"encoding/base64"
"errors"
"fmt"
+ "net/http"
"net/url"
"strings"
"sync"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
+ "git.arvados.org/arvados.git/sdk/go/httpserver"
"github.com/coreos/go-oidc"
"golang.org/x/oauth2"
"google.golang.org/api/option"
return loginError(fmt.Errorf("error making redirect URL: %s", err))
}
conf := &oauth2.Config{
- ClientID: ctrl.Cluster.Login.GoogleClientID,
- ClientSecret: ctrl.Cluster.Login.GoogleClientSecret,
+ ClientID: ctrl.Cluster.Login.Google.ClientID,
+ ClientSecret: ctrl.Cluster.Login.Google.ClientSecret,
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
RedirectURL: redirURL.String(),
}
}
+func (ctrl *googleLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
+ return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
+}
+
// Use a person's token to get all of their email addresses, with the
// primary address at index 0. The provided defaultAddr is always
// included in the returned slice, and is used as the primary if the
ret.Email = claims.Email
}
- if !ctrl.Cluster.Login.GoogleAlternateEmailAddresses {
+ if !ctrl.Cluster.Login.Google.AlternateEmailAddresses {
if ret.Email == "" {
return nil, fmt.Errorf("cannot log in with unverified email address %q", claims.Email)
}