Merge pull request #250 from supertokens/new-providers

New providers

Author: rishabhpoddar

CHANGELOG.md

@@ -6,8 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [unreleased]
+
+## [0.10.3] - 2023-03-29
 -   Adds unit test for Apple callback form post
 -   Updates all example apps to also initialise dashboard recipe
+-   Adds login with gitlab (for single tenant only) and bitbucket
 
 ## [0.10.2] - 2023-02-24
 -   Adds APIs and logic to the dashboard recipe to enable email password based login

coreDriverInterfaceSupported.json

@@ -11,6 +11,7 @@
                 "2.15",
                 "2.16",
                 "2.17",
-                "2.18"
+                "2.18",
+                "2.19"
         ]
 }

recipe/thirdparty/main.go

@@ -98,6 +98,14 @@ func GoogleWorkspaces(config tpmodels.GoogleWorkspacesConfig) tpmodels.TypeProvi
 	return providers.GoogleWorkspaces(config)
 }
 
+func Bitbucket(config tpmodels.BitbucketConfig) tpmodels.TypeProvider {
+	return providers.Bitbucket(config)
+}
+
+func GitLab(config tpmodels.GitLabConfig) tpmodels.TypeProvider {
+	return providers.GitLab(config)
+}
+
 func Google(config tpmodels.GoogleConfig) tpmodels.TypeProvider {
 	return providers.Google(config)
 }

recipe/thirdparty/providers/bitbucket.go

@@ -0,0 +1,154 @@
+/* Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package providers
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
+	"github.com/supertokens/supertokens-golang/supertokens"
+)
+
+const bitbucketID = "bitbucket"
+
+func Bitbucket(config tpmodels.BitbucketConfig) tpmodels.TypeProvider {
+	return tpmodels.TypeProvider{
+		ID: bitbucketID,
+		Get: func(redirectURI, authCodeFromRequest *string, userContext supertokens.UserContext) tpmodels.TypeProviderGetResponse {
+			accessTokenAPIURL := "https://bitbucket.org/site/oauth2/access_token"
+			accessTokenAPIParams := map[string]string{
+				"client_id":     config.ClientID,
+				"client_secret": config.ClientSecret,
+				"grant_type":    "authorization_code",
+			}
+			if authCodeFromRequest != nil {
+				accessTokenAPIParams["code"] = *authCodeFromRequest
+			}
+			if redirectURI != nil {
+				accessTokenAPIParams["redirect_uri"] = *redirectURI
+			}
+
+			authorisationRedirectURL := "https://bitbucket.org/site/oauth2/authorize"
+			scopes := []string{"account", "email"}
+			if config.Scope != nil {
+				scopes = config.Scope
+			}
+
+			var additionalParams map[string]interface{} = nil
+			if config.AuthorisationRedirect != nil && config.AuthorisationRedirect.Params != nil {
+				additionalParams = config.AuthorisationRedirect.Params
+			}
+
+			authorizationRedirectParams := map[string]interface{}{
+				"scope":         strings.Join(scopes, " "),
+				"access_type":   "offline",
