From 6895c4e68a0ad115f177921a04b281a467e0e89f Mon Sep 17 00:00:00 2001
From: Tim Riedl <mail@tim-riedl.de>
Date: Sat, 20 Jul 2024 14:19:09 +0000
Subject: [PATCH] endpoints: add authentik provider

---
 endpoints/endpoints.go      | 16 ++++++++++++++++
 endpoints/endpoints_test.go | 38 +++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/endpoints/endpoints.go b/endpoints/endpoints.go
index 89ed30f2a..12a3cdc4d 100644
--- a/endpoints/endpoints.go
+++ b/endpoints/endpoints.go
@@ -257,3 +257,19 @@ func AWSCognito(domain string) oauth2.Endpoint {
 		TokenURL: domain + "/oauth2/token",
 	}
 }
+
+// AuthentikProvider returns a new oauth2.Endpoint for the supplied Authentik domain
+//
+// Example domain: https://testing.auth.us-east-1.amazoncognito.com
+//
+// For more information see:
+// https://docs.goauthentik.io/docs/providers/oauth2/
+func AuthentikProvider(userHost, serverHost string) oauth2.Endpoint {
+	userHost = strings.TrimRight(userHost, "/")
+	serverHost = strings.TrimRight(serverHost, "/")
+
+	return oauth2.Endpoint{
+		AuthURL:  userHost + "/application/o/authorize/",
+		TokenURL: serverHost + "/application/o/token/",
+	}
+}
diff --git a/endpoints/endpoints_test.go b/endpoints/endpoints_test.go
index 4ffa31429..5926e3bce 100644
--- a/endpoints/endpoints_test.go
+++ b/endpoints/endpoints_test.go
@@ -41,3 +41,41 @@ func TestAWSCognitoEndpoint(t *testing.T) {
 		})
 	}
 }
+
+func TestAuthentikProviderEndpoint(t *testing.T) {
+
+	var endpointTests = []struct {
+		Name       string
+		userHost   string
+		serverHost string
+		out        oauth2.Endpoint
+	}{
+		{
+			Name:       "Without Ending URL-Slash",
+			userHost:   "https://example.com",
+			serverHost: "https://authentik:9000",
+			out: oauth2.Endpoint{
+				AuthURL:  "https://example.com/application/o/authorize/",
+				TokenURL: "https://authentik:9000/application/o/token/",
+			},
+		},
+		{
+			Name:       "With Ending URL-Slash",
+			userHost:   "https://example.com/",
+			serverHost: "https://authentik:9000/",
+			out: oauth2.Endpoint{
+				AuthURL:  "https://example.com/application/o/authorize/",
+				TokenURL: "https://authentik:9000/application/o/token/",
+			},
+		},
+	}
+
+	for _, tt := range endpointTests {
+		t.Run(tt.Name, func(t *testing.T) {
+			endpoint := AuthentikProvider(tt.userHost, tt.serverHost)
+			if endpoint != tt.out {
+				t.Errorf("got %q, want %q", endpoint, tt.out)
+			}
+		})
+	}
+}