[KEYCLOAK-993] - Set requested scope for social providers.
This commit is contained in:
parent
99a457c5c1
commit
fcc7afcd26
8 changed files with 54 additions and 28 deletions
|
@ -53,6 +53,10 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
|
|||
|
||||
public AbstractOAuth2IdentityProvider(C config) {
|
||||
super(config);
|
||||
|
||||
if (config.getDefaultScope() == null || config.getDefaultScope().isEmpty()) {
|
||||
config.setDefaultScope(getDefaultScopes());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -158,4 +162,6 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
|
|||
protected JsonNode asJsonNode(String json) throws IOException {
|
||||
return mapper.readTree(json);
|
||||
}
|
||||
|
||||
protected abstract String getDefaultScopes();
|
||||
}
|
||||
|
|
|
@ -34,15 +34,28 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
|
|||
|
||||
public static final String OAUTH2_PARAMETER_PROMPT = "prompt";
|
||||
public static final String OIDC_PARAMETER_ID_TOKEN = "id_token";
|
||||
public static final String SCOPE_OPENID = "openid";
|
||||
|
||||
public OIDCIdentityProvider(OIDCIdentityProviderConfig config) {
|
||||
super(config);
|
||||
|
||||
String defaultScope = config.getDefaultScope();
|
||||
|
||||
if (!defaultScope.contains(SCOPE_OPENID)) {
|
||||
config.setDefaultScope(SCOPE_OPENID + " " + defaultScope);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
|
||||
return super.createAuthorizationUrl(request)
|
||||
.queryParam(OAUTH2_PARAMETER_PROMPT, getConfig().getPrompt());
|
||||
UriBuilder authorizationUrl = super.createAuthorizationUrl(request);
|
||||
String prompt = getConfig().getPrompt();
|
||||
|
||||
if (prompt != null && !prompt.isEmpty()) {
|
||||
authorizationUrl.queryParam(OAUTH2_PARAMETER_PROMPT, prompt);
|
||||
}
|
||||
|
||||
return authorizationUrl;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -125,4 +138,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
|
|||
private String decodeJWS(String token) {
|
||||
return new JWSInput(token).readContentAsString();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getDefaultScopes() {
|
||||
return "openid";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -29,28 +29,10 @@ public class OIDCIdentityProviderConfig extends OAuth2IdentityProviderConfig {
|
|||
}
|
||||
|
||||
public String getPrompt() {
|
||||
String prompt = getConfig().get("prompt");
|
||||
|
||||
if (prompt == null || "".equals(prompt)) {
|
||||
return "none";
|
||||
}
|
||||
|
||||
return prompt;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDefaultScope() {
|
||||
String scope = super.getDefaultScope();
|
||||
|
||||
if (scope == null || "".equals(scope)) {
|
||||
scope = "openid";
|
||||
}
|
||||
|
||||
return scope;
|
||||
return getConfig().get("prompt");
|
||||
}
|
||||
|
||||
public String getIssuer() {
|
||||
return getConfig().get("issuer");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -75,21 +75,22 @@
|
|||
<div class="col-sm-4">
|
||||
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a comma-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
|
||||
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="prompt">Prompt</label>
|
||||
<div class="col-sm-4">
|
||||
<div class="select-kc">
|
||||
<select id="prompt" ng-model="identityProvider.config.prompt">
|
||||
<option value="">none</option>
|
||||
<option value="">unspecified</option>
|
||||
<option value="none">none</option>
|
||||
<option>consent</option>
|
||||
<option>login</option>
|
||||
<option>select_account</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses." class="fa fa-info-circle"></span>
|
||||
<span tooltip-placement="right" tooltip="Specifies whether the Authorization Server prompts the End-User for reauthentication and consent." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
|
||||
|
|
|
@ -42,6 +42,13 @@
|
|||
</div>
|
||||
<span tooltip-placement="right" tooltip="The client or application secret registered withing the identity provider." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group clearfix">
|
||||
<label class="col-sm-2 control-label" for="defaultScope">Default Scopes </label>
|
||||
<div class="col-sm-4">
|
||||
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
|
||||
<div class="col-sm-4">
|
||||
|
|
|
@ -22,7 +22,6 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
|
|||
config.setAuthorizationUrl(AUTH_URL);
|
||||
config.setTokenUrl(TOKEN_URL);
|
||||
config.setUserInfoUrl(PROFILE_URL);
|
||||
config.setDefaultScope(DEFAULT_SCOPE);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -66,4 +65,9 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
|
|||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getDefaultScopes() {
|
||||
return DEFAULT_SCOPE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,7 +22,6 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
|
|||
config.setAuthorizationUrl(AUTH_URL);
|
||||
config.setTokenUrl(TOKEN_URL);
|
||||
config.setUserInfoUrl(PROFILE_URL);
|
||||
config.setDefaultScope(DEFAULT_SCOPE);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -41,4 +40,9 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
|
|||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getDefaultScopes() {
|
||||
return DEFAULT_SCOPE;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -31,7 +31,7 @@ import org.keycloak.social.SocialIdentityProvider;
|
|||
public class GoogleIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
|
||||
|
||||
public static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
|
||||
public static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
|
||||
public static final String TOKEN_URL = "https://www.googleapis.com/oauth2/v3/token";
|
||||
public static final String PROFILE_URL = "https://www.googleapis.com/plus/v1/people/me/openIdConnect";
|
||||
public static final String DEFAULT_SCOPE = "openid profile email";
|
||||
|
||||
|
@ -40,6 +40,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
|
|||
config.setAuthorizationUrl(AUTH_URL);
|
||||
config.setTokenUrl(TOKEN_URL);
|
||||
config.setUserInfoUrl(PROFILE_URL);
|
||||
config.setDefaultScope(DEFAULT_SCOPE);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getDefaultScopes() {
|
||||
return DEFAULT_SCOPE;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue