Feature: External Login through OIDC

.env

@@ -40,6 +40,7 @@ CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 
 ###> App ###
 APP_DEFAULT_DATE_FORMAT='Y-m-d\TH:i:s.v\Z'
+APP_ACTIVATION_CODE_EXPIRE_INTERNAL=P2D
 ###< App ###
 
 ###> lexik/jwt-authentication-bundle ###
@@ -56,14 +57,27 @@ JWT_SCREEN_REFRESH_TOKEN_TTL=2592000 # 30 days
 ###< gesdinet/jwt-refresh-token-bundle ###
 
 ###> itk-dev/openid-connect-bundle ###
-# "admin" open id connect configuration variables (values provided by the OIDC IdP)
-OIDC_METADATA_URL=ADMIN_APP_METADATA_URL
-OIDC_CLIENT_ID=ADMIN_APP_CLIENT_ID
-OIDC_CLIENT_SECRET=ADMIN_APP_CLIENT_SECRET
-OIDC_REDIRECT_URI=ADMIN_APP_REDIRECT_URI
-OIDC_LEEWAY=30
+# internal provider
+INTERNAL_OIDC_METADATA_URL=INTERNAL_OIDC_METADATA_URL
+INTERNAL_OIDC_CLIENT_ID=INTERNAL_OIDC_CLIENT_ID
+INTERNAL_OIDC_CLIENT_SECRET=INTERNAL_OIDC_CLIENT_SECRET
+INTERNAL_OIDC_REDIRECT_URI=INTERNAL_OIDC_REDIRECT_URI
+INTERNAL_OIDC_LEEWAY=30
+INTERNAL_OIDC_CLAIM_NAME=navn
+INTERNAL_OIDC_CLAIM_EMAIL=email
+INTERNAL_OIDC_CLAIM_GROUPS=groups
 
-CLI_REDIRECT=APP_CLI_REDIRECT_URI
+# external provider
+EXTERNAL_OIDC_METADATA_URL=EXTERNAL_OIDC_METADATA_URL
+EXTERNAL_OIDC_CLIENT_ID=EXTERNAL_OIDC_CLIENT_ID
+EXTERNAL_OIDC_CLIENT_SECRET=EXTERNAL_OIDC_CLIENT_SECRET
+EXTERNAL_OIDC_REDIRECT_URI=EXTERNAL_OIDC_REDIRECT_URI
+EXTERNAL_OIDC_LEEWAY=30
+EXTERNAL_OIDC_HASH_SALT=
+EXTERNAL_OIDC_CLAIM_ID=signinname
+
+# cli redirect url
+OIDC_CLI_REDIRECT=APP_CLI_REDIRECT_URI
 ###< itk-dev/openid-connect-bundle ###
 
 ###> redis ###

.github/workflows/pr.yaml

@@ -190,31 +190,19 @@ jobs:
   markdownlint:
     runs-on: ubuntu-latest
     name: markdownlint
+    strategy:
+      fail-fast: false
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "::set-output name=dir::$(yarn cache dir)"
-
-      - name: Cache yarn packages
-        uses: actions/cache@v3
-        id: yarn-cache
         with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-
+          fetch-depth: 2
 
-      - name: Yarn install
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-      - run: yarn install
+      - name: Install
+        run: docker run --rm -v .:/app --workdir=/app node:18 npm install
 
-      - name: markdownlint
-        run: yarn markdownlint README.md docs
+      - name: Markdown lint
+        run: docker run --rm -v .:/app --workdir=/app node:18 npm run coding-standards-check
 
