Support SSO using default browser

2025-05-20 07:26:58 -04:00 · 2024-01-22 09:43:15 -05:00
parent 0b55a80317
commit c3bd7aeb93
16 changed files with 201 additions and 36 deletions
--- a/apps/gpclient/src/launch_gui.rs
+++ b/apps/gpclient/src/launch_gui.rs
@@ -10,7 +10,12 @@ use log::info;

 #[derive(Args)]
 pub(crate) struct LaunchGuiArgs {
-  #[clap(long, help = "Launch the GUI minimized")]
+  #[arg(
+    required = false,
+    help = "The authentication data, used for the default browser authentication"
+  )]
+  auth_data: Option<String>,
+  #[arg(long, help = "Launch the GUI minimized")]
  minimized: bool,
 }

@@ -30,6 +35,12 @@ impl<'a> LaunchGuiHandler<'a> {
      anyhow::bail!("`launch-gui` cannot be run as root");
    }

+    let auth_data = self.args.auth_data.as_deref().unwrap_or_default();
+    if !auth_data.is_empty() {
+      // Process the authentication data, its format is `globalprotectcallback:<data>`
+      return feed_auth_data(auth_data).await;
+    }
+
    if try_active_gui().await.is_ok() {
      info!("The GUI is already running");
      return Ok(());
@@ -66,6 +77,19 @@ impl<'a> LaunchGuiHandler<'a> {
  }
 }

+async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
+  let service_endpoint = http_endpoint().await?;
+
+  reqwest::Client::default()
+    .post(format!("{}/auth-data", service_endpoint))
+    .json(&auth_data)
+    .send()
+    .await?
+    .error_for_status()?;
+
+  Ok(())
+}
+
 async fn try_active_gui() -> anyhow::Result<()> {
  let service_endpoint = http_endpoint().await?;