OIDC authentication

authentication.go

@@ -1,14 +1,45 @@
 package helix
 
 import (
+	"context"
+	"fmt"
 	"net/http"
 	"strings"
+	"time"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"golang.org/x/oauth2"
 )
 
 var authPaths = map[string]string{
 	"token":    "/token",
 	"revoke":   "/revoke",
 	"validate": "/validate",
+	"userinfo": "/userinfo",
+}
+
+type OIDCAuth struct {
+	oauth2.Token
+	RawIDToken string        `json:"raw_id_token"`
+	IDToken    *oidc.IDToken `json:"id_token"`
+	Claims     *OIDCClaims   `json:"claims"`
+}
+
+type IDToken struct {
+	Email         string `json:"email"`
+	EmailVerified bool   `json:"email_verified"`
+}
+
+type OIDCClaims struct {
+	IDToken  IDToken       `json:"id_token"`
+	UserInfo UserInfoClaim `json:"user_info"`
+}
+
+type UserInfoClaim struct {
+	Email    string `json:"email"`
+	Username string `json:"preferred_username"`
+	Picture  string `json:"picture"`
+	Updated  string `json:"updated_at"`
 }
 
 type AuthorizationURLParams struct {
@@ -19,7 +50,7 @@ type AuthorizationURLParams struct {
 }
 
 func (c *Client) GetAuthorizationURL(params *AuthorizationURLParams) string {
-	url := AuthBaseURL + "/authorize"
+	url := c.opts.AuthAPIBaseURL + "/authorize"
 	url += "?response_type=" + params.ResponseType
 	url += "&client_id=" + c.opts.ClientID
 	url += "&redirect_uri=" + c.opts.RedirectURI
@@ -224,3 +255,79 @@ func (c *Client) ValidateToken(accessToken string) (bool, *ValidateTokenResponse
 
 	return isValid, tokenResp, nil
 }
+
+func (c *Client) RequestUserOIDCAccessToken(
+	code string,
+	scopes []string,
+) (
+	resp *OIDCAuth,
+	err error,
+) {
+	resp = &OIDCAuth{}
+
+	oauth2Config := oauth2.Config{
+		ClientID:     c.opts.ClientID,
+		ClientSecret: c.opts.ClientSecret,
+		RedirectURL:  c.opts.RedirectURI,
+		Endpoint:     c.opts.OidcProvider.Endpoint(),
+		// "openid" is a required scope for OpenID Connect flows.
+		Scopes: append([]string{oidc.ScopeOpenID}, scopes...),
+	}
+
+	verifier := c.opts.OidcProvider.Verifier(&oidc.Config{ClientID: c.opts.ClientID})
+
+	oauth2Token, err := oauth2Config.Exchange(context.Background(), code)
+	if err != nil {
+		return
+	}
+	resp.Token = *oauth2Token
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		err = fmt.Errorf("id_token is MISSING validate twitch auth req")
+		return
+	}
+	resp.RawIDToken = rawIDToken
+
+	idToken, err := verifier.Verify(context.Background(), rawIDToken)
+	if err != nil {
+		err = fmt.Errorf("failed to validate oidc token:%s err:%w", rawIDToken, err)
+		return
+	}
+	resp.IDToken = idToken
+
+	claims := &OIDCClaims{}
+	err = idToken.Claims(&claims.IDToken)
+	if err != nil {
+		return
+	}
+	resp.Claims = claims
+
+	return
+}
+
+func (c *Client) UserInfoFromOIDCAccessToken(
+	token string,
+) (
+	claim UserInfoClaim,
+	err error,
+) {
+	userInfo, err := c.opts.OidcProvider.UserInfo(
+		context.Background(),
+		oauth2.StaticTokenSource(&oauth2.Token{
+			AccessToken:  token,
+			TokenType:    "",
+			RefreshToken: "",
+			Expiry:       time.Time{},
+		}),
+	)
+	if err != nil {
+		return
+	}
+
+	// unmarshal user info claims
+	err = userInfo.Claims(&claim)
+
+	return
+}

authentication_test.go

@@ -1,8 +1,12 @@
 package helix
 
 import (
+	"context"
 	"net/http"
 	"testing"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"golang.org/x/oauth2"
 )
 
 func TestGetAuthorizationURL(t *testing.T) {

eventsub.go

@@ -638,10 +638,14 @@ func (c *Client) CreateEventSubSubscription(payload *EventSubSubscription) (*Eve
 		return nil, err
 	}
 
