Skip to content

Commit

Permalink
Add Twitch OIDC Provider
Browse files Browse the repository at this point in the history
Simplify Twitch configuration

Co-Authored-By: Sergey Beryozkin <[email protected]>
  • Loading branch information
2 people authored and gastaldi committed Jul 20, 2023
1 parent b229350 commit 4c6f91d
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 1 deletion.
Binary file added docs/src/main/asciidoc/images/oidc-twitch-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
21 changes: 21 additions & 0 deletions docs/src/main/asciidoc/security-openid-connect-providers.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,23 @@ quarkus.oidc.credentials.secret=<Client Secret>

`quarkus.oidc.provider=spotiify` will request `Spotify` to add `user-read-private` and `user-read-email` scopes to issued access tokens. For information about overriding these scopes or requesting more scopes, see the <<provider-scope>> section.

[[twitch]]
=== Twitch

Create a https://dev.twitch.tv/console/apps[Twitch application]:

image::oidc-twitch-1.png[role="thumb"]

You can now configure your `application.properties`:

[source,properties]
----
quarkus.oidc.provider=twitch
quarkus.oidc.client-id=<Client ID>
quarkus.oidc.credentials.client-secret.value=<Client Secret>
----


[[provider-scope]]
== Provider scopes

Expand Down Expand Up @@ -512,6 +529,10 @@ quarkus.oidc.authentication.extra-params.scope=https://www.googleapis.com/auth/c
quarkus.rest-client.google-calendar-api.url=https://www.googleapis.com/calendar/v3
----

== HTTPS Redirect URL

Some providers will only accept HTTPS-based redirect URLs. Tools such as https://ngrok.com/[ngrok] https://linuxhint.com/set-up-use-ngrok/[can be set up] to help testing such providers with Quarkus endpoints running on localhost in devmode.

== References

* xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1605,7 +1605,8 @@ public static enum Provider {
GOOGLE,
MICROSOFT,
SPOTIFY,
TWITTER
TWITTER,
TWITCH
}

public Optional<Provider> getProvider() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) {
return spotify();
} else if (OidcTenantConfig.Provider.TWITTER == provider) {
return twitter();
} else if (OidcTenantConfig.Provider.TWITCH == provider) {
return twitch();
}
return null;
}
Expand Down Expand Up @@ -126,4 +128,15 @@ private static OidcTenantConfig spotify() {

return ret;
}

private static OidcTenantConfig twitch() {
// Ref https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-grant-flow

OidcTenantConfig ret = new OidcTenantConfig();
ret.setAuthServerUrl("https://id.twitch.tv/oauth2");
ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
ret.getAuthentication().setForceRedirectHttpsScheme(true);
ret.getCredentials().getClientSecret().setMethod(Method.POST);
return ret;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,38 @@ public void testOverrideSpotifyProperties() {
assertFalse(config.token.verifyAccessTokenWithUserInfo.get());
}

@Test
public void testAcceptTwitchProperties() throws Exception {
OidcTenantConfig tenant = new OidcTenantConfig();
tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.TWITCH));

assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get());
assertEquals("https://id.twitch.tv/oauth2", config.getAuthServerUrl().get());
assertEquals(Method.POST, config.credentials.clientSecret.method.get());
assertTrue(config.authentication.forceRedirectHttpsScheme.get());
}

@Test
public void testOverrideTwitchProperties() throws Exception {
OidcTenantConfig tenant = new OidcTenantConfig();
tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);

tenant.setApplicationType(ApplicationType.HYBRID);
tenant.setAuthServerUrl("http://localhost/wiremock");
tenant.credentials.clientSecret.setMethod(Method.BASIC);
tenant.authentication.setForceRedirectHttpsScheme(false);

OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.FACEBOOK));

assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
assertEquals(ApplicationType.HYBRID, config.getApplicationType().get());
assertEquals("http://localhost/wiremock", config.getAuthServerUrl().get());
assertFalse(config.getAuthentication().isForceRedirectHttpsScheme().get());
assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
}

@Test
public void testCorrectTokenType() throws Exception {
OidcTenantConfig.Token tokenClaims = new OidcTenantConfig.Token();
Expand Down

0 comments on commit 4c6f91d

Please sign in to comment.