github.com/pusher/oauth2_proxy@v3.2.0+incompatible/providers/linkedin.go

github.com/pusher/oauth2_proxy@v3.2.0+incompatible/providers/linkedin.go (about)

     1  package providers
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"net/http"
     7  	"net/url"
     8  
     9  	"github.com/pusher/oauth2_proxy/api"
    10  )
    11  
    12  // LinkedInProvider represents an LinkedIn based Identity Provider
    13  type LinkedInProvider struct {
    14  	*ProviderData
    15  }
    16  
    17  // NewLinkedInProvider initiates a new LinkedInProvider
    18  func NewLinkedInProvider(p *ProviderData) *LinkedInProvider {
    19  	p.ProviderName = "LinkedIn"
    20  	if p.LoginURL.String() == "" {
    21  		p.LoginURL = &url.URL{Scheme: "https",
    22  			Host: "www.linkedin.com",
    23  			Path: "/uas/oauth2/authorization"}
    24  	}
    25  	if p.RedeemURL.String() == "" {
    26  		p.RedeemURL = &url.URL{Scheme: "https",
    27  			Host: "www.linkedin.com",
    28  			Path: "/uas/oauth2/accessToken"}
    29  	}
    30  	if p.ProfileURL.String() == "" {
    31  		p.ProfileURL = &url.URL{Scheme: "https",
    32  			Host: "www.linkedin.com",
    33  			Path: "/v1/people/~/email-address"}
    34  	}
    35  	if p.ValidateURL.String() == "" {
    36  		p.ValidateURL = p.ProfileURL
    37  	}
    38  	if p.Scope == "" {
    39  		p.Scope = "r_emailaddress r_basicprofile"
    40  	}
    41  	return &LinkedInProvider{ProviderData: p}
    42  }
    43  
    44  func getLinkedInHeader(accessToken string) http.Header {
    45  	header := make(http.Header)
    46  	header.Set("Accept", "application/json")
    47  	header.Set("x-li-format", "json")
    48  	header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
    49  	return header
    50  }
    51  
    52  // GetEmailAddress returns the Account email address
    53  func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) {
    54  	if s.AccessToken == "" {
    55  		return "", errors.New("missing access token")
    56  	}
    57  	req, err := http.NewRequest("GET", p.ProfileURL.String()+"?format=json", nil)
    58  	if err != nil {
    59  		return "", err
    60  	}
    61  	req.Header = getLinkedInHeader(s.AccessToken)
    62  
    63  	json, err := api.Request(req)
    64  	if err != nil {
    65  		return "", err
    66  	}
    67  
    68  	email, err := json.String()
    69  	if err != nil {
    70  		return "", err
    71  	}
    72  	return email, nil
    73  }
    74  
    75  // ValidateSessionState validates the AccessToken
    76  func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool {
    77  	return validateToken(p, s.AccessToken, getLinkedInHeader(s.AccessToken))
    78  }