Merge 7254d3e into afed81d

ory · Oct 19, 2023 · 8e19e6f · 8e19e6f
2 parents afed81d + 7254d3e
commit 8e19e6f
Show file tree

Hide file tree

Showing 5 changed files with 152 additions and 15 deletions.
diff --git a/embedx/config.schema.json b/embedx/config.schema.json
@@ -410,28 +410,29 @@
         },
         "provider": {
           "title": "Provider",
-          "description": "Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, apple, spotify, netid, dingtalk, patreon.",
+          "description": "Can be one of apple, auth0, dingtalk, discord, facebook, generic, github-app, github, gitlab, google, lark, linkedin, microsoft, netid, patreon, signicat, slack, spotify, vk, yandex",
           "type": "string",
           "enum": [
-            "github",
+            "apple",
+            "auth0",
+            "dingtalk",
+            "discord",
+            "facebook",
+            "generic",
             "github-app",
+            "github",
             "gitlab",
-            "generic",
             "google",
+            "lark",
+            "linkedin",
             "microsoft",
-            "discord",
-            "slack",
-            "facebook",
-            "auth0",
-            "vk",
-            "yandex",
-            "apple",
-            "spotify",
             "netid",
-            "dingtalk",
             "patreon",
-            "linkedin",
-            "lark"
+            "signicat",
+            "slack",
+            "spotify",
+            "vk",
+            "yandex"
           ],
           "examples": ["google"]
         },

diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go
@@ -42,6 +42,9 @@ type Claims struct {
 	Name                string                 `json:"name,omitempty"`
 	GivenName           string                 `json:"given_name,omitempty"`
 	FamilyName          string                 `json:"family_name,omitempty"`
+	IdpId               string                 `json:"idp_id,omitempty"`
+	IdpSub              string                 `json:"idp_sub,omitempty"`
+	Nin                 string                 `json:"nin,omitempty"`
 	LastName            string                 `json:"last_name,omitempty"`
 	MiddleName          string                 `json:"middle_name,omitempty"`
 	Nickname            string                 `json:"nickname,omitempty"`

diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go
@@ -39,6 +39,7 @@ type Configuration struct {
 	// - dingtalk
 	// - linkedin
 	// - patreon
+	// - signicat
 	Provider string `json:"provider"`
 
 	// Label represents an optional label which can be used in the UI generation.
@@ -150,6 +151,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies
 	"linkedin":   NewProviderLinkedIn,
 	"patreon":    NewProviderPatreon,
 	"lark":       NewProviderLark,
+	"signicat":   NewProviderSignicat,
 }
 
 func (c ConfigurationCollection) Provider(id string, reg Dependencies) (Provider, error) {

diff --git a/selfservice/strategy/oidc/provider_signicat.go b/selfservice/strategy/oidc/provider_signicat.go
@@ -0,0 +1,130 @@
+// Copyright © 2023 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package oidc
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"path"
+
+	"github.com/ory/x/stringsx"
+
+	"github.com/hashicorp/go-retryablehttp"
+
+	"github.com/ory/x/httpx"
+
+	"github.com/pkg/errors"
+	"golang.org/x/oauth2"
+
+	"github.com/ory/herodot"
+)
+
+const (
+	signicatBaseUrl = "https://client.sandbox.signicat.com"
+)
+
+type ProviderSignicat struct {
+	*ProviderGenericOIDC
+}
+
+type UserInfoResponse struct {
+	IdpId             string `json:"idp_id,omitempty"`
+	FamilyName        string `json:"family_name,omitempty"`
+	GivenName         string `json:"given_name,omitempty"`
+	Birthdate         string `json:"birthdate,omitempty"`
+	Nin               string `json:"nin,omitempty"`
+	NinType           string `json:"nin_type,omitempty"`
+	NinIssuingCountry string `json:"nin_issuing_country,omitempty"`
+	Sub               string `json:"sub,omitempty"`
+	SubLegacy         string `json:"sub_legacy,omitempty"`
+}
+
+func NewProviderSignicat(
+	config *Configuration,
+	reg Dependencies,
+) Provider {
+	return &ProviderSignicat{
+		ProviderGenericOIDC: &ProviderGenericOIDC{
+			config: config,
+			reg:    reg,
+		},
+	}
+}
+
+func (g *ProviderSignicat) oauth2(ctx context.Context) (*oauth2.Config, error) {
+	endpoint, err := g.endpoint()
+	if err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
+	}
+
+	authUrl := *endpoint
+	tokenUrl := *endpoint
+
+	authUrl.Path = path.Join(authUrl.Path, "/connect/authorize")
+	tokenUrl.Path = path.Join(tokenUrl.Path, "/connect/token")
+
+	return &oauth2.Config{
+		ClientID:     g.config.ClientID,
+		ClientSecret: g.config.ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  authUrl.String(),
+			TokenURL: tokenUrl.String(),
+		},
+		Scopes:      g.config.Scope,
+		RedirectURL: g.config.Redir(g.reg.Config().OIDCRedirectURIBase(ctx)),
+	}, nil
+}
+
+func (g *ProviderSignicat) OAuth2(ctx context.Context) (*oauth2.Config, error) {
+	return g.oauth2(ctx)
+}
+
+func (g *ProviderSignicat) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) {
+	o, err := g.OAuth2(ctx)
+	if err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
+	}
+
+	client := g.reg.HTTPClient(ctx, httpx.ResilientClientDisallowInternalIPs(), httpx.ResilientClientWithClient(o.Client(ctx, exchange)))
+
+	u, err := g.endpoint()
+	if err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
+	}
+	u.Path = path.Join(u.Path, "/connect/userinfo")
+	req, err := retryablehttp.NewRequest("GET", u.String(), nil)
+	if err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
+	}
+
+	req.Header.Set("Accept", "application/json")
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Expected the Signicat userinfo endpoint to return a 200 OK response but got %d instead", resp.StatusCode))
+	}
+
+	var claims Claims
+
+	if err := json.NewDecoder(resp.Body).Decode(&claims); err != nil {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err)) // FAILS!
+	}
+
+	claims.Issuer = stringsx.Coalesce(claims.Issuer, g.config.IssuerURL)
+
+	return &claims, nil
+}
+
+func (g *ProviderSignicat) endpoint() (*url.URL, error) {
+	var e = signicatBaseUrl
+	if len(g.config.IssuerURL) > 0 {
+		e = g.config.IssuerURL
+	}
+	return url.Parse(e)
+}
diff --git a/test/e2e/cypress/support/config.d.ts b/test/e2e/cypress/support/config.d.ts
@@ -191,7 +191,7 @@ export type SelfServiceOIDCProvider1 = {
   [k: string]: unknown | undefined
 }
 /**
- * Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, apple, spotify, netid, dingtalk, patreon.
+ * Can be one of github, github-app, gitlab, generic, google, microsoft, discord, slack, facebook, auth0, vk, yandex, apple, spotify, netid, dingtalk, patreon, signicat.
  */
 export type Provider =
   | "github"
@@ -213,6 +213,7 @@ export type Provider =
   | "patreon"
   | "linkedin"
   | "lark"
+  | "signicat"
 export type OptionalStringWhichWillBeUsedWhenGeneratingLabelsForUIButtons =
   string
 /**