Support custom OAuth endpoints (#1259)

Co-authored-by: Nelson Silva <nsilva@nuxeo.com>

README.md

@@ -254,6 +254,9 @@ refreshTokenTimeout|  millisecond value, after how many millisecond you want ref
 redirectSilentIframeUri|  url to be redirect after silent refresh login| /assets/silent-refresh.html |
 silentLogin|  direct execute the implicit login without the need to call AlfrescoJsApi.implicitLogin() method|   false|
 publicUrls | list of public urls that don't need authorization. It is possible too pass absolute paths and string patterns that are valid for [minimatch](https://github.com/isaacs/minimatch#readme) |
+authorizationUrl| authorization url, relative to the host| /protocol/openid-connect/auth|
+tokenUrl| token url, relative to the host| /protocol/openid-connect/token|
+logoutUrl| logout url, relative to the host| /protocol/openid-connect/logout|
 
 The api/js-api will automatically redirect you to the login page anf refresh the token if necessary
 

src/authentication/oauth2Auth.ts

@@ -32,14 +32,22 @@ declare let window: Window;
 
 export class Oauth2Auth extends AlfrescoApiClient {
 
+    static readonly DEFAULT_AUTHORIZATION_URL = '/protocol/openid-connect/auth';
+    static readonly DEFAULT_TOKEN_URL = '/protocol/openid-connect/token';
+    static readonly DEFAULT_LOGOUT_URL = '/protocol/openid-connect/logout';
+
     private refreshTokenIntervalPolling: any;
     private refreshTokenTimeoutIframe: any;
     private checkAccessToken = true;
     storage: Storage;
 
     hashFragmentParams: any;
     token: string;
-    discovery: any = {};
+    discovery: {
+        loginUrl?: string;
+        logoutUrl?: string;
+        tokenEndpoint?: string;
+    } = {};
 
     authentications: Authentication = {
         'oauth2': { accessToken: '' }, type: 'oauth2', 'basicAuth': {}
@@ -121,9 +129,9 @@ export class Oauth2Auth extends AlfrescoApiClient {
     }
 
     discoveryUrls() {
-        this.discovery.loginUrl = `${this.host}/protocol/openid-connect/auth`;
-        this.discovery.logoutUrl = `${this.host}/protocol/openid-connect/logout`;
-        this.discovery.tokenEndpoint = `${this.host}/protocol/openid-connect/token`;
+        this.discovery.loginUrl = this.host + (this.config.oauth2.authorizationUrl || Oauth2Auth.DEFAULT_AUTHORIZATION_URL);
+        this.discovery.logoutUrl = this.host + (this.config.oauth2.logoutUrl || Oauth2Auth.DEFAULT_LOGOUT_URL);
+        this.discovery.tokenEndpoint = this.host + (this.config.oauth2.tokenUrl || Oauth2Auth.DEFAULT_TOKEN_URL);
     }
 
     hasContentProvider(): boolean {

src/authentication/oauth2Config.ts

@@ -19,6 +19,9 @@ export interface Oauth2Config {
     clientId: string;
     secret?: string;
     host: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    logoutUrl?: string;
     scope: string;
     implicitFlow?: boolean;
     redirectUri: string;

test/oauth2Auth.spec.ts

@@ -30,6 +30,59 @@ describe('Oauth2  test', () => {
         });
     });
 
+    describe('Discovery urls', () => {
+        const authType = 'OAUTH';
+        const host = 'http://dummy/auth';
+        const clientId = 'dummy';
+        const scope = 'openid';
+        const redirectUri = '/';
+
+        it('should have default urls', async () => {
+            const oauth2Auth = new Oauth2Auth(
+                <AlfrescoApiConfig> {
+                    oauth2: {
+                        host,
+                        clientId,
+                        scope,
+                        redirectUri
+                    },
+                    authType
+                },
+                alfrescoJsApi
+            );
+
+            expect(oauth2Auth.discovery.loginUrl).to.be.equal(host + Oauth2Auth.DEFAULT_AUTHORIZATION_URL);
+            expect(oauth2Auth.discovery.tokenEndpoint).to.be.equal(host + Oauth2Auth.DEFAULT_TOKEN_URL);
+            expect(oauth2Auth.discovery.logoutUrl).to.be.equal(host + Oauth2Auth.DEFAULT_LOGOUT_URL);
+        });
+
+        it('should be possible to override the default urls', async () => {
+            const authorizationUrl = '/custom-login';
+            const logoutUrl = '/custom-logout';
+            const tokenUrl = '/custom-token';
+            const oauth2Auth = new Oauth2Auth(
+                <AlfrescoApiConfig> {
+                    oauth2: {
+                        host,
+                        authorizationUrl,
+                        logoutUrl,
+                        tokenUrl,
+                        clientId,
+                        scope,
+                        redirectUri
+                    },
+                    authType
+                },
+                alfrescoJsApi
+            );
+
+            expect(oauth2Auth.discovery.loginUrl).to.be.equal(host + authorizationUrl);
+            expect(oauth2Auth.discovery.tokenEndpoint).to.be.equal(host + tokenUrl);
+            expect(oauth2Auth.discovery.logoutUrl).to.be.equal(host + logoutUrl);
+        });
+
+    });
+
     describe('With Authentication', () => {
 
         it('should be possible have different user login in different instance of the oauth2Auth class', async () => {