Add GitHub as a Provider (#157)

Primarily for a demo, because it looks cool, but also because I'm using
a non-Google/Microsoft account, and as it happens GitHub acts as a great
aggregator of email accounts.

charts/identity/crds/identity.unikorn-cloud.org_oauth2providers.yaml

@@ -56,6 +56,10 @@ spec:
               OAuth2ProviderSpec defines the required configuration for an oauth2
               provider.
             properties:
+              authorizatonURI:
+                description: AuthorizationURI is used when OIDC (discovery) is not
+                  available.
+                type: string
               clientID:
                 description: ClientID is the assigned client identifier.
                 type: string
@@ -84,6 +88,9 @@ spec:
                   - value
                   type: object
                 type: array
+              tokenURI:
+                description: TokenURI is used when OIDC (discovery) is not available.
+                type: string
               type:
                 description: |-
                   Type defines the interface to use with the provider, specifically
@@ -95,6 +102,7 @@ spec:
                 - custom
                 - google
                 - microsoft
+                - github
                 type: string
             required:
             - clientID

charts/identity/templates/oauth2provider.yaml

@@ -12,8 +12,5 @@ metadata:
     unikorn-cloud.org/description: {{ $spec.description }}
   {{- end }}
 spec:
-  type: {{ $spec.type }}
-  issuer: {{ $spec.issuer }}
-  clientID: {{ $spec.clientID }}
-  clientSecret: {{ $spec.clientSecret }}
+  {{- toYaml $spec | nindent 2 }}
 {{- end }}

pkg/apis/unikorn/v1alpha1/types.go

@@ -25,12 +25,13 @@ import (
 
 // IdentityProviderType defines the type of identity provider, and in turn
 // that defines the required configuration and API interfaces.
-// +kubebuilder:validation:Enum=custom;google;microsoft
+// +kubebuilder:validation:Enum=custom;google;microsoft;github
 type IdentityProviderType string
 
 const (
 	GoogleIdentity IdentityProviderType = "google"
 	MicrosoftEntra IdentityProviderType = "microsoft"
+	GitHub         IdentityProviderType = "github"
 )
 
 // OAuth2ClientList is a typed list of frontend clients.
@@ -114,7 +115,11 @@ type OAuth2ProviderSpec struct {
 	// ClientID is the assigned client identifier.
 	ClientID string `json:"clientID"`
 	// ClientSecret is created by the IdP for token exchange.
-	ClientSecret *string `json:"clientSecret,omitempty"`
+	ClientSecret string `json:"clientSecret,omitempty"`
+	// AuthorizationURI is used when OIDC (discovery) is not available.
+	AuthorizationURI *string `json:"authorizatonURI,omitempty"`
+	// TokenURI is used when OIDC (discovery) is not available.
+	TokenURI *string `json:"tokenURI,omitempty"`
 }
 
 // OAuth2ProviderStatus defines the status of the server.

pkg/handler/handler.go

@@ -176,7 +176,7 @@ func (h *Handler) GetOauth2V2Jwks(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) GetOidcCallback(w http.ResponseWriter, r *http.Request) {
-	h.oauth2.OIDCCallback(w, r)
+	h.oauth2.Callback(w, r)
 }
 
 func (h *Handler) GetApiV1Oauth2providers(w http.ResponseWriter, r *http.Request) {

pkg/handler/oauth2providers/client.go

@@ -136,12 +136,16 @@ func (c *Client) generate(ctx context.Context, organization *organizations.Meta,
 	out := &unikornv1.OAuth2Provider{
 		ObjectMeta: conversion.NewObjectMetadata(&in.Metadata, organization.Namespace, info.Userinfo.Sub).WithOrganization(organization.ID).Get(),
 		Spec: unikornv1.OAuth2ProviderSpec{
-			Issuer:       in.Spec.Issuer,
-			ClientID:     in.Spec.ClientID,
-			ClientSecret: in.Spec.ClientSecret,
+			Issuer:   in.Spec.Issuer,
+			ClientID: in.Spec.ClientID,
 		},
 	}
 
+	// TODO: always require this to be written.
+	if in.Spec.ClientSecret != nil {
+		out.Spec.ClientSecret = *in.Spec.ClientSecret
+	}
+
 	out.Spec.Tags = conversion.GenerateTagList(in.Metadata.Tags)
 
 	return out, nil