Add microsoft oauth2 providers (#16544)

* Clean up oauth2 providers

Signed-off-by: Andrew Thornton <[email protected]>

* Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers

Signed-off-by: Andrew Thornton <[email protected]>

* Apply suggestions from code review

* remove unused Scopes

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>

Author: zeripath

go.sum

@@ -762,6 +762,7 @@ github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
 github.com/markbates/goth v1.68.0 h1:90sKvjRAKHcl9V2uC9x/PJXeD78cFPiBsyP1xVhoQfA=
 github.com/markbates/goth v1.68.0/go.mod h1:V2VcDMzDiMHW+YmqYl7i0cMiAUeCkAe4QE6jRKBhXZw=

options/locale/locale_en-US.ini

@@ -2441,6 +2441,7 @@ auths.oauth2_tokenURL = Token URL
 auths.oauth2_authURL = Authorize URL
 auths.oauth2_profileURL = Profile URL
 auths.oauth2_emailURL = Email URL
+auths.oauth2_tenant = Tenant
 auths.enable_auto_register = Enable Auto Registration
 auths.sspi_auto_create_users = Automatically create users
 auths.sspi_auto_create_users_helper = Allow SSPI auth method to automatically create new accounts for users that login for the first time

public/img/auth/azuread.png

@@ -98,8 +98,8 @@ func NewAuthSource(ctx *context.Context) {
 	ctx.Data["AuthSources"] = authSources
 	ctx.Data["SecurityProtocols"] = securityProtocols
 	ctx.Data["SMTPAuths"] = smtp.Authenticators
-	ctx.Data["OAuth2Providers"] = oauth2.Providers
-	ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+	oauth2providers := oauth2.GetOAuth2Providers()
+	ctx.Data["OAuth2Providers"] = oauth2providers
 
 	ctx.Data["SSPIAutoCreateUsers"] = true
 	ctx.Data["SSPIAutoActivateUsers"] = true
@@ -108,10 +108,7 @@ func NewAuthSource(ctx *context.Context) {
 	ctx.Data["SSPIDefaultLanguage"] = ""
 
 	// only the first as default
-	for key := range oauth2.Providers {
-		ctx.Data["oauth2_provider"] = key
-		break
-	}
+	ctx.Data["oauth2_provider"] = oauth2providers[0]
 
 	ctx.HTML(http.StatusOK, tplAuthNew)
 }
@@ -170,6 +167,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
 			AuthURL:    form.Oauth2AuthURL,
 			ProfileURL: form.Oauth2ProfileURL,
 			EmailURL:   form.Oauth2EmailURL,
+			Tenant:     form.Oauth2Tenant,
 		}
 	} else {
 		customURLMapping = nil
@@ -220,8 +218,8 @@ func NewAuthSourcePost(ctx *context.Context) {
 	ctx.Data["AuthSources"] = authSources
 	ctx.Data["SecurityProtocols"] = securityProtocols
 	ctx.Data["SMTPAuths"] = smtp.Authenticators
-	ctx.Data["OAuth2Providers"] = oauth2.Providers
-	ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+	oauth2providers := oauth2.GetOAuth2Providers()
+	ctx.Data["OAuth2Providers"] = oauth2providers
 
 	ctx.Data["SSPIAutoCreateUsers"] = true
 	ctx.Data["SSPIAutoActivateUsers"] = true
@@ -299,8 +297,8 @@ func EditAuthSource(ctx *context.Context) {
 
 	ctx.Data["SecurityProtocols"] = securityProtocols
 	ctx.Data["SMTPAuths"] = smtp.Authenticators
-	ctx.Data["OAuth2Providers"] = oauth2.Providers
-	ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+	oauth2providers := oauth2.GetOAuth2Providers()
+	ctx.Data["OAuth2Providers"] = oauth2providers
 
 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
 	if err != nil {
@@ -311,7 +309,17 @@ func EditAuthSource(ctx *context.Context) {
 	ctx.Data["HasTLS"] = source.HasTLS()
 
 	if source.IsOAuth2() {
-		ctx.Data["CurrentOAuth2Provider"] = oauth2.Providers[source.Cfg.(*oauth2.Source).Provider]
+		type Named interface {
+			Name() string
+		}
+
+		for _, provider := range oauth2providers {
+			if provider.Name() == source.Cfg.(Named).Name() {
+				ctx.Data["CurrentOAuth2Provider"] = provider
+				break
+			}
+		}
+
 	}
 	ctx.HTML(http.StatusOK, tplAuthEdit)
 }
@@ -324,8 +332,8 @@ func EditAuthSourcePost(ctx *context.Context) {
 	ctx.Data["PageIsAdminAuthentications"] = true
 
 	ctx.Data["SMTPAuths"] = smtp.Authenticators
-	ctx.Data["OAuth2Providers"] = oauth2.Providers
-	ctx.Data["OAuth2DefaultCustomURLMappings"] = oauth2.DefaultCustomURLMappings
+	oauth2providers := oauth2.GetOAuth2Providers()
+	ctx.Data["OAuth2Providers"] = oauth2providers
 
 	source, err := models.GetLoginSourceByID(ctx.ParamsInt64(":authid"))
 	if err != nil {

public/img/auth/azureadv2.png

@@ -12,7 +12,6 @@ import (
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
 )
 
 const (
@@ -92,9 +91,19 @@ func loadSecurityData(ctx *context.Context) {
 	for _, externalAccount := range accountLinks {
 		if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {
 			var providerDisplayName string
-			if loginSource.IsOAuth2() {
-				providerTechnicalName := loginSource.Cfg.(*oauth2.Source).Provider
-				providerDisplayName = oauth2.Providers[providerTechnicalName].DisplayName
+
+			type DisplayNamed interface {
+				DisplayName() string
+			}
+
+			type Named interface {
+				Name() string
+			}
+
+			if displayNamed, ok := loginSource.Cfg.(DisplayNamed); ok {
+				providerDisplayName = displayNamed.DisplayName()
+			} else if named, ok := loginSource.Cfg.(Named); ok {
+				providerDisplayName = named.Name()
 			} else {
 				providerDisplayName = loginSource.Name
 			}