Support the attribute responseType on oauth/oidc provider

[#122654431] https://www.pivotaltracker.com/story/show/122654431

model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java

@@ -31,6 +31,7 @@ public abstract class AbstractXOAuthIdentityProviderDefinition<T extends Abstrac
     private String relyingPartySecret;
     private List<String> scopes;
     private String issuer;
+    private String responseType = "code";
 
     public URL getAuthUrl() {
         return authUrl;
@@ -130,4 +131,13 @@ public T setIssuer(String issuer) {
         this.issuer = issuer;
         return (T) this;
     }
+
+    public String getResponseType() {
+        return responseType;
+    }
+
+    public T setResponseType(String responseType) {
+        this.responseType = responseType;
+        return (T) this;
+    }
 }

model/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProvider.java

@@ -18,7 +18,6 @@
 
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -27,7 +26,6 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
-import org.cloudfoundry.identity.uaa.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 
 import javax.validation.constraints.NotNull;
@@ -138,7 +136,7 @@ public IdentityProvider setConfig(T config) {
                 this.type = UAA;
             } else if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = OAUTH20;
-            } else if (XOIDCIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
+            } else if (OIDCIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = OIDC10;
             } else if (LdapIdentityProviderDefinition.class.isAssignableFrom(clazz)) {
                 this.type = LDAP;
@@ -340,7 +338,7 @@ public IdentityProvider deserialize(JsonParser jp, DeserializationContext ctxt)
                         definition = JsonUtils.readValue(config, RawXOAuthIdentityProviderDefinition.class);
                         break;
                     case OIDC10:
-                        definition = JsonUtils.readValue(config, XOIDCIdentityProviderDefinition.class);
+                        definition = JsonUtils.readValue(config, OIDCIdentityProviderDefinition.class);
                         break;
                     case UAA:
                         definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class);

model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOIDCIdentityProviderDefinition.java → model/src/main/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinition.java

@@ -14,15 +14,15 @@
 
 import java.net.URL;
 
-public class XOIDCIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition<XOIDCIdentityProviderDefinition> {
+public class OIDCIdentityProviderDefinition extends AbstractXOAuthIdentityProviderDefinition<OIDCIdentityProviderDefinition> {
 
     private URL userInfoUrl;
 
     public URL getUserInfoUrl() {
         return userInfoUrl;
     }
 
-    public XOIDCIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) {
+    public OIDCIdentityProviderDefinition setUserInfoUrl(URL userInfoUrl) {
         this.userInfoUrl = userInfoUrl;
         return this;
     }

server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java

@@ -25,7 +25,7 @@
 import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfigurator;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.LdapUtils;
@@ -78,7 +78,7 @@ private void addOauthProviders() {
             IdentityProvider provider = new IdentityProvider();
             if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) {
                 provider.setType(OriginKeys.OAUTH20);
-            } else if(XOIDCIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) {
+            } else if(OIDCIdentityProviderDefinition.class.isAssignableFrom(definition.getValue().getClass())) {
                 provider.setType(OriginKeys.OIDC10);
             } else {
                 throw new IllegalArgumentException("Unknown provider type.");

server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java

@@ -196,7 +196,7 @@ public IdentityProvider mapRow(ResultSet rs, int rowNum) throws SQLException {
                         definition = JsonUtils.readValue(config, RawXOAuthIdentityProviderDefinition.class);
                         break;
                     case OriginKeys.OIDC10 :
-                        definition = JsonUtils.readValue(config, XOIDCIdentityProviderDefinition.class);
+                        definition = JsonUtils.readValue(config, OIDCIdentityProviderDefinition.class);
                         break;
                     case OriginKeys.UAA :
                         definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class);

server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIdentityProviderDefinitionFactoryBean.java

@@ -1,8 +1,20 @@
+/*******************************************************************************
+ *     Cloud Foundry
+ *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
+ *
+ *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
+ *     You may not use this product except in compliance with the License.
+ *
+ *     This product includes a number of subcomponents with
+ *     separate copyright notices and license terms. Your use of these
+ *     subcomponents is subject to the terms and conditions of the
+ *     subcomponent's license, as noted in the LICENSE file.
+ *******************************************************************************/
 package org.cloudfoundry.identity.uaa.provider.oauth;
 
 import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
 
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -13,6 +25,7 @@
 import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OAUTH20;
 import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OIDC10;
 import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS;
+import static org.springframework.util.StringUtils.hasText;
 
