KEYCLOAK-28 - Login with LinkedIn
This commit is contained in:
parent
acef322ea3
commit
c21d110b4c
18 changed files with 274 additions and 2 deletions
|
@ -9,7 +9,7 @@ It can be used for social applications as well as enterprise applications. It i
|
|||
Here's some of the features:
|
||||
|
||||
* SSO and Single Log Out for browser applications
|
||||
* Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
|
||||
* Social Broker. Enable Google, Facebook, Yahoo, Twitter, GitHub, LinkedIn social login with no code required.
|
||||
* Optional LDAP/Active Directory integration
|
||||
* Optional User Registration
|
||||
* Password and TOTP support (via Google Authenticator or FreeOTP). Client cert auth coming soon.
|
||||
|
|
5
dependencies/server-all/pom.xml
vendored
5
dependencies/server-all/pom.xml
vendored
|
@ -122,6 +122,11 @@
|
|||
<artifactId>keycloak-social-facebook</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-social-linkedin</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- ldap federation api -->
|
||||
<dependency>
|
||||
|
|
|
@ -235,6 +235,10 @@
|
|||
<module-def name="org.keycloak.keycloak-social-facebook">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-social-facebook"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-social-linkedin">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-social-linkedin"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-kerberos-federation">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-kerberos-federation"/>
|
||||
|
|
|
@ -57,6 +57,7 @@
|
|||
<module name="org.keycloak.keycloak-social-github" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-google" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-twitter" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-linkedin" services="import"/>
|
||||
<module name="org.keycloak.keycloak-subsystem" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
||||
|
|
|
@ -60,6 +60,7 @@
|
|||
<module name="org.keycloak.keycloak-social-github" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-google" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-twitter" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-linkedin" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
||||
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-linkedin">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="org.keycloak.keycloak-core"/>
|
||||
<module name="org.keycloak.keycloak-social-core"/>
|
||||
<module name="org.keycloak.keycloak-broker-core"/>
|
||||
<module name="org.keycloak.keycloak-broker-oidc"/>
|
||||
<module name="org.keycloak.keycloak-model-api"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.codehaus.jackson.jackson-core-asl"/>
|
||||
<module name="org.codehaus.jackson.jackson-mapper-asl"/>
|
||||
<module name="org.codehaus.jackson.jackson-xc"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -50,6 +50,7 @@
|
|||
<module name="org.keycloak.keycloak-social-github" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-google" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-twitter" services="import"/>
|
||||
<module name="org.keycloak.keycloak-social-linkedin" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-api" services="import"/>
|
||||
<module name="org.keycloak.keycloak-timer-basic" services="import"/>
|
||||
<module name="org.hibernate" services="import"/>
|
||||
|
|
1
examples/cors/angular-product-app/.gitignore
vendored
Normal file
1
examples/cors/angular-product-app/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
/.externalToolBuilders/*
|
|
@ -0,0 +1 @@
|
|||
<div data-ng-include data-src="resourceUrl + '/partials/realm-identity-provider-social.html'"></div>
|
1
social/linkedin/.gitignore
vendored
Normal file
1
social/linkedin/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
/target/
|
40
social/linkedin/pom.xml
Executable file
40
social/linkedin/pom.xml
Executable file
|
@ -0,0 +1,40 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-social-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.2.0.Beta1-SNAPSHOT</version>
|
||||
<relativePath>../pom.xml</relativePath>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<artifactId>keycloak-social-linkedin</artifactId>
|
||||
<name>Keycloak Social LinkedIn</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-social-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-broker-oidc</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jackson</groupId>
|
||||
<artifactId>jackson-mapper-asl</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
|
@ -0,0 +1,109 @@
|
|||