   apispec:
     runs-on: ubuntu-latest

CHANGELOG.md

@@ -4,20 +4,20 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-- [#179](https://github.com/os2display/display-api-service/pull/179)
-  - Fixed how playlists are added/removed from slides.
-- [#184](https://github.com/os2display/display-api-service/pull/184)
-  - Added RelationsModifiedTrait to serialization groups.
 - [#186](https://github.com/os2display/display-api-service/pull/186)
   - Fix for "relations modified" not set correctly on OneToMany relations
 - [#185](https://github.com/os2display/display-api-service/pull/185)
   - Disable RelationsModified listener when loading fixtures to optimize performance
+- [#184](https://github.com/os2display/display-api-service/pull/184)
+  - Added RelationsModifiedTrait to serialization groups.
 - [#182](https://github.com/os2display/display-api-service/pull/182)
   - Changed "Theme" api output to have "Logo" embedded to avoid 404 errors when fetching logo from other shared slide
   w. foreign tenant.
 - [#181](https://github.com/os2display/display-api-service/pull/181)
   - Update minimum PHP version to 8.2 to support trait constants
   - Add 'relationsModified' timestamps on relevant entities and API resources.
+- [#179](https://github.com/os2display/display-api-service/pull/179)
+  - Fixed how playlists are added/removed from slides.
 - [#178](https://github.com/os2display/display-api-service/pull/178)
   - Fixed issues with objects not being expanded in collections.
 - [#176](https://github.com/os2display/display-api-service/pull/176)
@@ -43,6 +43,16 @@ All notable changes to this project will be documented in this file.
   Updated Symfony development packages.
 - [#165](https://github.com/os2display/display-api-service/pull/165)
   Symfony 6.3
+- [#162](https://github.com/os2display/display-api-service/pull/162)
+  - Adds "external" openid-connect provider.
+  - Renamed "oidc" openid-connect provider to "internal".
+  - Modifies User to support external user type.
+  - Adds command to set user type.
+  - Expands api with external user endpoints.
+  - Upgrades openid-connect bundle to 3.1 to support multiple providers.
+  - Changes php requirement in composer.json to >= 8.1.
+  - Removed PHP Upgrade coding standards github actions check.
+  - Changed user identifier from email to providerId. Made email nullable. Copied value from email to providerId in migration.
 - [#161](https://github.com/os2display/display-api-service/pull/161)
   Fixed non-entity related psalm errors.
 
@@ -60,91 +70,91 @@ All notable changes to this project will be documented in this file.
 ## [1.4.0] - 2023-09-14
 
 - [#160](https://github.com/os2display/display-api-service/pull/160)
-  Added app:feed:list-feed-source command. Removed listing from app:feed:remove-feed-source command.
+  - Added app:feed:list-feed-source command. Removed listing from app:feed:remove-feed-source command.
 - [#159](https://github.com/os2display/display-api-service/pull/159)
-  Fixed sprintf issue.
+  - Fixed sprintf issue.
 - [#158](https://github.com/os2display/display-api-service/pull/158)
-  Added thumbnails for image resources
+  - Added thumbnails for image resources
 
 ## [1.3.2] - 2023-07-11
 
 - [#157](https://github.com/os2display/display-api-service/pull/157)
-  Fix question input on create user command
+  - Fix question input on create user command
 
 ## [1.3.1] - 2023-07-11
 
 - [#156](https://github.com/os2display/display-api-service/pull/156)
-  Fix permissions in create release github action
+  - Fix permissions in create release github action
 
 ## [1.3.0] - 2023-07-11
 
 - [#155](https://github.com/os2display/display-api-service/pull/155)
-  Set up separate image builds for itkdev and os2display
+  - Set up separate image builds for itkdev and os2display
 - [#154](https://github.com/os2display/display-api-service/pull/154)
-  Updated add user command to ask which tenants user belongs to
+  - Updated add user command to ask which tenants user belongs to
 - [#151](https://github.com/os2display/display-api-service/pull/151)
-  Fixed feed data provider id issue
+  - Fixed feed data provider id issue
 - [#150](https://github.com/os2display/display-api-service/pull/150)
-  Update docker build to publish to "os2display" org on docker hub. Update github workflow to latest actions.
+  - Update docker build to publish to "os2display" org on docker hub.
+  - Update github workflow to latest actions.
 - [#148](https://github.com/os2display/display-api-service/pull/148)
-  Updated `EventDatabaseApiFeedType` query ensuring started
-  but not finished events are found.
+  - Updated `EventDatabaseApiFeedType` query ensuring started but not finished events are found.
 - [#157](https://github.com/os2display/display-api-service/pull/157)
-  Refactored all feed related classes and services
-- Minor update of composer packages
-- Updated psalm to version 5.x
+  - Refactored all feed related classes and services
+  - Minor update of composer packages
+  - Updated psalm to version 5.x
 
 ## [1.2.9] - 2023-06-30
 
 - [#153](https://github.com/os2display/display-api-service/pull/153)
-  Fixed nginx entry script
+  - Fixed nginx entry script
 
 ## [1.2.8] - 2023-05-25
 
 - [#145](https://github.com/os2display/display-api-service/pull/145)
-Gif mime type possible.
+  - Gif mime type possible.
 