-	eventsub := &EventSubSubscriptionsResponse{}
-	resp.HydrateResponseCommon(&eventsub.ResponseCommon)
-	eventsub.Data = *resp.Data.(*ManyEventSubSubscriptions)
-	return eventsub, nil
+	eventsubs := &EventSubSubscriptionsResponse{}
+	resp.HydrateResponseCommon(&eventsubs.ResponseCommon)
+	eventsubs.Data.Total = resp.Data.(*ManyEventSubSubscriptions).Total
+	eventsubs.Data.TotalCost = resp.Data.(*ManyEventSubSubscriptions).TotalCost
+	eventsubs.Data.MaxTotalCost = resp.Data.(*ManyEventSubSubscriptions).MaxTotalCost
+	eventsubs.Data.EventSubSubscriptions = resp.Data.(*ManyEventSubSubscriptions).EventSubSubscriptions
+
+	return eventsubs, nil
 }
 
 // Verifys that a notification came from twitch using the a signature and the secret used when creating the subscription

extensions_test.go

@@ -114,7 +114,7 @@ func TestGetExtensionLiveChannels(t *testing.T) {
 			http.StatusOK,
 			&Options{ClientID: "my-client-id"},
 			&ExtensionLiveChannelsParams{ExtensionID: "some-extension-id"},
-			`{ "data": [{ "broadcaster_id": "121086094", "broadcaster_name": "khaizer93", "game_name": "Art", "game_id": "509660", "title": "random artstream sketching Kiryu COCO" }, { "broadcaster_id": "165951395", "broadcaster_name": "MelloTodd", "game_name": "Jackbox Party Packs", "game_id": "493174", "title": "[OPEN] WInner Choses Next Game (1-8) | !jackbox !uptime #envtuber" }, { "broadcaster_id": "21724294", "broadcaster_name": "Mahoog47", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "LVL 39| The holy relic Ash-12 has been acquired" }, { "broadcaster_id": "253663808", "broadcaster_name": "MrHatcher_", "game_name": "Dota 2", "game_id": "29595", "title": "Road to 53/55 followers! Dota 2 Ranked 1k mmr (british/filipino)" }, { "broadcaster_id": "245641098", "broadcaster_name": "ChoKoii", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "First Drops Enabled Stream? | Labs Main | 1 Follower=5 push-ups" }, { "broadcaster_id": "268444856", "broadcaster_name": "D4RK_5KY", "game_name": "Always On", "game_id": "499973", "title": "24/7 FULLSEND HOST RAFFLE - Need THAT #SUPPORT!? #Affiliate PUSH!? Try Your LUCK \u0026 WIN The Raffle!" }, { "broadcaster_id": "42871388", "broadcaster_name": "mieudiary", "game_name": "Stardew Valley", "game_id": "490744", "title": "I'm very sleepy but let's farm | !melaomi" }, { "broadcaster_id": "429972112", "broadcaster_name": "andy_gra", "game_name": "twitch", "game_id": "", "title": "wbijaj smialo :)" }, { "broadcaster_id": "486154226", "broadcaster_name": "mrboone521", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "TARK TARK offline and scav runs" }, { "broadcaster_id": "503028811", "broadcaster_name": "Uwlsy2k", "game_name": "Fortnite", "game_id": "33214", "title": "Bot Zonewars?! Join up and chat " }, { "broadcaster_id": "520878515", "broadcaster_name": "me_fon", "game_name": "Teamfight Tactics", "game_id": "513143", "title": "Ranking up in TFT Mob" }, { "broadcaster_id": "521301629", "broadcaster_name": "acrolic_", "game_name": "Apex Legends", "game_id": "511224", "title": "Come say hi! |road to 50 followers | song choices" }, { "broadcaster_id": "54270050", "broadcaster_name": "ELIASS_1", "game_name": "SCUM", "game_id": "495811", "title": "walking simulator 2022 | !setup | !sleep  | 386/400 followers | " }, { "broadcaster_id": "611701485", "broadcaster_name": "Semmy_22", "game_name": "Overwatch", "game_id": "488552", "title": "Support slave at your service " }, { "broadcaster_id": "63501619", "broadcaster_name": "KittySinisterr", "game_name": "Fortnite", "game_id": "33214", "title": "Winterfest challenges" }, { "broadcaster_id": "625059457", "broadcaster_name": "unisclan", "game_name": "Battlefield 2042", "game_id": "514974", "title": "crazy gameplay tanks   will not live " }, { "broadcaster_id": "604281079", "broadcaster_name": "viperarishyt", "game_name": "FIFA 22", "game_id": "1869092879", "title": "Grab Your Breakfast and Join me. Lets chat :-)" }, { "broadcaster_id": "666411722", "broadcaster_name": "SarahBree", "game_name": "Apex Legends", "game_id": "511224", "title": "Winter express only before it goes away :'(" }, { "broadcaster_id": "647613771", "broadcaster_name": "batbat0508", "game_name": "Battlefield 4", "game_id": "66402", "title": "( GOVS ) ~Fr-En ~ rules (LOCKER)" }, { "broadcaster_id": "653487605", "broadcaster_name": "honka2019", "game_name": "Identity V", "game_id": "508662", "title": "JPN♡本日も23:30頃までまったりプレイ⚠️mobile play" }], "pagination": "YVc1emRHRnNiQ00yTXpVd01UWXhPVHBsT1ROalpqZzNNekJ1WkRFeGVqZG5aWEJyYkhreVozSjVOV3QyT0dzNjoz" }`,		"",
+			`{ "data": [{ "broadcaster_id": "121086094", "broadcaster_name": "khaizer93", "game_name": "Art", "game_id": "509660", "title": "random artstream sketching Kiryu COCO" }, { "broadcaster_id": "165951395", "broadcaster_name": "MelloTodd", "game_name": "Jackbox Party Packs", "game_id": "493174", "title": "[OPEN] WInner Choses Next Game (1-8) | !jackbox !uptime #envtuber" }, { "broadcaster_id": "21724294", "broadcaster_name": "Mahoog47", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "LVL 39| The holy relic Ash-12 has been acquired" }, { "broadcaster_id": "253663808", "broadcaster_name": "MrHatcher_", "game_name": "Dota 2", "game_id": "29595", "title": "Road to 53/55 followers! Dota 2 Ranked 1k mmr (british/filipino)" }, { "broadcaster_id": "245641098", "broadcaster_name": "ChoKoii", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "First Drops Enabled Stream? | Labs Main | 1 Follower=5 push-ups" }, { "broadcaster_id": "268444856", "broadcaster_name": "D4RK_5KY", "game_name": "Always On", "game_id": "499973", "title": "24/7 FULLSEND HOST RAFFLE - Need THAT #SUPPORT!? #Affiliate PUSH!? Try Your LUCK \u0026 WIN The Raffle!" }, { "broadcaster_id": "42871388", "broadcaster_name": "mieudiary", "game_name": "Stardew Valley", "game_id": "490744", "title": "I'm very sleepy but let's farm | !melaomi" }, { "broadcaster_id": "429972112", "broadcaster_name": "andy_gra", "game_name": "twitch", "game_id": "", "title": "wbijaj smialo :)" }, { "broadcaster_id": "486154226", "broadcaster_name": "mrboone521", "game_name": "Escape from Tarkov", "game_id": "491931", "title": "TARK TARK offline and scav runs" }, { "broadcaster_id": "503028811", "broadcaster_name": "Uwlsy2k", "game_name": "Fortnite", "game_id": "33214", "title": "Bot Zonewars?! Join up and chat " }, { "broadcaster_id": "520878515", "broadcaster_name": "me_fon", "game_name": "Teamfight Tactics", "game_id": "513143", "title": "Ranking up in TFT Mob" }, { "broadcaster_id": "521301629", "broadcaster_name": "acrolic_", "game_name": "Apex Legends", "game_id": "511224", "title": "Come say hi! |road to 50 followers | song choices" }, { "broadcaster_id": "54270050", "broadcaster_name": "ELIASS_1", "game_name": "SCUM", "game_id": "495811", "title": "walking simulator 2022 | !setup | !sleep  | 386/400 followers | " }, { "broadcaster_id": "611701485", "broadcaster_name": "Semmy_22", "game_name": "Overwatch", "game_id": "488552", "title": "Support slave at your service " }, { "broadcaster_id": "63501619", "broadcaster_name": "KittySinisterr", "game_name": "Fortnite", "game_id": "33214", "title": "Winterfest challenges" }, { "broadcaster_id": "625059457", "broadcaster_name": "unisclan", "game_name": "Battlefield 2042", "game_id": "514974", "title": "crazy gameplay tanks   will not live " }, { "broadcaster_id": "604281079", "broadcaster_name": "viperarishyt", "game_name": "FIFA 22", "game_id": "1869092879", "title": "Grab Your Breakfast and Join me. Lets chat :-)" }, { "broadcaster_id": "666411722", "broadcaster_name": "SarahBree", "game_name": "Apex Legends", "game_id": "511224", "title": "Winter express only before it goes away :'(" }, { "broadcaster_id": "647613771", "broadcaster_name": "batbat0508", "game_name": "Battlefield 4", "game_id": "66402", "title": "( GOVS ) ~Fr-En ~ rules (LOCKER)" }, { "broadcaster_id": "653487605", "broadcaster_name": "honka2019", "game_name": "Identity V", "game_id": "508662", "title": "JPN♡本日も23:30頃までまったりプレイ⚠️mobile play" }], "pagination": "YVc1emRHRnNiQ00yTXpVd01UWXhPVHBsT1ROalpqZzNNekJ1WkRFeGVqZG5aWEJyYkhreVozSjVOV3QyT0dzNjoz" }`, "",
 		},
 		{
 			http.StatusOK,

go.mod

@@ -1,5 +1,9 @@
-module github.com/nicklaw5/helix/v2
+module github.com/nicklaw5/helix
 
 go 1.17
 
-require github.com/golang-jwt/jwt/v4 v4.0.0
+require (
+	github.com/coreos/go-oidc/v3 v3.4.0
+	github.com/golang-jwt/jwt/v4 v4.0.0
+	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
+)