/*
|
||||
* JBoss, Home of Professional Open Source
|
||||
*
|
||||
* Copyright 2015 Red Hat, Inc. and/or its affiliates.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.social.linkedin;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.net.URLDecoder;
|
||||
|
||||
import org.codehaus.jackson.JsonNode;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
|
||||
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
|
||||
import org.keycloak.broker.oidc.util.SimpleHttp;
|
||||
import org.keycloak.broker.provider.FederatedIdentity;
|
||||
import org.keycloak.broker.provider.IdentityBrokerException;
|
||||
import org.keycloak.social.SocialIdentityProvider;
|
||||
|
||||
/**
|
||||
* LinkedIn social provider. See https://developer.linkedin.com/docs/oauth2
|
||||
*
|
||||
* @author Vlastimil Elias (velias at redhat dot com)
|
||||
*/
|
||||
public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
|
||||
|
||||
private static final Logger log = Logger.getLogger(LinkedInIdentityProvider.class);
|
||||
|
||||
public static final String AUTH_URL = "https://www.linkedin.com/uas/oauth2/authorization";
|
||||
public static final String TOKEN_URL = "https://www.linkedin.com/uas/oauth2/accessToken";
|
||||
public static final String PROFILE_URL = "https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,public-profile-url)?format=json";
|
||||
public static final String DEFAULT_SCOPE = "r_basicprofile r_emailaddress";
|
||||
|
||||
public LinkedInIdentityProvider(OAuth2IdentityProviderConfig config) {
|
||||
super(config);
|
||||
config.setAuthorizationUrl(AUTH_URL);
|
||||
config.setTokenUrl(TOKEN_URL);
|
||||
config.setUserInfoUrl(PROFILE_URL);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
|
||||
log.debug("doGetFederatedIdentity()");
|
||||
try {
|
||||
JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
|
||||
|
||||
FederatedIdentity user = new FederatedIdentity(getJsonProperty(profile, "id"));
|
||||
|
||||
user.setUsername(extractUsernameFromProfileURL(getJsonProperty(profile, "publicProfileUrl")));
|
||||
user.setName(getJsonProperty(profile, "formattedName"));
|
||||
user.setEmail(getJsonProperty(profile, "emailAddress"));
|
||||
|
||||
return user;
|
||||
} catch (Exception e) {
|
||||
throw new IdentityBrokerException("Could not obtain user profile from github.", e);
|
||||
}
|
||||
}
|
||||
|
||||
protected static String extractUsernameFromProfileURL(String profileURL) {
|
||||
if (isNotBlank(profileURL)) {
|
||||
|
||||
try {
|
||||
log.debug("go to extract username from profile URL " + profileURL);
|
||||
URL u = new URL(profileURL);
|
||||
String path = u.getPath();
|
||||
if (isNotBlank(path) && path.length() > 1) {
|
||||
if (path.startsWith("/")) {
|
||||
path = path.substring(1);
|
||||
}
|
||||
String[] pe = path.split("/");
|
||||
if (pe.length >= 2) {
|
||||
return URLDecoder.decode(pe[1], "UTF-8");
|
||||
} else {
|
||||
log.warn("LinkedIn profile URL path is without second part: " + profileURL);
|
||||
}
|
||||
} else {
|
||||
log.warn("LinkedIn profile URL is without path part: " + profileURL);
|
||||
}
|
||||
} catch (MalformedURLException e) {
|
||||
log.warn("LinkedIn profile URL is malformed: " + profileURL);
|
||||
} catch (Exception e) {
|
||||
log.warn("LinkedIn profile URL " + profileURL + " username extraction failed due: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private static boolean isNotBlank(String s) {
|
||||
return s != null && s.trim().length() > 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getDefaultScopes() {
|
||||
return DEFAULT_SCOPE;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/*
|
||||
* JBoss, Home of Professional Open Source
|
||||
*
|
||||
* Copyright 2015 Red Hat, Inc. and/or its affiliates.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.social.linkedin;
|
||||
|
||||
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
|
||||
import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.social.SocialIdentityProviderFactory;
|
||||
|
||||
/**
|
||||
* @author Vlastimil Elias (velias at redhat dot com)
|
||||
*/
|
||||
public class LinkedInIdentityProviderFactory extends AbstractIdentityProviderFactory<LinkedInIdentityProvider>
|
||||
implements SocialIdentityProviderFactory<LinkedInIdentityProvider> {
|
||||
|
||||
public static final String PROVIDER_ID = "linkedin";
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return "LinkedIn";
|
||||
}
|
||||
|
||||
@Override
|
||||
public LinkedInIdentityProvider create(IdentityProviderModel model) {
|
||||
