Add generic oauth support, rather than just google

Author: kevin1024

README.md

@@ -1,13 +1,11 @@
-google_auth_proxy
+oauth_proxy
 =================
 
+Note: this is a fork of bit.ly's google_oauth_proxy project that works for any oauth provider (where any has actually been tested on Github and Google, YMMV)
 
-A reverse proxy that provides authentication using Google OAuth2 to validate 
+A reverse proxy that provides authentication using an oauth server to validate 
 individual accounts, or a whole google apps domain.
 
-[![Build Status](https://secure.travis-ci.org/bitly/google_auth_proxy.png?branch=master)](http://travis-ci.org/bitly/google_auth_proxy)
-
-
 ## Architecture
 
 ```
@@ -52,6 +50,10 @@ Usage of ./google_auth_proxy:
   -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
   -upstream=[]: the http url(s) of the upstream endpoint. If multiple, routing is based on path
   -version=false: print version string
+  -login-url: the OAuth Login URL
+  -redemption-url: the OAuth code redemption URL
+  -user-info-url: the OAuth user info URL
+
 ```
 
 
@@ -84,16 +86,10 @@ server {
 }
 ```
 
-The command line to run `google_auth_proxy` would look like this:
+An example commandline that works with github is:
 
 ```bash
-./google_auth_proxy \
-   --redirect-url="https://internal.yourcompany.com/oauth2/callback"  \
-   --google-apps-domain="yourcompany.com"  \
-   --upstream=http://127.0.0.1:8080/ \
-   --cookie-secret=... \
-   --client-id=... \
-   --client-secret=...
+/oauth_proxy --client-id="f4dddfabbebe5ba" --client-secret="ecb0561717bbf29956f" --upstream="http://localhost:8080/" --cookie-secret="secretsecret" --login-url="https://github.com/login/oauth/authorize" --redirect-url="http://localhost:4180/oauth2/callback/" --redemption-url="https://github.com/login/oauth/access_token" --user-info-url="https://api.github.com/user"
 ```
 
 ## Environment variables

main.go

@@ -17,8 +17,11 @@ var (
 	showVersion             = flag.Bool("version", false, "print version string")
 	httpAddr                = flag.String("http-address", "127.0.0.1:4180", "<addr>:<port> to listen on for HTTP clients")
 	redirectUrl             = flag.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
-	clientID                = flag.String("client-id", "", "the Google OAuth Client ID: ie: \"123456.apps.googleusercontent.com\"")
+	clientID                = flag.String("client-id", "", "the Oauth Client ID: ie: \"123456.apps.googleusercontent.com\"")
 	clientSecret            = flag.String("client-secret", "", "the OAuth Client Secret")
+	loginUrl                = flag.String("login-url", "", "the OAuth Login URL")
+	redemptionUrl           = flag.String("redemption-url", "", "the OAuth code redemption URL")
+	userInfoUrl             = flag.String("user-info-url", "", "the OAuth user info URL")
 	passBasicAuth           = flag.Bool("pass-basic-auth", true, "pass HTTP Basic Auth information to upstream")
 	htpasswdFile            = flag.String("htpasswd-file", "", "additionally authenticate against a htpasswd file. Entries must be created with \"htpasswd -s\" for SHA encryption")
 	cookieSecret            = flag.String("cookie-secret", "", "the seed string for secure cookies")
@@ -79,7 +82,7 @@ func main() {
 	}
 
 	validator := NewValidator(*googleAppsDomain, *authenticatedEmailsFile)
-	oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, validator)
+	oauthproxy := NewOauthProxy(upstreamUrls, *clientID, *clientSecret, *loginUrl, *redemptionUrl, *userInfoUrl, validator)
 	oauthproxy.SetRedirectUrl(redirectUrl)
 	if *googleAppsDomain != "" && *authenticatedEmailsFile == "" {
 		oauthproxy.SignInMessage = fmt.Sprintf("using a %s email address", *googleAppsDomain)

oauthproxy.go

@@ -36,10 +36,10 @@ type OauthProxy struct {
 	serveMux           *http.ServeMux
 }
 
-func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, validator func(string) bool) *OauthProxy {
-	login, _ := url.Parse("https://accounts.google.com/o/oauth2/auth")
-	redeem, _ := url.Parse("https://accounts.google.com/o/oauth2/token")
-	info, _ := url.Parse("https://www.googleapis.com/oauth2/v2/userinfo")
+func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, oauthLoginUrl string, oauthRedemptionUrl string, oauthUserInfoUrl string, validator func(string) bool) *OauthProxy {
+	login, _ := url.Parse(oauthLoginUrl)
+	redeem, _ := url.Parse(oauthRedemptionUrl)
+	info, _ := url.Parse(oauthUserInfoUrl)
 	serveMux := http.NewServeMux()
 	for _, u := range proxyUrls {
 		path := u.Path
@@ -54,7 +54,7 @@ func NewOauthProxy(proxyUrls []*url.URL, clientID string, clientSecret string, v
 
 		clientID:           clientID,
 		clientSecret:       clientSecret,
-		oauthScope:         "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email",
+		oauthScope:         "",
 		oauthRedemptionUrl: redeem,
 		oauthLoginUrl:      login,
 		oauthUserInfoUrl:   info,
@@ -90,8 +90,9 @@ func apiRequest(req *http.Request) (*simplejson.Json, error) {
 	}
 	if resp.StatusCode != 200 {
 		log.Printf("got response code %d - %s", resp.StatusCode, body)
-		return nil, errors.New("api request returned 200 status code")
+		return nil, errors.New("api request returned error code")
 	}
+	log.Printf("got body %s", string(body))
 	data, err := simplejson.NewJson(body)
 	if err != nil {
 		return nil, err
@@ -106,8 +107,8 @@ func (p *OauthProxy) redeemCode(code string) (string, error) {
 	params.Add("client_secret", p.clientSecret)
 	params.Add("code", code)
 	params.Add("grant_type", "authorization_code")
-	log.Printf("body is %s", params.Encode())
 	req, err := http.NewRequest("POST", p.oauthRedemptionUrl.String(), bytes.NewBufferString(params.Encode()))
+	req.Header.Set("Accept", "application/json")
 	if err != nil {
 		log.Printf("failed building request %s", err.Error())
 		return "", err

templates.go

@@ -12,7 +12,7 @@ func getTemplates() *template.Template {
 <head><title>Sign In</title></head>
 <body>
 	<form method="GET" action="/oauth2/start">
-	<button type="submit">Sign In w/ Google</button>
+	<button type="submit">Sign In</button>
 	{{.SignInMessage}}
 	</form>
 	{{ if .Htpasswd }}