Authenticate with external oauth provider with client context

Signed-off-by: Madhura Bhave <mbhave@pivotal.io>

client-lib/src/test/java/org/cloudfoundry/identity/client/integration/ClientAPITokenIntegrationTest.java

@@ -183,8 +183,6 @@ public static void test_fetch_token_from_authorization_code(UaaContextFactory fa
         TokenRequest fetchTokenRequest = factory.tokenRequest()
             .setGrantType(FETCH_TOKEN_FROM_CODE)
             .setRedirectUri(new URI(redirectUri))
-            .setClientId(clientId)
-            .setClientSecret(clientSecret)
             .setAuthorizationCode(code);
         if (idToken) {
             fetchTokenRequest.withIdToken();

model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOAuthIdentityProviderDefinition.java → model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java

@@ -19,7 +19,7 @@
 import java.util.Map;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class XOAuthIdentityProviderDefinition<TAuthenticationFlow extends XOAuthIdentityProviderDefinition.AuthenticationFlow> extends ExternalIdentityProviderDefinition {
+public abstract class AbstractXOAuthIdentityProviderDefinition<T extends AbstractXOAuthIdentityProviderDefinition> extends ExternalIdentityProviderDefinition {
     private URL authUrl;
     private URL tokenUrl;
     private URL tokenKeyUrl;
@@ -29,104 +29,85 @@ public class XOAuthIdentityProviderDefinition<TAuthenticationFlow extends XOAuth
     private boolean skipSslValidation;
     private String relyingPartyId;
     private String relyingPartySecret;
-    private TAuthenticationFlow authenticationFlow;
-
-    public TAuthenticationFlow getAuthenticationFlow() {
-        return authenticationFlow;
-    }
-
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setAuthenticationFlow(TAuthenticationFlow authenticationFlow) {
-        this.authenticationFlow = authenticationFlow;
-        return this;
-    }
 
     public URL getAuthUrl() {
         return authUrl;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setAuthUrl(URL authUrl) {
+    public T setAuthUrl(URL authUrl) {
         this.authUrl = authUrl;
-        return this;
+        return (T) this;
     }
 
     public URL getTokenUrl() {
         return tokenUrl;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenUrl(URL tokenUrl) {
+    public T setTokenUrl(URL tokenUrl) {
         this.tokenUrl = tokenUrl;
-        return this;
+         return (T) this;
     }
 
     public URL getTokenKeyUrl() {
         return tokenKeyUrl;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenKeyUrl(URL tokenKeyUrl) {
+    public T setTokenKeyUrl(URL tokenKeyUrl) {
         this.tokenKeyUrl = tokenKeyUrl;
-        return this;
+         return (T) this;
     }
 
     public String getTokenKey() {
         return tokenKey;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setTokenKey(String tokenKey) {
+    public T setTokenKey(String tokenKey) {
         this.tokenKey = tokenKey;
-        return this;
+         return (T) this;
     }
 
     public String getLinkText() {
         return linkText;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setLinkText(String linkText) {
+    public T setLinkText(String linkText) {
         this.linkText = linkText;
-        return this;
+         return (T) this;
     }
 
     public boolean isShowLinkText() {
         return showLinkText;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setShowLinkText(boolean showLinkText) {
+    public T setShowLinkText(boolean showLinkText) {
         this.showLinkText = showLinkText;
-        return this;
+         return (T) this;
     }
 
     public String getRelyingPartyId() {
         return relyingPartyId;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setRelyingPartyId(String relyingPartyId) {
+    public T setRelyingPartyId(String relyingPartyId) {
         this.relyingPartyId = relyingPartyId;
-        return this;
+         return (T) this;
     }
 
     public String getRelyingPartySecret() {
         return relyingPartySecret;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setRelyingPartySecret(String relyingPartySecret) {
+    public T setRelyingPartySecret(String relyingPartySecret) {
         this.relyingPartySecret = relyingPartySecret;
-        return this;
+         return (T) this;
     }
 
     public boolean isSkipSslValidation() {
         return skipSslValidation;
     }
 
-    public XOAuthIdentityProviderDefinition<TAuthenticationFlow> setSkipSslValidation(boolean skipSslValidation) {
+    public T setSkipSslValidation(boolean skipSslValidation) {
         this.skipSslValidation = skipSslValidation;
-        return this;
-    }
-
-    public interface AuthenticationFlow {
-        String getType();
-
-        String getResponseType();
-
-        String getTokenFromResponse(Map<String, String> responseBody);
-
+         return (T) this;
     }
 }

model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java

@@ -135,10 +135,11 @@ public IdentityProvider setConfig(T config) {
                 }
             } else if (UaaIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = UAA;
-            } else if (XOAuthIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
-                this.type = ((XOAuthIdentityProviderDefinition) config).getAuthenticationFlow().getType();
-            }
-            else if (LdapIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
+            } else if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
+                this.type = OAUTH20;
+            } else if (XOIDCIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
+                this.type = OIDC10;
+            } else if (LdapIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = LDAP;
             } else if (KeystoneIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = KEYSTONE;
@@ -337,10 +338,10 @@ public IdentityProvider deserialize(JsonParser jp, DeserializationContext ctxt)
                         definition = JsonUtils.readValue(config, SamlIdentityProviderDefinition.class);
                         break;
                     case OAUTH20:
-                        definition = JsonUtils.readValue(config, new TypeReference<XOAuthIdentityProviderDefinition<RawOauthAuthenticationFlow>>() {});
+                        definition = JsonUtils.readValue(config, RawXOAuthIdentityProviderDefinition.class);
                         break;
                     case OIDC10:
-                        definition = JsonUtils.readValue(config, new TypeReference<XOAuthIdentityProviderDefinition<OidcAuthenticationFlow>>() {});
+                        definition = JsonUtils.readValue(config, XOIDCIdentityProviderDefinition.class);
                         break;
                     case UAA:
                         definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class);

model/src/main/java/org/cloudfoundry/identity/uaa/provider/RawXOAuthIdentityProviderDefinition.java

@@ -0,0 +1,17 @@
+package org.cloudfoundry.identity.uaa.provider;
+
+import java.net.URL;
+
+public class RawXOAuthIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition<RawXOAuthIdentityProviderDefinition> {
+
+    private URL checkTokenUrl;
+
+    public URL getCheckTokenUrl() {
+        return checkTokenUrl;
+    }
+
+    public RawXOAuthIdentityProviderDefinition setCheckTokenUrl(URL checkTokenUrl) {
+        this.checkTokenUrl = checkTokenUrl;
+        return this;
+    }
+}

model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOIDCIdentityProviderDefinition.java

@@ -0,0 +1,17 @@
+package org.cloudfoundry.identity.uaa.provider;
+
+import java.net.URL;
+
+public class XOIDCIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition<XOIDCIdentityProviderDefinition> {
+
+    private URL userInfoUrl;
+
+    public URL getUserInfoUrl() {
+        return userInfoUrl;
+    }
+
+    public XOIDCIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) {
+        this.userInfoUrl = userInfoUrl;
+        return this;
+    }
+}

server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java

@@ -20,10 +20,12 @@
 import org.cloudfoundry.identity.uaa.provider.KeystoneIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.LockoutPolicy;
-import org.cloudfoundry.identity.uaa.provider.XOAuthIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
+import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.LdapUtils;
@@ -50,7 +52,7 @@ public class IdentityProviderBootstrap implements InitializingBean {
     private IdentityProviderProvisioning provisioning;
     private List<IdentityProvider> providers = new LinkedList<>();
     private SamlIdentityProviderConfigurator configurator;
-    private Map<String, XOAuthIdentityProviderDefinition> oauthIdpDefintions;
+    private Map<String, AbstractXOAuthIdentityProviderDefinition> oauthIdpDefintions;
     private Map<String, Object> ldapConfig;
     private Map<String, Object> keystoneConfig;
     private Environment environment;
@@ -71,10 +73,16 @@ private void addOauthProviders() {
         if (oauthIdpDefintions == null) {
             return;
         }
-        for (Map.Entry<String, XOAuthIdentityProviderDefinition> definition : oauthIdpDefintions.entrySet()) {
+        for (Map.Entry<String, AbstractXOAuthIdentityProviderDefinition> definition : oauthIdpDefintions.entrySet()) {
             validateDuplicateAlias(definition.getKey());
             IdentityProvider provider = new IdentityProvider();
-            provider.setType(definition.getValue().getAuthenticationFlow().getType());
+            if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) {
+                provider.setType(OriginKeys.OAUTH20);
+            } else if(XOIDCIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) {
+                provider.setType(OriginKeys.OIDC10);
+            } else {
+                throw new IllegalArgumentException("Unknown provider type.");
+            }
             provider.setOriginKey(definition.getKey());
             provider.setName("UAA Oauth Identity Provider["+provider.getOriginKey()+"]");
             provider.setActive(true);
@@ -278,7 +286,7 @@ public void setDisableInternalUserManagement(boolean disableInternalUserManageme
         this.disableInternalUserManagement = disableInternalUserManagement;
     }
 
-    public void setOauthIdpDefintions(Map<String, XOAuthIdentityProviderDefinition> oauthIdpDefintions) {
+    public void setOauthIdpDefinitions(Map<String, AbstractXOAuthIdentityProviderDefinition> oauthIdpDefintions) {
         this.oauthIdpDefintions = oauthIdpDefintions;
     }
 }