Closed oliverpool closed 2 years ago
Thinking more about this, maybe the usage of Oauth2 module could be simplified (and made more flexible).
NewFromOAuth2
and SaveOAuth2
from OAuth2ServerStorer
into one method to find or create a user:
type OAuth2Result struct {
Provider string
AccessToken string
Expiry time.Time
RefreshToken string
}
type OAuth2ServerStorer interface { FindOrCreateOAuth2User(ctx context.Context, result OAuth2Result, details map[string]string) (User, error) }
2. drop `authboss.OAuth2User` and simply use `GetPID` everywhere.
This would be a fairly large (breaking) change, but it would make it easier to implement oauth2 support.
I guess there are still other steps needed to allow the usage of multiple OAuth2 providers to log the same user (I think this is currently not possible).
For instance a `AddOAuth2ProviderToUser()` to add a oauth2 provider to an already existing (and logged-in) user.
The reason was to give the developer control over the OAuth2ID. Because we don't understand their provider or how their storage system might work we didn't want to enforce specifics.
This is called out here:
- The special casing of the ServerStorer implementation's Load() function to deal properly with incoming OAuth2 pids. See authboss.ParseOAuth2PID as a way to do this.
The initial idea behind Authboss's oauth2 was actually not to separate the identity of oauth users, but be able to (if desired) combine them with the existing user/password style. Hence this extra flexibility and lack of prescription.
Experimented in #332
Is there any reason why
user.OAuth2UID
is not set before callingSaveOAuth2
? (just likeprovider
,accessToken
,Expiry
andRefreshToken
)https://github.com/volatiletech/authboss/blob/e62387f74f1fd01cce883130882065b5bb701c8a/oauth2/oauth2.go#L235-L247
This can be handled by the developer in
NewFromOAuth2
, but it feels kind of odd.