / adminio-api

simple admin API for min.io (minio) s3 server
MIT License
23 stars 8 forks source link

Great work, but could be more flexible #18

Open dberardo opened 3 years ago

dberardo commented 3 years ago

I have implemented my own OAuth provider server on a custom domain.

I am able to go through the whole session creation procedure using the auth0 provider and a custom domain, pointing to my own oauth server.

However when the "callback" endpoint is called, i get a 404 error message from the auth0 server saying:

"auth0 responded with a 404 trying to fetch user information"

is it possible to have a custom provider using the goth package??

i find this being a huge limitation which makes the whole API extremely hard to use in production otherwise.

rzrbld commented 3 years ago

Hi @dberardo OAuth2 standart implementation should support 3 endpoints:

authEndpoint    string = "/authorize"
tokenEndpoint   string = "/token"
endpointProfile string = "/userinfo"

/userinfo in your server could be an /user or /user-info or any other - cause of that you've got auth0 responded with a 404 trying to fetch user information you can fork goth-provider-wso2 or goth-provider-oauth, change profile endpoint & rebulid.

energenious-eu commented 3 years ago

Hi @dberardo OAuth2 standart implementation should support 3 endpoints:

authEndpoint    string = "/authorize"
tokenEndpoint   string = "/token"
endpointProfile string = "/userinfo"

/userinfo in your server could be an /user or /user-info or any other - cause of that you've got auth0 responded with a 404 trying to fetch user information you can fork goth-provider-wso2 or goth-provider-oauth, change profile endpoint & rebulid.

Thanks @rzrbld for your prompt answer.

i was thinking to patch this line in the auth0 provider:

https://github.com/markbates/goth/blob/master/providers/auth0/auth0.go#L100

to basically hardcode the domain to my private auth server. That should work.

However, i am not a go expert so i should figure out how to import this code in the adminio-api source code.

Before going for this approach i wanted to check with the community if a more customizable option was available, but it seems like neither adminio.api, nor goth allow for custom / general purpose Oauth providers ... which really wonders me.

rzrbld commented 3 years ago

adminio call FetchUser at https://github.com/rzrbld/adminio-api/blob/master/src/oauth/oauth.go#L102 so you can make a stub FetchUser at https://github.com/markbates/goth/blob/master/providers/auth0/auth0.go#L86

energenious-eu commented 3 years ago

ok, i will give it a try, although i have never programmed in Go in the past.

If i make something useful i can share it in a PR. Will keep you updated

dberardo commented 3 years ago

just proposed a stub in here: #19

it works for my setup, but i was not able to test it for auth0.com as i dont have an account there.