[KEYCLOAK-993] - Set requested scope for social providers.

This commit is contained in:
pedroigor 2015-01-30 16:05:08 -02:00
parent 99a457c5c1
commit fcc7afcd26
8 changed files with 54 additions and 28 deletions

View file

@ -53,6 +53,10 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
public AbstractOAuth2IdentityProvider(C config) { public AbstractOAuth2IdentityProvider(C config) {
super(config); super(config);
if (config.getDefaultScope() == null || config.getDefaultScope().isEmpty()) {
config.setDefaultScope(getDefaultScopes());
}
} }
@Override @Override
@ -158,4 +162,6 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
protected JsonNode asJsonNode(String json) throws IOException { protected JsonNode asJsonNode(String json) throws IOException {
return mapper.readTree(json); return mapper.readTree(json);
} }
protected abstract String getDefaultScopes();
} }

View file

@ -34,15 +34,28 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
public static final String OAUTH2_PARAMETER_PROMPT = "prompt"; public static final String OAUTH2_PARAMETER_PROMPT = "prompt";
public static final String OIDC_PARAMETER_ID_TOKEN = "id_token"; public static final String OIDC_PARAMETER_ID_TOKEN = "id_token";
public static final String SCOPE_OPENID = "openid";
public OIDCIdentityProvider(OIDCIdentityProviderConfig config) { public OIDCIdentityProvider(OIDCIdentityProviderConfig config) {
super(config); super(config);
String defaultScope = config.getDefaultScope();
if (!defaultScope.contains(SCOPE_OPENID)) {
config.setDefaultScope(SCOPE_OPENID + " " + defaultScope);
}
} }
@Override @Override
protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) { protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
return super.createAuthorizationUrl(request) UriBuilder authorizationUrl = super.createAuthorizationUrl(request);
.queryParam(OAUTH2_PARAMETER_PROMPT, getConfig().getPrompt()); String prompt = getConfig().getPrompt();
if (prompt != null && !prompt.isEmpty()) {
authorizationUrl.queryParam(OAUTH2_PARAMETER_PROMPT, prompt);
}
return authorizationUrl;
} }
@Override @Override
@ -125,4 +138,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
private String decodeJWS(String token) { private String decodeJWS(String token) {
return new JWSInput(token).readContentAsString(); return new JWSInput(token).readContentAsString();
} }
@Override
protected String getDefaultScopes() {
return "openid";
}
} }

View file

@ -29,28 +29,10 @@ public class OIDCIdentityProviderConfig extends OAuth2IdentityProviderConfig {
} }
public String getPrompt() { public String getPrompt() {
String prompt = getConfig().get("prompt"); return getConfig().get("prompt");
if (prompt == null || "".equals(prompt)) {
return "none";
}
return prompt;
}
@Override
public String getDefaultScope() {
String scope = super.getDefaultScope();
if (scope == null || "".equals(scope)) {
scope = "openid";
}
return scope;
} }
public String getIssuer() { public String getIssuer() {
return getConfig().get("issuer"); return getConfig().get("issuer");
} }
} }

View file

@ -75,21 +75,22 @@
<div class="col-sm-4"> <div class="col-sm-4">
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope"> <input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
</div> </div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a comma-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span> <span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label" for="prompt">Prompt</label> <label class="col-sm-2 control-label" for="prompt">Prompt</label>
<div class="col-sm-4"> <div class="col-sm-4">
<div class="select-kc"> <div class="select-kc">
<select id="prompt" ng-model="identityProvider.config.prompt"> <select id="prompt" ng-model="identityProvider.config.prompt">
<option value="">none</option> <option value="">unspecified</option>
<option value="none">none</option>
<option>consent</option> <option>consent</option>
<option>login</option> <option>login</option>
<option>select_account</option> <option>select_account</option>
</select> </select>
</div> </div>
</div> </div>
<span tooltip-placement="right" tooltip="Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses." class="fa fa-info-circle"></span> <span tooltip-placement="right" tooltip="Specifies whether the Authorization Server prompts the End-User for reauthentication and consent." class="fa fa-info-circle"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label> <label class="col-sm-2 control-label" for="enabled">Enabled</label>

View file

@ -42,6 +42,13 @@
</div> </div>
<span tooltip-placement="right" tooltip="The client or application secret registered withing the identity provider." class="fa fa-info-circle"></span> <span tooltip-placement="right" tooltip="The client or application secret registered withing the identity provider." class="fa fa-info-circle"></span>
</div> </div>
<div class="form-group clearfix">
<label class="col-sm-2 control-label" for="defaultScope">Default Scopes </label>
<div class="col-sm-4">
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
</div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
</div>
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label> <label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4"> <div class="col-sm-4">

View file

@ -22,7 +22,6 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
config.setAuthorizationUrl(AUTH_URL); config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL); config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL); config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE);
} }
@Override @Override
@ -66,4 +65,9 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
} }

View file

@ -22,7 +22,6 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
config.setAuthorizationUrl(AUTH_URL); config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL); config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL); config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE);
} }
@Override @Override
@ -41,4 +40,9 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
}
} }

View file

@ -31,7 +31,7 @@ import org.keycloak.social.SocialIdentityProvider;
public class GoogleIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> { public class GoogleIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
public static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth"; public static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
public static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token"; public static final String TOKEN_URL = "https://www.googleapis.com/oauth2/v3/token";
public static final String PROFILE_URL = "https://www.googleapis.com/plus/v1/people/me/openIdConnect"; public static final String PROFILE_URL = "https://www.googleapis.com/plus/v1/people/me/openIdConnect";
public static final String DEFAULT_SCOPE = "openid profile email"; public static final String DEFAULT_SCOPE = "openid profile email";
@ -40,6 +40,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
config.setAuthorizationUrl(AUTH_URL); config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL); config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL); config.setUserInfoUrl(PROFILE_URL);
config.setDefaultScope(DEFAULT_SCOPE); }
@Override
protected String getDefaultScopes() {
return DEFAULT_SCOPE;
} }
} }