+				"response_type": "code",
+				"client_id":     config.ClientID,
+			}
+			for key, value := range additionalParams {
+				authorizationRedirectParams[key] = value
+			}
+
+			return tpmodels.TypeProviderGetResponse{
+				AccessTokenAPI: tpmodels.AccessTokenAPI{
+					URL:    accessTokenAPIURL,
+					Params: accessTokenAPIParams,
+				},
+				AuthorisationRedirect: tpmodels.AuthorisationRedirect{
+					URL:    authorisationRedirectURL,
+					Params: authorizationRedirectParams,
+				},
+				GetProfileInfo: func(authCodeResponse interface{}, userContext supertokens.UserContext) (tpmodels.UserInfo, error) {
+					authCodeResponseJson, err := json.Marshal(authCodeResponse)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					var accessTokenAPIResponse bitbucketGetProfileInfoInput
+					err = json.Unmarshal(authCodeResponseJson, &accessTokenAPIResponse)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					accessToken := accessTokenAPIResponse.AccessToken
+					authHeader := "Bearer " + accessToken
+					response, err := getBitbucketAuthRequest(authHeader)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					userInfo := response.(map[string]interface{})
+					ID := userInfo["uuid"].(string)
+
+					emailResponse, err := getBitbucketEmailRequest(authHeader)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					var email string
+					var isVerified bool = false
+					emailResponseInfo := emailResponse.(map[string]interface{})
+					for _, emailInfo := range emailResponseInfo["values"].([]interface{}) {
+						emailInfoMap := emailInfo.(map[string]interface{})
+						if emailInfoMap["is_primary"].(bool) {
+							email = emailInfoMap["email"].(string)
+							isVerified = emailInfoMap["is_confirmed"].(bool)
+						}
+					}
+					if email == "" {
+						return tpmodels.UserInfo{
+							ID: ID,
+						}, nil
+					}
+
+					return tpmodels.UserInfo{
+						ID: ID,
+						Email: &tpmodels.EmailStruct{
+							ID:         email,
+							IsVerified: isVerified,
+						},
+					}, nil
+				},
+				GetClientId: func(userContext supertokens.UserContext) string {
+					return config.ClientID
+				},
+			}
+		},
+		IsDefault: config.IsDefault,
+	}
+}
+
+func getBitbucketAuthRequest(authHeader string) (interface{}, error) {
+	url := "https://api.bitbucket.org/2.0/user"
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Authorization", authHeader)
+	return doGetRequest(req)
+}
+
+func getBitbucketEmailRequest(authHeader string) (interface{}, error) {
+	url := "https://api.bitbucket.org/2.0/user/emails"
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Authorization", authHeader)
+	return doGetRequest(req)
+}
+
+type bitbucketGetProfileInfoInput struct {
+	AccessToken string `json:"access_token"`
+}

