authenticate initiates the OpenID Connect device flow authentication process for the client. It presents a user code for the end user to input in the device that has web access and waits for them to complete the authentication, subsequently updating the client's tokens upon successful authentication
(issuer string, clientID string, audience string, scopes string)
| 285 | // It presents a user code for the end user to input in the device that has web access and waits for them to complete the authentication, |
| 286 | // subsequently updating the client's tokens upon successful authentication. |
| 287 | func (o *oidcClient) authenticate(issuer string, clientID string, audience string, scopes string) error { |
| 288 | // Store the old transport and restore it in the end. |
| 289 | oldTransport := o.httpClient.Transport |
| 290 | o.oidcTransport.audience = audience |
| 291 | o.httpClient.Transport = o.oidcTransport |
| 292 | |
| 293 | defer func() { |
| 294 | o.httpClient.Transport = oldTransport |
| 295 | }() |
| 296 | |
| 297 | provider, err := o.getProvider(issuer, clientID, scopes) |
| 298 | if err != nil { |
| 299 | return err |
| 300 | } |
| 301 | |
| 302 | o.oidcTransport.deviceAuthorizationEndpoint = provider.GetDeviceAuthorizationEndpoint() |
| 303 | |
| 304 | resp, err := rp.DeviceAuthorization(context.TODO(), strings.Split(scopes, ","), provider, nil) |
| 305 | if err != nil { |
| 306 | return err |
| 307 | } |
| 308 | |
| 309 | u, _ := url.Parse(resp.VerificationURIComplete) |
| 310 | |
| 311 | fmt.Printf("URL: %s\n", u.String()) |
| 312 | fmt.Printf("Code: %s\n\n", resp.UserCode) |
| 313 | |
| 314 | _ = util.OpenBrowser(u.String()) |
| 315 | |
| 316 | ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGINT) |
| 317 | defer stop() |
| 318 | |
| 319 | token, err := rp.DeviceAccessToken(ctx, resp.DeviceCode, time.Duration(resp.Interval)*time.Second, provider) |
| 320 | if err != nil { |
| 321 | return err |
| 322 | } |
| 323 | |
| 324 | if o.tokens.Token == nil { |
| 325 | o.tokens.Token = &oauth2.Token{} |
| 326 | } |
| 327 | |
| 328 | o.tokens.Expiry = time.Now().Add(time.Duration(token.ExpiresIn)) |
| 329 | o.tokens.IDToken = token.IDToken |
| 330 | o.tokens.AccessToken = token.AccessToken |
| 331 | o.tokens.TokenType = token.TokenType |
| 332 | |
| 333 | if token.RefreshToken != "" { |
| 334 | o.tokens.RefreshToken = token.RefreshToken |
| 335 | } |
| 336 | |
| 337 | return nil |
| 338 | } |
no test coverage detected