Click on oidc provider link and perform authentication flow

[#115082069] https://www.pivotaltracker.com/story/show/115082069 Signed-off-by: Jeremy Coffield <jcoffield@pivotal.io> Signed-off-by: Madhura Bhave <mbhave@pivotal.io>
cloudfoundry · Mar 24, 2016 · 80a1d4e · 80a1d4e
1 parent 9e2017a
commit 80a1d4e
Show file tree

Hide file tree

Showing 22 changed files with 859 additions and 106 deletions.
diff --git a/docs/UAA-APIs.rst b/docs/UAA-APIs.rst
@@ -1359,7 +1359,7 @@ Fields            *Available Fields* ::
                     externalGroupsWhitelist  List<String>            Optional List of external groups that will be included in the ID Token if the `roles` scope is requested.
                     providerDescription      String                  Optional Human readable name/description of this provider
 
-                    OAuth Provider Configuration (provided in JSON format as part of the ``config`` field on the Identity Provider - See class org.cloudfoundry.identity.uaa.provider.OauthIdentityProviderDefinition
+                    OAuth Provider Configuration (provided in JSON format as part of the ``config`` field on the Identity Provider - See class org.cloudfoundry.identity.uaa.provider.XOAuthIdentityProviderDefinition
                     ======================   ======================  ======== =================================================================================================================================================================================================================================================================================================================================================================================================================================================
                     alias                    String                  Required Must match ``originKey`` in the provider definition
                     authUrl                  URL                     Required Must be a valid URL that returns the authorization code.

diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java
@@ -17,6 +17,7 @@
 
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -134,12 +135,8 @@ public IdentityProvider setConfig(T config) {
                 }
             } else if (UaaIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = UAA;
-            } else if (OauthIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
+            } else if (XOAuthIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
-                if (((OauthIdentityProviderDefinition)config).getUserInfoUrl()==null) {
+                this.type = ((XOAuthIdentityProviderDefinition) config).getAuthenticationFlow().getType();
-                    this.type = OAUTH20;
-                } else {
-                    this.type = OIDC10;
-                }
             }
             else if (LdapIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = LDAP;
@@ -340,7 +337,10 @@ public IdentityProvider deserialize(JsonParser jp, DeserializationContext ctxt)
                         definition = JsonUtils.readValue(config, SamlIdentityProviderDefinition.class);
                         break;
                     case OAUTH20:
-                        definition = JsonUtils.readValue(config, OauthIdentityProviderDefinition.class);
+                        definition = JsonUtils.readValue(config, new TypeReference<XOAuthIdentityProviderDefinition<RawOauthAuthenticationFlow>>() {});
+                        break;
+                    case OIDC10:
+                        definition = JsonUtils.readValue(config, new TypeReference<XOAuthIdentityProviderDefinition<OidcAuthenticationFlow>>() {});
                         break;
                     case UAA:
                         definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class);

diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/OidcAuthenticationFlow.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/OidcAuthenticationFlow.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * Cloud Foundry
+ * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
+ * <p>
+ * This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ * You may not use this product except in compliance with the License.
+ * <p>
+ * This product includes a number of subcomponents with
+ * separate copyright notices and license terms. Your use of these
+ * subcomponents is subject to the terms and conditions of the
+ * subcomponent's license, as noted in the LICENSE file.
+ *******************************************************************************/
+package org.cloudfoundry.identity.uaa.provider;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
+
+import java.net.URL;
+import java.util.Map;
+
+public class OidcAuthenticationFlow implements XOAuthIdentityProviderDefinition.AuthenticationFlow {
+
+    private URL userInfoUrl;
+
+    @Override
+    @JsonIgnore
+    public String getType() {
+        return OriginKeys.OIDC10;
+    }
+
+    @Override
+    @JsonIgnore
+    public String getResponseType() {
+        return "id_token";
+    }
+
+    @Override
+    @JsonIgnore
+    public String getTokenFromResponse(Map<String, String> responseBody) {
+        return responseBody.get("id_token");
+    }
+
+    public OidcAuthenticationFlow setUserInfoUrl(URL userInfoUrl) {
+        this.userInfoUrl = userInfoUrl;
+        return this;
+    }
+
+    public URL getUserInfoUrl() {
+        return userInfoUrl;
+    }
+}
diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/RawOauthAuthenticationFlow.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/RawOauthAuthenticationFlow.java
@@ -0,0 +1,49 @@
+package org.cloudfoundry.identity.uaa.provider;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
+
+import java.util.Map;
+
+/*******************************************************************************
+ * Cloud Foundry
+ * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
+ * <p>
+ * This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ * You may not use this product except in compliance with the License.
+ * <p>
+ * This product includes a number of subcomponents with
+ * separate copyright notices and license terms. Your use of these
+ * subcomponents is subject to the terms and conditions of the
+ * subcomponent's license, as noted in the LICENSE file.
+ *******************************************************************************/
+public class RawOauthAuthenticationFlow implements XOAuthIdentityProviderDefinition.AuthenticationFlow {
+
+    @Override
+    @JsonIgnore
+    public String getType() {
+        return OriginKeys.OAUTH20;
+    }
+
+    @Override
+    @JsonIgnore
+    public String getResponseType() {
+        return "token";
+    }
+
+    @Override
+    @JsonIgnore
+    public String getTokenFromResponse(Map<String, String> responseBody) {
+        return responseBody.get("access_token");
+    }
+
+    private String ohmygodwhatever;
+
+    public String getOhmygodwhatever() {
+        return ohmygodwhatever;
+    }
+
+    public void setOhmygodwhatever(String ohmygodwhatever) {
+        this.ohmygodwhatever = ohmygodwhatever;
+    }
+}
diff --git a/...ider/OauthIdentityProviderDefinition.java → ...der/XOAuthIdentityProviderDefinition.java b/...ider/OauthIdentityProviderDefinition.java → ...der/XOAuthIdentityProviderDefinition.java
@@ -16,26 +16,35 @@
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
 import java.net.URL;
+import java.util.Map;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class OauthIdentityProviderDefinition extends ExternalIdentityProviderDefinition {
+public class XOAuthIdentityProviderDefinition<TAuthenticationFlow extends XOAuthIdentityProviderDefinition.AuthenticationFlow> extends ExternalIdentityProviderDefinition {
     private URL authUrl;
     private URL tokenUrl;
     private URL tokenKeyUrl;
-    private URL userInfoUrl;
     private String tokenKey;
     private String linkText;
     private boolean showLinkText = true;
     private boolean skipSslValidation;
     private String relyingPartyId;
     private String relyingPartySecret;
+    private TAuthenticationFlow authenticationFlow;
 
+    public TAuthenticationFlow getAuthenticationFlow() {
+        return authenticationFlow;
+    }
+
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setAuthenticationFlow(TAuthenticationFlow authenticationFlow) {
+        this.authenticationFlow = authenticationFlow;
+        return this;
+    }
 
     public URL getAuthUrl() {
         return authUrl;
     }
 
-    public OauthIdentityProviderDefinition setAuthUrl(URL authUrl) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setAuthUrl(URL authUrl) {
         this.authUrl = authUrl;
         return this;
     }
@@ -44,7 +53,7 @@ public URL getTokenUrl() {
         return tokenUrl;
     }
 
-    public OauthIdentityProviderDefinition setTokenUrl(URL tokenUrl) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenUrl(URL tokenUrl) {
         this.tokenUrl = tokenUrl;
         return this;
     }
@@ -53,7 +62,7 @@ public URL getTokenKeyUrl() {
         return tokenKeyUrl;
     }
 
-    public OauthIdentityProviderDefinition setTokenKeyUrl(URL tokenKeyUrl) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenKeyUrl(URL tokenKeyUrl) {
         this.tokenKeyUrl = tokenKeyUrl;
         return this;
     }
@@ -62,7 +71,7 @@ public String getTokenKey() {
         return tokenKey;
     }
 
-    public OauthIdentityProviderDefinition setTokenKey(String tokenKey) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenKey(String tokenKey) {
         this.tokenKey = tokenKey;
         return this;
     }
@@ -71,7 +80,7 @@ public String getLinkText() {
         return linkText;
     }
 
-    public OauthIdentityProviderDefinition setLinkText(String linkText) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setLinkText(String linkText) {
         this.linkText = linkText;
         return this;
     }
@@ -80,7 +89,7 @@ public boolean isShowLinkText() {
         return showLinkText;
     }
 
-    public OauthIdentityProviderDefinition setShowLinkText(boolean showLinkText) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setShowLinkText(boolean showLinkText) {
         this.showLinkText = showLinkText;
         return this;
     }
@@ -89,7 +98,7 @@ public String getRelyingPartyId() {
         return relyingPartyId;
     }
 
-    public OauthIdentityProviderDefinition setRelyingPartyId(String relyingPartyId) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setRelyingPartyId(String relyingPartyId) {
         this.relyingPartyId = relyingPartyId;
         return this;
     }
@@ -98,7 +107,7 @@ public String getRelyingPartySecret() {
         return relyingPartySecret;
     }
 
