Skip to content

Commit

Permalink
feat: add kakao OIDC (supabase#1381)
Browse files Browse the repository at this point in the history
Adds support for OIDC login with Kakao via `signInWithIdToken()`.

Fixes:
- supabase#1358
  • Loading branch information
MiryangJung authored Mar 5, 2024
1 parent b8d0337 commit b5566e7
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 0 deletions.
1 change: 1 addition & 0 deletions internal/api/provider/kakao.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
const (
defaultKakaoAuthBase = "kauth.kakao.com"
defaultKakaoAPIBase = "kapi.kakao.com"
IssuerKakao = "https://kauth.kakao.com"
)

type kakaoProvider struct {
Expand Down
39 changes: 39 additions & 0 deletions internal/api/provider/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ func ParseIDToken(ctx context.Context, provider *oidc.Provider, config *oidc.Con
token, data, err = parseAppleIDToken(token)
case IssuerLinkedin:
token, data, err = parseLinkedinIDToken(token)
case IssuerKakao:
token, data, err = parseKakaoIDToken(token)
default:
if IsAzureIssuer(token.Issuer) {
token, data, err = parseAzureIDToken(token)
Expand Down Expand Up @@ -312,6 +314,43 @@ func parseAzureIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, e
return token, &data, nil
}

type KakaoIDTokenClaims struct {
jwt.StandardClaims

Email string `json:"email"`
Nickname string `json:"nickname"`
Picture string `json:"picture"`
}

func parseKakaoIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, error) {
var claims KakaoIDTokenClaims

if err := token.Claims(&claims); err != nil {
return nil, nil, err
}

var data UserProvidedData

if claims.Email != "" {
data.Emails = append(data.Emails, Email{
Email: claims.Email,
Verified: true,
Primary: true,
})
}

data.Metadata = &Claims{
Issuer: token.Issuer,
Subject: token.Subject,
Name: claims.Nickname,
PreferredUsername: claims.Nickname,
ProviderId: token.Subject,
Picture: claims.Picture,
}

return token, &data, nil
}

func parseGenericIDToken(token *oidc.IDToken) (*oidc.IDToken, *UserProvidedData, error) {
var data UserProvidedData

Expand Down
6 changes: 6 additions & 0 deletions internal/api/token_oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,12 @@ func (p *IdTokenGrantParams) getProvider(ctx context.Context, config *conf.Globa
issuer = config.External.Keycloak.URL
acceptableClientIDs = append(acceptableClientIDs, config.External.Keycloak.ClientID...)

case p.Provider == "kakao" || p.Issuer == provider.IssuerKakao:
cfg = &config.External.Kakao
providerType = "kakao"
issuer = provider.IssuerKakao
acceptableClientIDs = append(acceptableClientIDs, config.External.Kakao.ClientID...)

default:
log.WithField("issuer", p.Issuer).WithField("client_id", p.ClientID).Warn("Use of POST /token with arbitrary issuer and client_id is deprecated for security reasons. Please switch to using the API with provider only!")

Expand Down

0 comments on commit b5566e7

Please sign in to comment.