3 files changed, 129 insertions, 2 deletions

diff --git a/internal/config/config.go b/internal/config/config.go
index e2bfd0b68..117b8efb5 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -57,6 +57,7 @@ type Config struct {
 	StorageConfig     *StorageConfig     `yaml:"storage"`
 	StatusesConfig    *StatusesConfig    `yaml:"statuses"`
 	LetsEncryptConfig *LetsEncryptConfig `yaml:"letsEncrypt"`
+	OIDCConfig        *OIDCConfig        `yaml:"oidc"`
 
 	/*
 		Not parsed from .yaml configuration file.
@@ -87,6 +88,7 @@ func Empty() *Config {
 		StorageConfig:     &StorageConfig{},
 		StatusesConfig:    &StatusesConfig{},
 		LetsEncryptConfig: &LetsEncryptConfig{},
+		OIDCConfig:        &OIDCConfig{},
 		AccountCLIFlags:   make(map[string]string),
 	}
 }
@@ -268,7 +270,34 @@ func (c *Config) ParseCLIFlags(f KeyedFlags, version string) error {
 		c.LetsEncryptConfig.EmailAddress = f.String(fn.LetsEncryptEmailAddress)
 	}
 
-	c.SoftwareVersion = GetDefaults().SoftwareVersion
+	// OIDC flags
+	if f.IsSet(fn.OIDCEnabled) {
+		c.OIDCConfig.Enabled = f.Bool(fn.OIDCEnabled)
+	}
+
+	if c.OIDCConfig.IDPName == "" || f.IsSet(fn.OIDCIdpName) {
+		c.OIDCConfig.IDPName = f.String(fn.OIDCIdpName)
+	}
+
+	if f.IsSet(fn.OIDCSkipVerification) {
+		c.OIDCConfig.SkipVerification = f.Bool(fn.OIDCSkipVerification)
+	}
+
+	if c.OIDCConfig.Issuer == "" || f.IsSet(fn.OIDCIssuer) {
+		c.OIDCConfig.Issuer = f.String(fn.OIDCIssuer)
+	}
+
+	if c.OIDCConfig.ClientID == "" || f.IsSet(fn.OIDCClientID) {
+		c.OIDCConfig.ClientID = f.String(fn.OIDCClientID)
+	}
+
+	if c.OIDCConfig.ClientSecret == "" || f.IsSet(fn.OIDCClientSecret) {
+		c.OIDCConfig.ClientSecret = f.String(fn.OIDCClientSecret)
+	}
+
+	if len(c.OIDCConfig.Scopes) == 0 || f.IsSet(fn.OIDCScopes) {
+		c.OIDCConfig.Scopes = f.StringSlice(fn.OIDCScopes)
+	}
 
 	// command-specific flags
 
@@ -278,7 +307,6 @@ func (c *Config) ParseCLIFlags(f KeyedFlags, version string) error {
 	c.AccountCLIFlags[PasswordFlag] = f.String(PasswordFlag)
 
 	c.SoftwareVersion = version
-
 	return nil
 }
 
@@ -287,6 +315,7 @@ func (c *Config) ParseCLIFlags(f KeyedFlags, version string) error {
 type KeyedFlags interface {
 	Bool(k string) bool
 	String(k string) string
+	StringSlice(k string) []string
 	Int(k string) int
 	IsSet(k string) bool
 }
@@ -337,6 +366,14 @@ type Flags struct {
 	LetsEncryptEnabled      string
 	LetsEncryptCertDir      string
 	LetsEncryptEmailAddress string
+
+	OIDCEnabled          string
+	OIDCIdpName          string
+	OIDCSkipVerification string
+	OIDCIssuer           string
+	OIDCClientID         string
+	OIDCClientSecret     string
+	OIDCScopes           string
 }
 
 // Defaults contains all the default values for a gotosocial config
@@ -385,6 +422,14 @@ type Defaults struct {
 	LetsEncryptEnabled      bool
 	LetsEncryptCertDir      string
 	LetsEncryptEmailAddress string
+
+	OIDCEnabled          bool
+	OIDCIdpName          string
+	OIDCSkipVerification bool
+	OIDCIssuer           string
+	OIDCClientID         string
+	OIDCClientSecret     string
+	OIDCScopes           []string
 }
 
 // GetFlagNames returns a struct containing the names of the various flags used for
@@ -434,6 +479,14 @@ func GetFlagNames() Flags {
 		LetsEncryptEnabled:      "letsencrypt-enabled",
 		LetsEncryptCertDir:      "letsencrypt-cert-dir",
 		LetsEncryptEmailAddress: "letsencrypt-email",
+
+		OIDCEnabled:          "oidc-enabled",
+		OIDCIdpName:          "oidc-idp-name",
+		OIDCSkipVerification: "oidc-skip-verification",
+		OIDCIssuer:           "oidc-issuer",
+		OIDCClientID:         "oidc-client-id",
+		OIDCClientSecret:     "oidc-client-secret",
+		OIDCScopes:           "oidc-scopes",
 	}
 }
 
