forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for known providers to OIDC
This adds specifc config to enable OIDC login for the main OIDC providers. Having explicit config options like this makes it easy to search the documentation/dev UI for it. Fixes quarkusio#20783
- Loading branch information
1 parent
ee7e6c9
commit aa51984
Showing
10 changed files
with
342 additions
and
4 deletions.
There are no files selected for viewing
29 changes: 29 additions & 0 deletions
29
...c/deployment/src/main/java/io/quarkus/oidc/deployment/KnownProviderSupplierBuildItem.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| package io.quarkus.oidc.deployment; | ||
|
|
||
| import java.util.Optional; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import io.quarkus.builder.item.MultiBuildItem; | ||
| import io.quarkus.oidc.OidcTenantConfig; | ||
|
|
||
| /** | ||
| * An interface that abstracts details of a well known OIDC provider (google, github etc) | ||
| */ | ||
| public final class KnownProviderSupplierBuildItem extends MultiBuildItem { | ||
|
|
||
| final String name; | ||
| final Supplier<Optional<OidcTenantConfig>> supplier; | ||
|
|
||
| public KnownProviderSupplierBuildItem(String name, Supplier<Optional<OidcTenantConfig>> supplier) { | ||
| this.name = name; | ||
| this.supplier = supplier; | ||
| } | ||
|
|
||
| public Supplier<Optional<OidcTenantConfig>> getSupplier() { | ||
| return supplier; | ||
| } | ||
|
|
||
| public String getName() { | ||
| return name; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/Facebook.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| package io.quarkus.oidc.runtime.providers; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import io.quarkus.runtime.annotations.ConfigGroup; | ||
| import io.quarkus.runtime.annotations.ConfigItem; | ||
|
|
||
| @ConfigGroup | ||
| public class Facebook { | ||
|
|
||
| /** | ||
| * The client ID | ||
| */ | ||
| @ConfigItem | ||
| public String clientId; | ||
|
|
||
| /** | ||
| * The secret | ||
| */ | ||
| @ConfigItem | ||
| public String secret; | ||
|
|
||
| /** | ||
| * List of scopes | ||
| */ | ||
| @ConfigItem(defaultValue = "email,public_profile") | ||
| public List<String> scopes; | ||
|
|
||
| /** | ||
| * Fields to retrieve from the user info endpoint | ||
| */ | ||
| @ConfigItem(defaultValue = "id,name,email,first_name,last_name") | ||
| public String userInfoFields; | ||
| } |
28 changes: 28 additions & 0 deletions
28
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/GitHub.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| package io.quarkus.oidc.runtime.providers; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import io.quarkus.runtime.annotations.ConfigGroup; | ||
| import io.quarkus.runtime.annotations.ConfigItem; | ||
|
|
||
| @ConfigGroup | ||
| public class GitHub { | ||
|
|
||
| /** | ||
| * The client ID | ||
| */ | ||
| @ConfigItem | ||
| public String clientId; | ||
|
|
||
| /** | ||
| * The secret | ||
| */ | ||
| @ConfigItem | ||
| public String secret; | ||
|
|
||
| /** | ||
| * List of scopes | ||
| */ | ||
| @ConfigItem(defaultValue = "user:email") | ||
| public List<String> scopes; | ||
| } |
28 changes: 28 additions & 0 deletions
28
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/Google.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| package io.quarkus.oidc.runtime.providers; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import io.quarkus.runtime.annotations.ConfigGroup; | ||
| import io.quarkus.runtime.annotations.ConfigItem; | ||
|
|
||
| @ConfigGroup | ||
| public class Google { | ||
|
|
||
| /** | ||
| * The client ID | ||
| */ | ||
| @ConfigItem | ||
| public String clientId; | ||
|
|
||
| /** | ||
| * The secret | ||
| */ | ||
| @ConfigItem | ||
| public String secret; | ||
|
|
||
| /** | ||
| * List of scopes | ||
| */ | ||
| @ConfigItem(defaultValue = "openid,email,profile") | ||
| public List<String> scopes; | ||
| } |
111 changes: 111 additions & 0 deletions
111
...c/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOIDCProvidersRecorder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| package io.quarkus.oidc.runtime.providers; | ||
|
|
||
| import java.util.Optional; | ||
| import java.util.function.Supplier; | ||
|
|
||
| import io.quarkus.oidc.OidcTenantConfig; | ||
| import io.quarkus.oidc.runtime.OidcConfig; | ||
| import io.quarkus.runtime.annotations.Recorder; | ||
|
|
||
| @Recorder | ||
| public class KnownOIDCProvidersRecorder { | ||
|
|
||
| final OidcConfig config; | ||
|
|
||
| public KnownOIDCProvidersRecorder(OidcConfig config) { | ||
| this.config = config; | ||
| } | ||
|
|
||
| public Supplier<Optional<OidcTenantConfig>> github() { | ||
| return new Supplier<Optional<OidcTenantConfig>>() { | ||
| @Override | ||
| public Optional<OidcTenantConfig> get() { | ||
| if (config.provider.github.isEmpty()) { | ||
| return Optional.empty(); | ||
