Add microsoft oauth2 providers (#16544)

* Clean up oauth2 providers

Signed-off-by: Andrew Thornton <[email protected]>

* Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers

Signed-off-by: Andrew Thornton <[email protected]>

* Apply suggestions from code review

* remove unused Scopes

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>

go.sum

@@ -762,6 +762,7 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
 github.com/markbates/goth v1.68.0 h1:90sKvjRAKHcl9V2uC9x/PJXeD78cFPiBsyP1xVhoQfA=
 github.com/markbates/goth v1.68.0/go.mod h1:V2VcDMzDiMHW+YmqYl7i0cMiAUeCkAe4QE6jRKBhXZw=

options/locale/locale_en-US.ini

@@ -2441,6 +2441,7 @@ auths.oauth2_tokenURL = Token URL
 auths.oauth2_authURL = Authorize URL
 auths.oauth2_profileURL = Profile URL
 auths.oauth2_emailURL = Email URL
+auths.oauth2_tenant = Tenant
 auths.enable_auto_register = Enable Auto Registration
 auths.sspi_auto_create_users = Automatically create users
 auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time

routers/web/admin/auths.go

@@ -98,8 +98,8 @@ func NewAuthSource(ctx *context.Context) {
  ctx.Data["AuthSources"] = authSources
  ctx.Data["SecurityProtocols"] = securityProtocols
  ctx.Data["SMTPAuths"] = smtp.Authenticators
- ctx.Data["OAuth2Providers"] = oauth2.Providers
- ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+ oauth2providers := oauth2.GetOAuth2Providers()
+ ctx.Data["OAuth2Providers"] = oauth2providers
 
  ctx.Data["SSPIAutoCreateUsers"] = true
  ctx.Data["SSPIAutoActivateUsers"] = true
@@ -108,10 +108,7 @@ func NewAuthSource(ctx *context.Context) {
  ctx.Data["SSPIDefaultLanguage"] = ""
 
  // only the first as default
- for key := range oauth2.Providers {
- ctx.Data["oauth2_provider"] = key
- break
- }
+ ctx.Data["oauth2_provider"] = oauth2providers[0]
 
  ctx.HTML(http.StatusOK, tplAuthNew)
 }
@@ -170,6 +167,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
  AuthURL: form.Oauth2AuthURL,
  ProfileURL: form.Oauth2ProfileURL,
  EmailURL: form.Oauth2EmailURL,
+ Tenant: form.Oauth2Tenant,
  }
  } else {
  customURLMapping = nil
@@ -220,8 +218,8 @@ func NewAuthSourcePost(ctx *context.Context) {
  ctx.Data["AuthSources"] = authSources
  ctx.Data["SecurityProtocols"] = securityProtocols
  ctx.Data["SMTPAuths"] = smtp.Authenticators
- ctx.Data["OAuth2Providers"] = oauth2.Providers
- ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+ oauth2providers := oauth2.GetOAuth2Providers()
+ ctx.Data["OAuth2Providers"] = oauth2providers
 
  ctx.Data["SSPIAutoCreateUsers"] = true
  ctx.Data["SSPIAutoActivateUsers"] = true
@@ -299,8 +297,8 @@ func EditAuthSource(ctx *context.Context) {
 
  ctx.Data["SecurityProtocols"] = securityProtocols
  ctx.Data["SMTPAuths"] = smtp.Authenticators
- ctx.Data["OAuth2Providers"] = oauth2.Providers
- ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+ oauth2providers := oauth2.GetOAuth2Providers()
+ ctx.Data["OAuth2Providers"] = oauth2providers
 
  source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  if err != nil {
@@ -311,7 +309,17 @@ func EditAuthSource(ctx *context.Context) {
  ctx.Data["HasTLS"] = source.HasTLS()
 
  if source.IsOAuth2() {
- ctx.Data["CurrentOAuth2Provider"] = oauth2.Providers[source.Cfg.(*oauth2.Source).Provider]
+ type Named interface {
+ Name() string
+ }
+
+ for _, provider := range oauth2providers {
+ if provider.Name() == source.Cfg.(Named).Name() {
+ ctx.Data["CurrentOAuth2Provider"] = provider
+ break
+ }
+ }
+
  }
  ctx.HTML(http.StatusOK, tplAuthEdit)
 }
@@ -324,8 +332,8 @@ func EditAuthSourcePost(ctx *context.Context) {
  ctx.Data["PageIsAdminAuthentications"] = true
 
  ctx.Data["SMTPAuths"] = smtp.Authenticators
- ctx.Data["OAuth2Providers"] = oauth2.Providers
- ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+ oauth2providers := oauth2.GetOAuth2Providers()
+ ctx.Data["OAuth2Providers"] = oauth2providers
 
  source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
  if err != nil {

routers/web/user/setting/security.go

@@ -12,7 +12,6 @@ import (
  "code.gitea.io/gitea/modules/base"
  "code.gitea.io/gitea/modules/context"
  "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/services/auth/source/oauth2"
 )
 
 const (
@@ -92,9 +91,19 @@ func loadSecurityData(ctx *context.Context) {
  for _, externalAccount := range accountLinks {
  if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {
  var providerDisplayName string
- if loginSource.IsOAuth2() {
- providerTechnicalName := loginSource.Cfg.(*oauth2.Source).Provider
- providerDisplayName = oauth2.Providers[providerTechnicalName].DisplayName
+
+ type DisplayNamed interface {
+ DisplayName() string
+ }
+
+ type Named interface {
+ Name() string
+ }
+
+ if displayNamed, ok := loginSource.Cfg.(DisplayNamed); ok {
+ providerDisplayName = displayNamed.DisplayName()
+ } else if named, ok := loginSource.Cfg.(Named); ok {
+ providerDisplayName = named.Name()
  } else {
  providerDisplayName = loginSource.Name
  }