From 2bd9522360c24ee407e599db17118933db8b2560 Mon Sep 17 00:00:00 2001 From: Thomasr Date: Fri, 12 Jul 2024 14:23:14 -0400 Subject: [PATCH] wrap legacy oauth provider with genericoauth --- .../sdk/auth/constants/Oauth2Constants.java | 2 +- .../oauth2/Oauth2AuthRequestFactory.java | 98 ++++++++++++++++++- 2 files changed, 95 insertions(+), 5 deletions(-) diff --git a/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/auth/constants/Oauth2Constants.java b/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/auth/constants/Oauth2Constants.java index 3ba925d0d..e0c2bda8e 100644 --- a/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/auth/constants/Oauth2Constants.java +++ b/server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/auth/constants/Oauth2Constants.java @@ -17,7 +17,7 @@ public class Oauth2Constants { + "&client_id=" + CLIENT_ID_PLACEHOLDER + "&redirect_uri=" + REDIRECT_URL_PLACEHOLDER + "&state=" + STATE_PLACEHOLDER - + "&scope="; + + "&scope=user"; public static final String GOOGLE_AUTHORIZE_URL = "https://accounts.google.com/o/oauth2/v2/auth" + "?response_type=code" diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/Oauth2AuthRequestFactory.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/Oauth2AuthRequestFactory.java index 5444d203f..0024d03f5 100644 --- a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/Oauth2AuthRequestFactory.java +++ b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/authentication/request/oauth2/Oauth2AuthRequestFactory.java @@ -1,5 +1,6 @@ package org.lowcoder.api.authentication.request.oauth2; +import java.util.HashMap; import java.util.Set; import org.lowcoder.api.authentication.request.AuthRequest; @@ -9,6 +10,7 @@ import org.lowcoder.sdk.auth.Oauth2KeycloakAuthConfig; import org.lowcoder.sdk.auth.Oauth2OryAuthConfig; import org.lowcoder.sdk.auth.Oauth2SimpleAuthConfig; +import org.lowcoder.sdk.auth.constants.AuthTypeConstants; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; @@ -25,10 +27,98 @@ public Mono build(OAuth2RequestContext context) { private AbstractOauth2Request buildRequest(OAuth2RequestContext context) { return switch (context.getAuthConfig().getAuthType()) { - case GITHUB -> new GithubRequest((Oauth2SimpleAuthConfig) context.getAuthConfig()); - case GOOGLE -> new GoogleRequest((Oauth2SimpleAuthConfig) context.getAuthConfig()); - case ORY -> new OryRequest((Oauth2OryAuthConfig) context.getAuthConfig()); - case KEYCLOAK -> new KeycloakRequest((Oauth2KeycloakAuthConfig)context.getAuthConfig()); + case GITHUB -> { + HashMap sourceMappings = new HashMap<>(); + sourceMappings.put("uid", "id"); + sourceMappings.put("email", "email"); + sourceMappings.put("username", "login"); + sourceMappings.put("avatar", "avatar_url"); + Oauth2SimpleAuthConfig config = (Oauth2SimpleAuthConfig) context.getAuthConfig(); + yield new GenericAuthRequest(Oauth2GenericAuthConfig.builder() + .tokenEndpoint(Oauth2DefaultSource.GITHUB.accessToken()) + .userInfoEndpoint(Oauth2DefaultSource.GITHUB.userInfo()) + .userInfoIntrospection(true) + .source(config.getSource()) + .sourceName(config.getSourceName()) + .enableRegister(config.isEnableRegister()) + .enable(config.isEnable()) + .scope("read:email read:user") + .userCanSelectAccounts(true) + .sourceMappings(sourceMappings) + .clientSecret(config.getClientSecret()) + .clientId(config.getClientId()) + .authType(GENERIC) + .build()); + } + case GOOGLE -> { + HashMap sourceMappings = new HashMap<>(); + sourceMappings.put("uid", "sub"); + sourceMappings.put("email", "email"); + sourceMappings.put("username", "email"); + sourceMappings.put("avatar", "picture"); + Oauth2SimpleAuthConfig config = (Oauth2SimpleAuthConfig) context.getAuthConfig(); + yield new GenericAuthRequest(Oauth2GenericAuthConfig.builder() + .tokenEndpoint(Oauth2DefaultSource.GOOGLE.accessToken()) + .userInfoEndpoint(Oauth2DefaultSource.GOOGLE.userInfo()) + .userInfoIntrospection(true) + .source(config.getSource()) + .sourceName(config.getSourceName()) + .enableRegister(config.isEnableRegister()) + .enable(config.isEnable()) + .scope("openid email profile") + .userCanSelectAccounts(true) + .sourceMappings(sourceMappings) + .clientSecret(config.getClientSecret()) + .clientId(config.getClientId()) + .authType(GENERIC) + .build()); + } + case ORY -> { + HashMap sourceMappings = new HashMap<>(); + sourceMappings.put("uid", "sub"); + sourceMappings.put("email", "email"); + sourceMappings.put("username", "email"); + sourceMappings.put("avatar", "picture"); + Oauth2OryAuthConfig config = (Oauth2OryAuthConfig) context.getAuthConfig(); + yield new GenericAuthRequest(Oauth2GenericAuthConfig.builder() + .tokenEndpoint(config.replaceAuthUrlClientIdPlaceholder(Oauth2DefaultSource.ORY.accessToken())) + .userInfoEndpoint(config.replaceAuthUrlClientIdPlaceholder(Oauth2DefaultSource.ORY.userInfo())) + .userInfoIntrospection(true) + .source(config.getSource()) + .sourceName(config.getSourceName()) + .enableRegister(config.isEnableRegister()) + .enable(config.isEnable()) + .scope(config.getScope()) + .userCanSelectAccounts(false) + .sourceMappings(sourceMappings) + .clientSecret(config.getClientSecret()) + .clientId(config.getClientId()) + .authType(GENERIC) + .build()); + } + case KEYCLOAK -> { + HashMap sourceMappings = new HashMap<>(); + sourceMappings.put("uid", "sub"); + sourceMappings.put("email", "email"); + sourceMappings.put("username", "email"); + sourceMappings.put("avatar", "false"); + Oauth2KeycloakAuthConfig config = (Oauth2KeycloakAuthConfig) context.getAuthConfig(); + yield new GenericAuthRequest(Oauth2GenericAuthConfig.builder() + .tokenEndpoint(config.replaceAuthUrlClientIdPlaceholder(Oauth2DefaultSource.KEYCLOAK.accessToken())) + .userInfoEndpoint(config.replaceAuthUrlClientIdPlaceholder(Oauth2DefaultSource.KEYCLOAK.userInfo())) + .userInfoIntrospection(true) + .source(config.getSource()) + .sourceName(config.getSourceName()) + .enableRegister(config.isEnableRegister()) + .enable(config.isEnable()) + .scope(config.getScope()) + .userCanSelectAccounts(false) + .sourceMappings(sourceMappings) + .clientSecret(config.getClientSecret()) + .clientId(config.getClientId()) + .authType(GENERIC) + .build()); + } case GENERIC -> new GenericAuthRequest((Oauth2GenericAuthConfig) context.getAuthConfig()); default -> throw new UnsupportedOperationException(context.getAuthConfig().getAuthType()); };