MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy / EnrichSession

Method EnrichSession

providers/nextcloud.go:39–78  ·  view source on GitHub ↗

EnrichSession uses the Nextcloud userinfo endpoint to populate the session's email, user, and groups.

(ctx context.Context, s *sessions.SessionState)

Source from the content-addressed store, hash-verified

37// EnrichSession uses the Nextcloud userinfo endpoint to populate
38// the session's email, user, and groups.
39func (p *NextcloudProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
40 // Fallback to ValidateURL if ProfileURL not set for legacy compatibility
41 profileURL := p.ValidateURL.String()
42 if p.ProfileURL.String() != "" {
43 profileURL = p.ProfileURL.String()
44 }
45
46 json, err := requests.New(profileURL).
47 WithContext(ctx).
48 SetHeader("Authorization", tokenTypeBearer+" "+s.AccessToken).
49 Do().
50 UnmarshalSimpleJSON()
51 if err != nil {
52 logger.Errorf("failed making request %v", err)
53 return err
54 }
55
56 groups, err := json.GetPath("ocs", "data", "groups").StringArray()
57 if err == nil {
58 for _, group := range groups {
59 if group != "" {
60 s.Groups = append(s.Groups, group)
61 }
62 }
63 }
64
65 user, err := json.GetPath("ocs", "data", "id").String()
66 if err != nil {
67 return fmt.Errorf("unable to extract id from userinfo endpoint: %v", err)
68 }
69 s.User = user
70
71 email, err := json.GetPath("ocs", "data", "email").String()
72 if err != nil {
73 return fmt.Errorf("unable to extract email from userinfo endpoint: %v", err)
74 }
75 s.Email = email
76
77 return nil
78}
79
80// ValidateSession validates the AccessToken
81func (p *NextcloudProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {

Callers

nothing calls this directly

Calls 7

NewFunction · 0.92
ErrorfFunction · 0.92
UnmarshalSimpleJSONMethod · 0.65
DoMethod · 0.65
SetHeaderMethod · 0.65
WithContextMethod · 0.65
StringMethod · 0.45

Tested by

no test coverage detected