diff options
Diffstat (limited to 'www/authenticate.pl')
-rwxr-xr-x | www/authenticate.pl | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/www/authenticate.pl b/www/authenticate.pl index ed0fb95..3c865ac 100755 --- a/www/authenticate.pl +++ b/www/authenticate.pl @@ -10,7 +10,8 @@ use JSON; use CGI; use CGI::Fast; -use Net::Google::FederatedLogin; +use OIDC::Lite; +use OIDC::Lite::Client::WebServer; do "common.pl"; @@ -21,23 +22,31 @@ while (my $cgi = new CGI::Fast) { my $realdomain = $::MULKONF->{real_domain}; my $claimed_email = $cgi->param('email'); - $claimed_email =~ s/\@$fakedomain/\@$realdomain/ if $fakedomain; + $claimed_email =~ s/\@$fakedomain/\@$realdomain/ if $fakedomain && $claimed_email; given (my $_ = $::MULKONF->{auth_type}) { when ('imap') { print $cgi->redirect(reluri($cgi, "authenticate-with-password.html?email=$claimed_email")); } when ('google') { - my $g = Net::Google::FederatedLogin->new( - claimed_id => $claimed_email, - return_to => reluri($cgi, 'login.pl'), - extensions => [{ns => 'ax', - uri => 'http://openid.net/srv/ax/1.0', - attributes => {mode => 'fetch_request', - required => 'email', - type => {email => 'http://axschema.org/contact/email'}}}] + my $oidc_client = OIDC::Lite::Client::WebServer->new( + id => $::MULKONF->{'google_oauth2_client_id'}, + secret => $::MULKONF->{'google_oauth2_client_secret'}, + authorize_uri => 'https://accounts.google.com/o/oauth2/auth', + access_token_uri => 'https://accounts.google.com/o/oauth2/token' ); - print $cgi->redirect($g->get_auth_url()); + # FIXME: Make `state` a unique, random session token! (Maybe a + # signed, timestamped web token, so stateless?) + print $cgi->redirect($oidc_client->uri_to_redirect( + redirect_uri => reluri($cgi, 'login.pl'), + scope => 'openid email', + state => '', + extra => { + access_type => 'online', + login_hint => $claimed_email, + response_type => 'code' + } + )); } default { die "Invalid auth_type! " . $::MULKONF->{auth_type}; |