libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

[KEYCLOAK-993] - Set requested scope for social providers.

Browse source
This commit is contained in:
pedroigor 2015-01-30 16:05:08 -02:00
parent 99a457c5c1
commit fcc7afcd26
8 changed files with 54 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
View file

@ -53,6 +53,10 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
public AbstractOAuth2IdentityProvider(C config) {
super(config);
if (config.getDefaultScope() == null || config.getDefaultScope().isEmpty()) {
config.setDefaultScope(getDefaultScopes());
}
}
@Override
@ -158,4 +162,6 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
protected JsonNode asJsonNode(String json) throws IOException {
return mapper.readTree(json);
}
protected abstract String getDefaultScopes();
}

22
broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
View file

@ -34,15 +34,28 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
public static final String OAUTH2_PARAMETER_PROMPT = "prompt";
public static final String OIDC_PARAMETER_ID_TOKEN = "id_token";
public static final String SCOPE_OPENID = "openid";
public OIDCIdentityProvider(OIDCIdentityProviderConfig config) {
super(config);
String defaultScope = config.getDefaultScope();
if (!defaultScope.contains(SCOPE_OPENID)) {
config.setDefaultScope(SCOPE_OPENID + " " + defaultScope);
}
}
@Override
protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
return super.createAuthorizationUrl(request)
.queryParam(OAUTH2_PARAMETER_PROMPT, getConfig().getPrompt());
UriBuilder authorizationUrl = super.createAuthorizationUrl(request);
String prompt = getConfig().getPrompt();
if (prompt != null && !prompt.isEmpty()) {
authorizationUrl.queryParam(OAUTH2_PARAMETER_PROMPT, prompt);
}
return authorizationUrl;
}
@Override
@ -125,4 +138,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
private String decodeJWS(String token) {
return new JWSInput(token).readContentAsString();
}
@Override
protected String getDefaultScopes() {
return "openid";
}
}

20
broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderConfig.java
View file

@ -29,28 +29,10 @@ public class OIDCIdentityProviderConfig extends OAuth2IdentityProviderConfig {
}
public String getPrompt() {
String prompt = getConfig().get("prompt");
if (prompt == null || "".equals(prompt)) {
return "none";
}
return prompt;
}
@Override
public String getDefaultScope() {
String scope = super.getDefaultScope();
if (scope == null || "".equals(scope)) {
scope = "openid";
}
return scope;
return getConfig().get("prompt");
}
public String getIssuer() {
return getConfig().get("issuer");
}
}

7
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html
View file

@ -75,21 +75,22 @@
<div class="col-sm-4">
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
</div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a comma-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="prompt">Prompt</label>
<div class="col-sm-4">
<div class="select-kc">
<select id="prompt" ng-model="identityProvider.config.prompt">
<option value="">none</option>
<option value="">unspecified</option>
<option value="none">none</option>
<option>consent</option>
<option>login</option>
<option>select_account</option>
</select>
</div>
</div>
<span tooltip-placement="right" tooltip="Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses." class="fa fa-info-circle"></span>
<span tooltip-placement="right" tooltip="Specifies whether the Authorization Server prompts the End-User for reauthentication and consent." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>

7
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-social.html
View file

@ -42,6 +42,13 @@
</div>
<span tooltip-placement="right" tooltip="The client or application secret registered withing the identity provider." class="fa fa-info-circle"></span>
</div>
<div class="form-group clearfix">
<label class="col-sm-2 control-label" for="defaultScope">Default Scopes </label>
<div class="col-sm-4">
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
</div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4">

6
social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
View file

@ -22,7 +22,6 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE);
}
@Override
@ -66,4 +65,9 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
throw new RuntimeException(e);
}
}
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
}

6
social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
View file

@ -22,7 +22,6 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE);
}
@Override
@ -41,4 +40,9 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
throw new RuntimeException(e);
}
}
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
}

8
social/google/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
View file

@ -31,7 +31,7 @@ import org.keycloak.social.SocialIdentityProvider;
public class GoogleIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
public static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
public static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
public static final String TOKEN_URL = "https://www.googleapis.com/oauth2/v3/token";
public static final String PROFILE_URL = "https://www.googleapis.com/plus/v1/people/me/openIdConnect";
public static final String DEFAULT_SCOPE = "openid profile email";
@ -40,6 +40,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE);
}
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
}