@@ -484,5 +537,13 @@ func GetEnvNames() Flags {
 		LetsEncryptEnabled:      "GTS_LETSENCRYPT_ENABLED",
 		LetsEncryptCertDir:      "GTS_LETSENCRYPT_CERT_DIR",
 		LetsEncryptEmailAddress: "GTS_LETSENCRYPT_EMAIL",
+
+		OIDCEnabled:          "GTS_OIDC_ENABLED",
+		OIDCIdpName:          "GTS_OIDC_IDP_NAME",
+		OIDCSkipVerification: "GTS_OIDC_SKIP_VERIFICATION",
+		OIDCIssuer:           "GTS_OIDC_ISSUER",
+		OIDCClientID:         "GTS_OIDC_CLIENT_ID",
+		OIDCClientSecret:     "GTS_OIDC_CLIENT_SECRET",
+		OIDCScopes:           "GTS_OIDC_SCOPES",
 	}
 }
diff --git a/internal/config/default.go b/internal/config/default.go
index 099eead1c..61940eff4 100644
--- a/internal/config/default.go
+++ b/internal/config/default.go
@@ -1,5 +1,7 @@
 package config
 
+import "github.com/coreos/go-oidc/v3/oidc"
+
 // TestDefault returns a default config for testing
 func TestDefault() *Config {
 	defaults := GetTestDefaults()
@@ -52,6 +54,15 @@ func TestDefault() *Config {
 			CertDir:      defaults.LetsEncryptCertDir,
 			EmailAddress: defaults.LetsEncryptEmailAddress,
 		},
+		OIDCConfig: &OIDCConfig{
+			Enabled:          defaults.OIDCEnabled,
+			IDPName:          defaults.OIDCIdpName,
+			SkipVerification: defaults.OIDCSkipVerification,
+			Issuer:           defaults.OIDCIssuer,
+			ClientID:         defaults.OIDCClientID,
+			ClientSecret:     defaults.OIDCClientSecret,
+			Scopes:           defaults.OIDCScopes,
+		},
 	}
 }
 
@@ -107,6 +118,15 @@ func Default() *Config {
 			CertDir:      defaults.LetsEncryptCertDir,
 			EmailAddress: defaults.LetsEncryptEmailAddress,
 		},
+		OIDCConfig: &OIDCConfig{
+			Enabled:          defaults.OIDCEnabled,
+			IDPName:          defaults.OIDCIdpName,
+			SkipVerification: defaults.OIDCSkipVerification,
+			Issuer:           defaults.OIDCIssuer,
+			ClientID:         defaults.OIDCClientID,
+			ClientSecret:     defaults.OIDCClientSecret,
+			Scopes:           defaults.OIDCScopes,
+		},
 	}
 }
 
@@ -157,6 +177,14 @@ func GetDefaults() Defaults {
 		LetsEncryptEnabled:      true,
 		LetsEncryptCertDir:      "/gotosocial/storage/certs",
 		LetsEncryptEmailAddress: "",
+
+		OIDCEnabled:          false,
+		OIDCIdpName:          "",
+		OIDCSkipVerification: false,
+		OIDCIssuer:           "",
+		OIDCClientID:         "",
+		OIDCClientSecret:     "",
+		OIDCScopes:           []string{oidc.ScopeOpenID, "profile", "email", "groups"},
 	}
 }
 
@@ -204,5 +232,13 @@ func GetTestDefaults() Defaults {
 		LetsEncryptEnabled:      false,
 		LetsEncryptCertDir:      "",
 		LetsEncryptEmailAddress: "",
+
+		OIDCEnabled:          false,
+		OIDCIdpName:          "",
+		OIDCSkipVerification: false,
+		OIDCIssuer:           "",
+		OIDCClientID:         "",
+		OIDCClientSecret:     "",
+		OIDCScopes:           []string{oidc.ScopeOpenID, "profile", "email", "groups"},
 	}
 }
diff --git a/internal/config/oidc.go b/internal/config/oidc.go
new file mode 100644
index 000000000..06158bbb7
--- /dev/null
+++ b/internal/config/oidc.go
@@ -0,0 +1,30 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package config
+
+// OIDCConfig contains configuration values for openID connect (oauth) authorization by an external service such as Dex.
+type OIDCConfig struct {
+	Enabled          bool     `yaml:"enabled"`
+	IDPName          string   `yaml:"idpName"`
+	SkipVerification bool     `yaml:"skipVerification"`
+	Issuer           string   `yaml:"issuer"`
+	ClientID         string   `yaml:"clientID"`
+	ClientSecret     string   `yaml:"clientSecret"`
+	Scopes           []string `yaml:"scopes"`
+}