 public class OauthIdentityProviderDefinitionFactoryBean {
     private Map<String,AbstractXOAuthIdentityProviderDefinition> oauthIdpDefinitions = new HashMap<>();
@@ -30,7 +43,7 @@ public OauthIdentityProviderDefinitionFactoryBean(Map<String, Map> definitions)
                         oauthIdpDefinitions.put(alias, oauthIdentityProviderDefinition);
                     }
                     else if(OIDC10.equalsIgnoreCase(type)) {
-                        XOIDCIdentityProviderDefinition oidcIdentityProviderDefinition = new XOIDCIdentityProviderDefinition();
+                        OIDCIdentityProviderDefinition oidcIdentityProviderDefinition = new OIDCIdentityProviderDefinition();
                         setCommonProperties(idpDefinitionMap, oidcIdentityProviderDefinition);
                         oidcIdentityProviderDefinition.setUserInfoUrl(idpDefinitionMap.get("userInfoUrl") == null ? null : new URL((String) idpDefinitionMap.get("userInfoUrl")));
                         oauthIdpDefinitions.put(alias, oidcIdentityProviderDefinition);
@@ -57,6 +70,10 @@ private void setCommonProperties(Map idpDefinitionMap, AbstractXOAuthIdentityPro
         idpDefinition.setIssuer((String) idpDefinitionMap.get("issuer"));
         idpDefinition.setAttributeMappings((Map<String, Object>) idpDefinitionMap.get(ATTRIBUTE_MAPPINGS));
         idpDefinition.setScopes((List<String>) idpDefinitionMap.get("scopes"));
+        String responseType = (String) idpDefinitionMap.get("responseType");
+        if (hasText(responseType)) {
+            idpDefinition.setResponseType(responseType);
+        }
         try {
             idpDefinition.setAuthUrl(new URL((String)idpDefinitionMap.get("authUrl")));
             idpDefinition.setTokenKeyUrl(idpDefinitionMap.get("tokenKeyUrl") == null ? null : new URL((String)idpDefinitionMap.get("tokenKeyUrl")));

server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java

@@ -26,7 +26,7 @@
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
 import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
 import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserPrototype;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
@@ -280,7 +280,7 @@ public RestTemplate getRestTemplate(AbstractXOAuthIdentityProviderDefinition con
     private String getResponseType(AbstractXOAuthIdentityProviderDefinition config) {
         if (RawXOAuthIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) {
             return "token";
-        } else if (XOIDCIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) {
+        } else if (OIDCIdentityProviderDefinition.class.isAssignableFrom(config.getClass())) {
             return "id_token";
         } else {
             throw new IllegalArgumentException("Unknown type for provider.");

server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java

@@ -27,7 +27,7 @@
 import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderConfigurator;
 import org.cloudfoundry.identity.uaa.test.JdbcTestBase;
 import org.cloudfoundry.identity.uaa.util.PredicateMatcher;
@@ -244,8 +244,9 @@ public void testRemovedKeystoneBootstrapIsInactive() throws Exception {
     public void testRemovedOAuthIdentityProviderIsInactive() throws Exception {
         AbstractXOAuthIdentityProviderDefinition oauthProvider = new RawXOAuthIdentityProviderDefinition();
         setCommonProperties(oauthProvider);
-        AbstractXOAuthIdentityProviderDefinition oidcProvider = new XOIDCIdentityProviderDefinition();
+        AbstractXOAuthIdentityProviderDefinition oidcProvider = new OIDCIdentityProviderDefinition();
         setCommonProperties(oidcProvider);
+        oidcProvider.setResponseType("code id_token");
         IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate);
         IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment());
         HashMap<String, AbstractXOAuthIdentityProviderDefinition> oauthProviderConfig = new HashMap<>();
@@ -262,6 +263,11 @@ public void testRemovedOAuthIdentityProviderIsInactive() throws Exception {
             assertNotNull(bootstrapOauthProvider.getLastModified());
             assertEquals(provider.getKey(), bootstrapOauthProvider.getType());
             assertTrue(bootstrapOauthProvider.isActive());
+            if (OIDC10.equals(provider.getKey())) {
+                assertEquals("code id_token", bootstrapOauthProvider.getConfig().getResponseType());
+            } else {
+                assertEquals("code", bootstrapOauthProvider.getConfig().getResponseType());
+            }
         }
 
         bootstrap.setOauthIdpDefinitions(null);

server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java

@@ -11,7 +11,7 @@
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
 import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.ldap.ExtendedLdapUserDetails;
 import org.cloudfoundry.identity.uaa.scim.ScimUser;
 import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
@@ -208,7 +208,7 @@ public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception {
         when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
         when(expiringCodeStore.generateCode(anyString(), anyObject(), eq(INVITATION.name()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), INVITATION.name()));
 
-        XOIDCIdentityProviderDefinition definition = new XOIDCIdentityProviderDefinition();
+        OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition();
         definition.setAuthUrl(new URL("https://oidc10.auth.url"));
 