recipe/thirdparty/providers/gitlab.go

@@ -0,0 +1,145 @@
+/* Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package providers
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
+	"github.com/supertokens/supertokens-golang/supertokens"
+)
+
+const gitlabID = "gitlab"
+
+func GitLab(config tpmodels.GitLabConfig) tpmodels.TypeProvider {
+	gitLabURL := "https://gitlab.com"
+	if config.GitLabBaseURL != nil {
+		url, err := supertokens.NewNormalisedURLDomain(*config.GitLabBaseURL)
+		if err != nil {
+			panic(err)
+		}
+		gitLabURL = url.GetAsStringDangerous()
+	}
+	return tpmodels.TypeProvider{
+		ID: gitlabID,
+		Get: func(redirectURI, authCodeFromRequest *string, userContext supertokens.UserContext) tpmodels.TypeProviderGetResponse {
+			accessTokenAPIURL := gitLabURL + "/oauth/token"
+			accessTokenAPIParams := map[string]string{
+				"client_id":     config.ClientID,
+				"client_secret": config.ClientSecret,
+				"grant_type":    "authorization_code",
+			}
+			if authCodeFromRequest != nil {
+				accessTokenAPIParams["code"] = *authCodeFromRequest
+			}
+			if redirectURI != nil {
+				accessTokenAPIParams["redirect_uri"] = *redirectURI
+			}
+
+			authorisationRedirectURL := gitLabURL + "/oauth/authorize"
+			scopes := []string{"read_user"}
+			if config.Scope != nil {
+				scopes = config.Scope
+			}
+
+			var additionalParams map[string]interface{} = nil
+			if config.AuthorisationRedirect != nil && config.AuthorisationRedirect.Params != nil {
+				additionalParams = config.AuthorisationRedirect.Params
+			}
+
+			authorizationRedirectParams := map[string]interface{}{
+				"scope":         strings.Join(scopes, " "),
+				"response_type": "code",
+				"client_id":     config.ClientID,
+			}
+			for key, value := range additionalParams {
+				authorizationRedirectParams[key] = value
+			}
+
+			return tpmodels.TypeProviderGetResponse{
+				AccessTokenAPI: tpmodels.AccessTokenAPI{
+					URL:    accessTokenAPIURL,
+					Params: accessTokenAPIParams,
+				},
+				AuthorisationRedirect: tpmodels.AuthorisationRedirect{
+					URL:    authorisationRedirectURL,
+					Params: authorizationRedirectParams,
+				},
+				GetProfileInfo: func(authCodeResponse interface{}, userContext supertokens.UserContext) (tpmodels.UserInfo, error) {
+					authCodeResponseJson, err := json.Marshal(authCodeResponse)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					var accessTokenAPIResponse gitlabGetProfileInfoInput
+					err = json.Unmarshal(authCodeResponseJson, &accessTokenAPIResponse)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					accessToken := accessTokenAPIResponse.AccessToken
+					authHeader := "Bearer " + accessToken
+					response, err := getGitLabAuthRequest(gitLabURL, authHeader)
+					if err != nil {
+						return tpmodels.UserInfo{}, err
+					}
+					userInfo := response.(map[string]interface{})
+					ID := fmt.Sprint(userInfo["id"]) // the id returned by gitlab is a number, so we convert to a string
+					_, emailExists := userInfo["email"]
+					if !emailExists {
+						return tpmodels.UserInfo{
+							ID: ID,
+						}, nil
+					}
+					email := userInfo["email"].(string)
+					var isVerified bool
+					_, ok := userInfo["confirmed_at"]
+					if ok && userInfo["confirmed_at"] != nil && userInfo["confirmed_at"].(string) != "" {
+						isVerified = true
+					} else {
+						isVerified = false
+					}
+					return tpmodels.UserInfo{
+						ID: ID,
+						Email: &tpmodels.EmailStruct{
+							ID:         email,
+							IsVerified: isVerified,
+						},
+					}, nil
+				},
+				GetClientId: func(userContext supertokens.UserContext) string {
+					return config.ClientID
+				},
+			}
+		},
+		IsDefault: config.IsDefault,
+	}
+}
+
+func getGitLabAuthRequest(gitLabUrl string, authHeader string) (interface{}, error) {
+	url := gitLabUrl + "/api/v4/user"
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Authorization", authHeader)
+	return doGetRequest(req)
+}
+
+type gitlabGetProfileInfoInput struct {
+	AccessToken string `json:"access_token"`
+}

recipe/thirdparty/tpmodels/providers.go

@@ -25,6 +25,27 @@ type GoogleConfig struct {
 	IsDefault bool
 }
 
+type BitbucketConfig struct {
+	ClientID              string
+	ClientSecret          string
+	Scope                 []string
+	AuthorisationRedirect *struct {
+		Params map[string]interface{}
+	}
+	IsDefault bool
+}
+
+type GitLabConfig struct {
+	ClientID              string
+	ClientSecret          string
+	Scope                 []string
+	AuthorisationRedirect *struct {
+		Params map[string]interface{}
+	}
+	GitLabBaseURL *string
+	IsDefault     bool
+}
+
 type GoogleWorkspacesConfig struct {
 	ClientID              string
 	ClientSecret          string

supertokens/constants.go

@@ -21,10 +21,10 @@ const (
 )
 
 // VERSION current version of the lib
-const VERSION = "0.10.2"
+const VERSION = "0.10.3"
 
 var (
-	cdiSupported = []string{"2.8", "2.9", "2.10", "2.11", "2.12", "2.13", "2.14", "2.15", "2.16", "2.17", "2.18"}
+	cdiSupported = []string{"2.8", "2.9", "2.10", "2.11", "2.12", "2.13", "2.14", "2.15", "2.16", "2.17", "2.18", "2.19"}
 )
 
 const DashboardVersion = "0.4"