-    public OauthIdentityProviderDefinition setRelyingPartySecret(String relyingPartySecret) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setRelyingPartySecret(String relyingPartySecret) {
         this.relyingPartySecret = relyingPartySecret;
         return this;
     }
@@ -107,17 +116,17 @@ public boolean isSkipSslValidation() {
         return skipSslValidation;
     }
 
-    public OauthIdentityProviderDefinition setSkipSslValidation(boolean skipSslValidation) {
+    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setSkipSslValidation(boolean skipSslValidation) {
         this.skipSslValidation = skipSslValidation;
         return this;
     }
 
-    public URL getUserInfoUrl() {
+    public interface AuthenticationFlow {
-        return userInfoUrl;
+        String getType();
-    }
+
+        String getResponseType();
+
+        String getTokenFromResponse(Map<String, String> responseBody);
 
-    public OauthIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) {
-        this.userInfoUrl = userInfoUrl;
-        return this;
     }
 }
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthentication.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthentication.java
@@ -37,7 +37,7 @@
 @JsonDeserialize(using = UaaAuthenticationDeserializer.class)
 public class UaaAuthentication implements Authentication, Serializable {
 
-    private List<? extends GrantedAuthority> authorities;
+    private Collection<? extends GrantedAuthority> authorities;
     private Object credentials;
     private UaaPrincipal principal;
     private UaaAuthenticationDetails details;
@@ -58,14 +58,14 @@ public class UaaAuthentication implements Authentication, Serializable {
      *            principal represented by this authentication object.
      */
     public UaaAuthentication(UaaPrincipal principal,
-                             List<? extends GrantedAuthority> authorities,
+                             Collection<? extends GrantedAuthority> authorities,
                              UaaAuthenticationDetails details) {
         this(principal, null, authorities, details, true, System.currentTimeMillis());
     }
 
     public UaaAuthentication(UaaPrincipal principal,
                              Object credentials,
-                             List<? extends GrantedAuthority> authorities,
+                             Collection<? extends GrantedAuthority> authorities,
                              UaaAuthenticationDetails details,
                              boolean authenticated,
                              long authenticatedTime) {
@@ -74,7 +74,7 @@ public UaaAuthentication(UaaPrincipal principal,
 
     public UaaAuthentication(UaaPrincipal principal,
                              Object credentials,
-                             List<? extends GrantedAuthority> authorities,
+                             Collection<? extends GrantedAuthority> authorities,
                              UaaAuthenticationDetails details,
                              boolean authenticated,
                              long authenticatedTime,

diff --git a/...er/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java b/...er/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java
@@ -20,7 +20,7 @@
 import org.cloudfoundry.identity.uaa.provider.KeystoneIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.LockoutPolicy;
-import org.cloudfoundry.identity.uaa.provider.OauthIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.XOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
@@ -50,7 +50,7 @@ public class IdentityProviderBootstrap implements InitializingBean {
     private IdentityProviderProvisioning provisioning;
     private List<IdentityProvider> providers = new LinkedList<>();
     private SamlIdentityProviderConfigurator configurator;
-    private Map<String, OauthIdentityProviderDefinition> oauthIdpDefintions;
+    private Map<String, XOAuthIdentityProviderDefinition> oauthIdpDefintions;
     private Map<String, Object> ldapConfig;
     private Map<String, Object> keystoneConfig;
     private Environment environment;
@@ -71,14 +71,10 @@ private void addOauthProviders() {
         if (oauthIdpDefintions == null) {
             return;
         }
-        for (Map.Entry<String, OauthIdentityProviderDefinition> definition : oauthIdpDefintions.entrySet()) {
+        for (Map.Entry<String, XOAuthIdentityProviderDefinition> definition : oauthIdpDefintions.entrySet()) {
             validateDuplicateAlias(definition.getKey());
             IdentityProvider provider = new IdentityProvider();
-            if (definition.getValue().getUserInfoUrl()==null) {
+            provider.setType(definition.getValue().getAuthenticationFlow().getType());
-                provider.setType(OriginKeys.OAUTH20);
-            } else {
-                provider.setType(OriginKeys.OIDC10);
-            }
             provider.setOriginKey(definition.getKey());
             provider.setName("UAA Oauth Identity Provider["+provider.getOriginKey()+"]");
             provider.setActive(true);
@@ -282,7 +278,7 @@ public void setDisableInternalUserManagement(boolean disableInternalUserManageme
         this.disableInternalUserManagement = disableInternalUserManagement;
     }
 
-    public void setOauthIdpDefintions(Map<String, OauthIdentityProviderDefinition> oauthIdpDefintions) {
+    public void setOauthIdpDefintions(Map<String, XOAuthIdentityProviderDefinition> oauthIdpDefintions) {
         this.oauthIdpDefintions = oauthIdpDefintions;
     }
 }