         IdentityProvider provider = new IdentityProvider();

server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java

@@ -25,7 +25,7 @@
 import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken;
 import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
@@ -655,7 +655,7 @@ public void we_return_both_oauth_and_oidc_providers() throws Exception {
         RawXOAuthIdentityProviderDefinition oauthDefinition = new RawXOAuthIdentityProviderDefinition()
             .setAuthUrl(new URL("http://auth.url"))
             .setTokenUrl(new URL("http://token.url"));
-        XOIDCIdentityProviderDefinition oidcDefinition = new XOIDCIdentityProviderDefinition()
+        OIDCIdentityProviderDefinition oidcDefinition = new OIDCIdentityProviderDefinition()
             .setAuthUrl(new URL("http://auth.url"))
             .setTokenUrl(new URL("http://token.url"));
 
@@ -739,7 +739,7 @@ private IdentityProvider createOIDCIdentityProvider(String originKey) throws Mal
         IdentityProvider<AbstractXOAuthIdentityProviderDefinition> oidcIdentityProvider= new IdentityProvider<>();
         oidcIdentityProvider.setOriginKey(originKey);
         oidcIdentityProvider.setType(OriginKeys.OIDC10);
-        oidcIdentityProvider.setConfig(new XOIDCIdentityProviderDefinition());
+        oidcIdentityProvider.setConfig(new OIDCIdentityProviderDefinition());
         return oidcIdentityProvider;
 
     }

server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerTest.java

@@ -29,7 +29,7 @@
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
 import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
 import org.cloudfoundry.identity.uaa.provider.JdbcIdentityProviderProvisioning;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase;
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
@@ -111,7 +111,7 @@ public class XOAuthAuthenticationManagerTest {
     private IdentityProvider<AbstractXOAuthIdentityProviderDefinition> identityProvider;
     private Map<String, Object> claims;
     private HashMap<String, Object> attributeMappings;
-    private XOIDCIdentityProviderDefinition config;
+    private OIDCIdentityProviderDefinition config;
     private String rsaSigningKey;
     private RsaSigner signer;
     private Map<String, Object> header;
@@ -174,7 +174,7 @@ public void setUp() throws Exception {
 
         attributeMappings = new HashMap<>();
 
-        config = new XOIDCIdentityProviderDefinition()
+        config = new OIDCIdentityProviderDefinition()
             .setAuthUrl(new URL("http://oidc10.identity.cf-app.com/oauth/authorize"))
             .setTokenUrl(new URL("http://oidc10.identity.cf-app.com/oauth/token"))
             .setShowLinkText(true)

server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java

@@ -2,7 +2,7 @@
 
 import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.IdentityProviderConfigValidator;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -15,7 +15,7 @@ public class XOAuthIdentityProviderConfigValidatorTest {
 
     @Before
     public void setup() throws MalformedURLException {
-        definition = new XOIDCIdentityProviderDefinition();
+        definition = new OIDCIdentityProviderDefinition();
         definition.setAuthUrl(new URL("http://oidc10.identity.cf-app.com/oauth/authorize"));
         definition.setTokenUrl(new URL("http://oidc10.identity.cf-app.com/oauth/token"));
         definition.setTokenKeyUrl(new URL("http://oidc10.identity.cf-app.com/token_key"));

uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java

@@ -22,7 +22,7 @@
 import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants;
 import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.hamcrest.Matchers;
@@ -220,7 +220,7 @@ private void createOIDCProviderWithRequestedScopes(String issuer, final String u
         IdentityProvider<AbstractXOAuthIdentityProviderDefinition> identityProvider = new IdentityProvider<>();
         identityProvider.setName("my oidc provider");
         identityProvider.setIdentityZoneId(OriginKeys.UAA);
-        XOIDCIdentityProviderDefinition config = new XOIDCIdentityProviderDefinition();
+        OIDCIdentityProviderDefinition config = new OIDCIdentityProviderDefinition();
         config.addAttributeMapping(USER_NAME_ATTRIBUTE_NAME, "user_name");
         config.setAuthUrl(new URL(urlBase + "/oauth/authorize"));
         config.setTokenUrl(new URL(urlBase + "/oauth/token"));

uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java

@@ -23,7 +23,7 @@
 import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
 import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition;
-import org.cloudfoundry.identity.uaa.provider.XOIDCIdentityProviderDefinition;
+import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.resources.SearchResults;
 import org.cloudfoundry.identity.uaa.scim.ScimGroup;
 import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember;
@@ -736,7 +736,7 @@ public static IdentityProvider createOidcIdentityProvider(String name, String or
         IdentityProvider<AbstractXOAuthIdentityProviderDefinition> identityProvider = new IdentityProvider<>();
         identityProvider.setName(name);
         identityProvider.setIdentityZoneId(OriginKeys.UAA);
-        XOIDCIdentityProviderDefinition config = new XOIDCIdentityProviderDefinition();
+        OIDCIdentityProviderDefinition config = new OIDCIdentityProviderDefinition();
         config.addAttributeMapping(USER_NAME_ATTRIBUTE_NAME, "user_name");
         config.setAuthUrl(new URL("https://oidc10.identity.cf-app.com/oauth/authorize"));
         config.setTokenUrl(new URL("https://oidc10.identity.cf-app.com/oauth/token"));