blob: 70513ccc513280fc13014b42edcfef609c4722c5 [file] [log] [blame]
// Copyright 2020 The LUCI Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
package server
import (
const oauthSettingsKey = "oauth_config"
type oauthSettings struct {
ClientID string `json:"client_id"`
// FetchFrontendClientID fetches the frontend client ID from the settings store.
func FetchFrontendClientID(ctx context.Context) (string, error) {
cfg := &oauthSettings{}
switch err := settings.Get(ctx, oauthSettingsKey, cfg); {
case err == nil:
return cfg.ClientID, nil
case err == settings.ErrNoSettings:
return "", nil
return "", errors.Annotate(err, "failed to fetch OAuth settings").Tag(transient.Tag).Err()
// UI for configuring frontend client ID.
type oauthSettingsPage struct {
func (oauthSettingsPage) Title(ctx context.Context) (string, error) {
return "OAuth 2.0 settings", nil
func (oauthSettingsPage) Overview(ctx context.Context) (template.HTML, error) {
return `<p>This page allows to configure a Google OAuth 2.0 client ID to use
from the frontend (i.e. Javascript in the browser) that uses Google OAuth (or
OpenID Connect) web sign-in. If your service doesn't have a Javascript frontend,
or it doesn't use web sign-in, settings here have no effect.</p>`, nil
func (oauthSettingsPage) Fields(ctx context.Context) ([]portal.Field, error) {
return []portal.Field{
ID: "ClientID",
Title: "Frontend OAuth client ID",
Type: portal.FieldText,
Help: `This client ID will be available via /auth/api/v1/server/client_id
endpoint (so that the frontend can grab it), and the auth library will permit
access tokens with this client as an audience when authenticating requests.`,
}, nil
func (oauthSettingsPage) ReadSettings(ctx context.Context) (map[string]string, error) {
s := oauthSettings{}
err := settings.GetUncached(ctx, oauthSettingsKey, &s)
if err != nil && err != settings.ErrNoSettings {
return nil, err
return map[string]string{
"ClientID": s.ClientID,
}, nil
func (oauthSettingsPage) WriteSettings(ctx context.Context, values map[string]string, who, why string) error {
return settings.SetIfChanged(ctx, oauthSettingsKey, &oauthSettings{
ClientID: values["ClientID"],
}, who, why)
func init() {
portal.RegisterPage(oauthSettingsKey, oauthSettingsPage{})