return new LinkedInIdentityProvider(new OAuth2IdentityProviderConfig(model));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return PROVIDER_ID;
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
org.keycloak.social.linkedin.LinkedInIdentityProviderFactory
|
|
@ -20,6 +20,7 @@
|
|||
<module>google</module>
|
||||
<module>twitter</module>
|
||||
<module>facebook</module>
|
||||
<module>linkedin</module>
|
||||
</modules>
|
||||
|
||||
</project>
|
||||
|
|
|
@ -24,6 +24,7 @@ import org.keycloak.social.facebook.FacebookIdentityProviderFactory;
|
|||
import org.keycloak.social.github.GitHubIdentityProviderFactory;
|
||||
import org.keycloak.social.google.GoogleIdentityProviderFactory;
|
||||
import org.keycloak.social.twitter.TwitterIdentityProviderFactory;
|
||||
import org.keycloak.social.linkedin.LinkedInIdentityProviderFactory;
|
||||
import org.keycloak.testsuite.model.AbstractModelTest;
|
||||
|
||||
import java.util.Collections;
|
||||
|
@ -47,6 +48,7 @@ public abstract class AbstractIdentityProviderModelTest extends AbstractModelTes
|
|||
this.expectedProviders.add(FacebookIdentityProviderFactory.PROVIDER_ID);
|
||||
this.expectedProviders.add(GitHubIdentityProviderFactory.PROVIDER_ID);
|
||||
this.expectedProviders.add(TwitterIdentityProviderFactory.PROVIDER_ID);
|
||||
this.expectedProviders.add(LinkedInIdentityProviderFactory.PROVIDER_ID);
|
||||
|
||||
this.expectedProviders = Collections.unmodifiableSet(this.expectedProviders);
|
||||
}
|
||||
|
|
|
@ -38,6 +38,8 @@ import org.keycloak.social.google.GoogleIdentityProvider;
|
|||
import org.keycloak.social.google.GoogleIdentityProviderFactory;
|
||||
import org.keycloak.social.twitter.TwitterIdentityProvider;
|
||||
import org.keycloak.social.twitter.TwitterIdentityProviderFactory;
|
||||
import org.keycloak.social.linkedin.LinkedInIdentityProvider;
|
||||
import org.keycloak.social.linkedin.LinkedInIdentityProviderFactory;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashSet;
|
||||
|
@ -160,6 +162,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
|
|||
assertGitHubIdentityProviderConfig(identityProvider);
|
||||
} else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
||||
assertTwitterIdentityProviderConfig(identityProvider);
|
||||
} else if (LinkedInIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
||||
assertLinkedInIdentityProviderConfig(identityProvider);
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
|
@ -257,6 +261,23 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
|
|||
assertEquals(GitHubIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
|
||||
}
|
||||
|
||||
private void assertLinkedInIdentityProviderConfig(IdentityProviderModel identityProvider) {
|
||||
LinkedInIdentityProvider gitHubIdentityProvider = new LinkedInIdentityProviderFactory().create(identityProvider);
|
||||
OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
|
||||
|
||||
assertEquals("model-linkedin", config.getAlias());
|
||||
assertEquals(LinkedInIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
|
||||
assertEquals(true, config.isEnabled());
|
||||
assertEquals(true, config.isUpdateProfileFirstLogin());
|
||||
assertEquals(false, config.isAuthenticateByDefault());
|
||||
assertEquals(false, config.isStoreToken());
|
||||
assertEquals("clientId", config.getClientId());
|
||||
assertEquals("clientSecret", config.getClientSecret());
|
||||
assertEquals(LinkedInIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
|
||||
assertEquals(LinkedInIdentityProvider.TOKEN_URL, config.getTokenUrl());
|
||||
assertEquals(LinkedInIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
|
||||
}
|
||||
|
||||
private void assertTwitterIdentityProviderConfig(IdentityProviderModel identityProvider) {
|
||||
TwitterIdentityProvider twitterIdentityProvider = new TwitterIdentityProviderFactory().create(identityProvider);
|
||||
OAuth2IdentityProviderConfig config = twitterIdentityProvider.getConfig();
|
||||
|
|
|
@ -61,6 +61,20 @@
|
|||
"clientSecret": "clientSecret"
|
||||
}
|
||||
},
|
||||
{
|
||||
"alias" : "model-linkedin",
|
||||
"providerId" : "linkedin",
|
||||
"enabled": true,
|
||||
"updateProfileFirstLogin" : "true",
|
||||
"storeToken": false,
|
||||
"config": {
|
||||
"authorizationUrl": "authorizationUrl",
|
||||
"tokenUrl": "tokenUrl",
|
||||
"userInfoUrl": "userInfoUrl",
|
||||
"clientId": "clientId",
|
||||
"clientSecret": "clientSecret"
|
||||
}
|
||||
},
|
||||
{
|
||||
"alias" : "model-saml-signed-idp",
|
||||
"providerId" : "saml",
|
||||
|
@ -213,4 +227,4 @@
|
|||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue