lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release 0.7.5 (#70)

Browse Source 
* Resolve issue with opaque tokens not being parsed correctly

* Increase test coverage

* Further improvements to test coverage and code quality

* Add new providers.

* fixup! Add new providers.

* Cleanup.

* fixup! Cleanup.

* fixup! fixup! Cleanup.

* fixup! fixup! fixup! Cleanup.

* fixup! fixup! fixup! fixup! Cleanup.

* Memory management optimisation

24 bytes per Put < 256-4096 bytes per buffer allocation avoided (10-170x difference)

* Pooling cleanup.
This commit is contained in:
Lukasz Raczylo
2025-10-01 12:13:10 +01:00
committed by GitHub
parent 3bbc6a1608
commit c3f23cb99b
93 changed files with 26767 additions and 4230 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/providers/github.go
+61
View File
@@ -0,0 +1,61 @@
package providers
import (
"net/url"
)
// GitHubProvider encapsulates GitHub-specific OIDC logic.
type GitHubProvider struct {
*BaseProvider
}
// NewGitHubProvider creates a new instance of the GitHubProvider.
func NewGitHubProvider() *GitHubProvider {
return &GitHubProvider{
BaseProvider: NewBaseProvider(),
}
}
// GetType returns the provider's type.
func (p *GitHubProvider) GetType() ProviderType {
return ProviderTypeGitHub
}
// GetCapabilities returns the specific capabilities of the GitHub provider.
// WARNING: GitHub does NOT support OpenID Connect - it's OAuth 2.0 only.
// This provider should only be used for OAuth flows, not OIDC authentication.
func (p *GitHubProvider) GetCapabilities() ProviderCapabilities {
return ProviderCapabilities{
SupportsRefreshTokens: false, // GitHub OAuth apps don't support refresh tokens
RequiresOfflineAccessScope: false, // GitHub doesn't use offline_access
RequiresPromptConsent: false,
PreferredTokenValidation: "access", // GitHub only provides access tokens, no ID tokens
}
}
// BuildAuthParams configures GitHub-specific authentication parameters.
func (p *GitHubProvider) BuildAuthParams(baseParams url.Values, scopes []string) (*AuthParams, error) {
// GitHub doesn't use offline_access scope, so remove it if present
var filteredScopes []string
for _, scope := range scopes {
if scope != "offline_access" {
filteredScopes = append(filteredScopes, scope)
}
}
// If no scopes specified, use default GitHub scopes for OAuth
// Note: GitHub doesn't support 'openid' scope as it's not an OIDC provider
if len(filteredScopes) == 0 {
filteredScopes = []string{"user:email", "read:user"}
}
return &AuthParams{
URLValues: baseParams,
Scopes: deduplicateScopes(filteredScopes),
}, nil
}
// GitHub requires specific configuration for proper operation.
func (p *GitHubProvider) ValidateConfig() error {
return p.BaseProvider.ValidateConfig()
}