| } | ||
| OidcTenantConfig ret = new OidcTenantConfig(); | ||
| ret.clientId = Optional.of(config.provider.github.get().clientId); | ||
| ret.credentials.secret = Optional.of(config.provider.github.get().secret); | ||
| ret.authServerUrl = Optional.of("https://github.com/login/oauth"); | ||
| //TODO: do we want to hard code this? | ||
| ret.applicationType = OidcTenantConfig.ApplicationType.HYBRID; | ||
| ret.discoveryEnabled = false; | ||
| ret.authorizationPath = Optional.of("authorize"); | ||
| ret.tokenPath = Optional.of("access_token"); | ||
| ret.userInfoPath = Optional.of("https://api.github.com/user"); | ||
| ret.authentication.scopes = Optional.of(config.provider.github.get().scopes); | ||
| ret.authentication.userInfoRequired = true; | ||
| ret.authentication.setIdTokenRequired(false); | ||
| ret.authentication.setRedirectPath("/Login/githubLoginSuccess"); | ||
| return Optional.of(ret); | ||
| } | ||
| }; | ||
| } | ||
|
|
||
| public Supplier<Optional<OidcTenantConfig>> google() { | ||
| return new Supplier<Optional<OidcTenantConfig>>() { | ||
| @Override | ||
| public Optional<OidcTenantConfig> get() { | ||
| if (config.provider.google.isEmpty()) { | ||
| return Optional.empty(); | ||
| } | ||
| OidcTenantConfig ret = new OidcTenantConfig(); | ||
| ret.clientId = Optional.of(config.provider.google.get().clientId); | ||
| ret.credentials.secret = Optional.of(config.provider.google.get().secret); | ||
| ret.authServerUrl = Optional.of("https://accounts.google.com"); | ||
| //TODO: do we want to hard code this? | ||
| ret.applicationType = OidcTenantConfig.ApplicationType.HYBRID; | ||
| ret.authentication.scopes = Optional.of(config.provider.google.get().scopes); | ||
| ret.authentication.setRedirectPath("/Login/oidcLoginSuccess"); | ||
| return Optional.of(ret); | ||
| } | ||
| }; | ||
| } | ||
|
|
||
| public Supplier<Optional<OidcTenantConfig>> microsoft() { | ||
| return new Supplier<Optional<OidcTenantConfig>>() { | ||
| @Override | ||
| public Optional<OidcTenantConfig> get() { | ||
| if (config.provider.microsoft.isEmpty()) { | ||
| return Optional.empty(); | ||
| } | ||
| OidcTenantConfig ret = new OidcTenantConfig(); | ||
| ret.clientId = Optional.of(config.provider.microsoft.get().clientId); | ||
| ret.credentials.secret = Optional.of(config.provider.microsoft.get().secret); | ||
| ret.authServerUrl = Optional.of("https://login.microsoftonline.com/common/v2.0"); | ||
| //TODO: do we want to hard code this? | ||
| ret.applicationType = OidcTenantConfig.ApplicationType.HYBRID; | ||
| ret.authentication.setRedirectPath("/Login/oidcLoginSuccess"); | ||
| ret.token.setIssuer("any"); | ||
| return Optional.of(ret); | ||
| } | ||
| }; | ||
| } | ||
|
|
||
| public Supplier<Optional<OidcTenantConfig>> facebook() { | ||
| return new Supplier<Optional<OidcTenantConfig>>() { | ||
| @Override | ||
| public Optional<OidcTenantConfig> get() { | ||
| if (config.provider.facebook.isEmpty()) { | ||
| return Optional.empty(); | ||
| } | ||
| OidcTenantConfig ret = new OidcTenantConfig(); | ||
| ret.clientId = Optional.of(config.provider.facebook.get().clientId); | ||
| ret.credentials.secret = Optional.of(config.provider.facebook.get().secret); | ||
| ret.authServerUrl = Optional.of("https://www.facebook.com"); | ||
| ret.authentication.scopes = Optional.of(config.provider.facebook.get().scopes); | ||
| ret.applicationType = OidcTenantConfig.ApplicationType.HYBRID; | ||
| ret.authentication.setRedirectPath("/Login/facebookLoginSuccess"); | ||
| ret.discoveryEnabled = false; | ||
| ret.tokenPath = Optional.of("https://graph.facebook.com/v12.0/oauth/access_token"); | ||
| ret.token.setIssuer("facebook"); | ||
| ret.setAuthorizationPath("https://facebook.com/dialog/oauth/"); | ||
| ret.setJwksPath("https://www.facebook.com/.well-known/oauth/openid/jwks/"); | ||
| ret.setUserInfoPath("https://graph.facebook.com/me/?fields=" + config.provider.facebook.get().userInfoFields); | ||
| ret.authentication.setUserInfoRequired(true); | ||
| ret.authentication.setIdTokenRequired(false); | ||
| return Optional.of(ret); | ||
| } | ||
| }; | ||
| } | ||
| } |
27 changes: 27 additions & 0 deletions
27
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/Microsoft.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| package io.quarkus.oidc.runtime.providers; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import io.quarkus.runtime.annotations.ConfigGroup; | ||
| import io.quarkus.runtime.annotations.ConfigItem; | ||
|
|
||
| @ConfigGroup | ||
| public class Microsoft { | ||
|
|
||
| /** | ||
| * The client ID | ||
| */ | ||
| @ConfigItem | ||
| public String clientId; | ||
|
|
||
| /** | ||
| * The secret | ||
| */ | ||
| @ConfigItem | ||
| public String secret; | ||
| /** | ||
| * List of scopes | ||
| */ | ||
| @ConfigItem(defaultValue = "openid,email,profile") | ||
| public List<String> scopes; | ||
| } |
Oops, something went wrong.