 ## [1.2.7] - 2023-04-03
 
 - [#143](https://github.com/os2display/display-api-service/pull/143)
-  Fixed token ttl not set correctly for ScreenUsers
+  - Fixed token ttl not set correctly for ScreenUsers
 - [#142](https://github.com/os2display/display-api-service/pull/142)
-  Make it possible to upload svg in api.
+  - Make it possible to upload svg in api.
 
 ## [1.2.6] - 2023-03-24
 
 - [#141](https://github.com/os2display/display-api-service/pull/141)
-  Readded redis to docker-compose.
+  - Readded redis to docker-compose.
 
 ## [1.2.5] - 2023-03-16
 
 - [#138](https://github.com/os2display/display-api-service/pull/138)
-  Fixed Tenant and command to allow for empty fallbackImageUrl.
+  - Fixed Tenant and command to allow for empty fallbackImageUrl.
 - [#139](https://github.com/os2display/display-api-service/pull/139)
-  Changed from service decoration to event listeners to re-enable setting `tenants` on the response from `/v1/authentication/token`.
-  Ensure same response data from both `/v1/authentication/token` and `/v1/authentication/token/refresh`endpoints.
-  Added `user` and `tenants` to JWT payload.
+  - Changed from service decoration to event listeners to re-enable setting `tenants` on the response from `/v1/authentication/token`.
+  - Ensure same response data from both `/v1/authentication/token` and `/v1/authentication/token/refresh`endpoints.
+  - Added `user` and `tenants` to JWT payload.
 
 ## [1.2.4] - 2023-03-07
 
 - [#133](https://github.com/os2display/display-api-service/pull/133)
-  Adds upload size values to nginx config.
+  - Adds upload size values to nginx config.
 - [#137](https://github.com/os2display/display-api-service/pull/137)
-  Default sorting for templates is by title
+  - Default sorting for templates is by title
 
 ## [1.2.3] - 2023-02-14
 
 - [#136](https://github.com/os2display/display-api-service/pull/136)
-  Updated to latest version of github actions
+  - Updated to latest version of github actions
 - [#134](https://github.com/os2display/display-api-service/pull/134)
-  Fix bug where `JWT_SCREEN_REFRESH_TOKEN_TTL` value is not used when refresh token is renewed
+  - Fix bug where `JWT_SCREEN_REFRESH_TOKEN_TTL` value is not used when refresh token is renewed
 
 ## [1.2.2] - 2023-02-08
 
 - [#132](https://github.com/os2display/display-api-service/pull/132)
-  Added `RefreshToken` entity to fix migrations error.
+  - Added `RefreshToken` entity to fix migrations error.
 - [#135](https://github.com/os2display/display-api-service/pull/135)
-  Updated code styles.
+  - Updated code styles.
 
 ## [1.2.1] - 2023-02-02
 
@@ -153,44 +163,44 @@ Gif mime type possible.
 ## [1.2.0] - 2023-01-05
 
 - [#130](https://github.com/os2display/display-api-service/pull/130)
-  Added changelog.
-  Added github action to enforce that PRs should always include an update of the changelog.
+  - Added changelog.
+  - Added github action to enforce that PRs should always include an update of the changelog.
 - [#129](https://github.com/os2display/display-api-service/pull/129)
-  Downgraded to Api Platform 2.6, since 2.7 introduced a change in serialization. Locking to 2.6.*
+  - Downgraded to Api Platform 2.6, since 2.7 introduced a change in serialization. Locking to 2.6.*
 - [#127](https://github.com/os2display/display-api-service/pull/127)
-  Updated docker setup and actions to PHP 8.1.
-  Updated code style.
+  - Updated docker setup and actions to PHP 8.1.
+  - Updated code style.
 - [#128](https://github.com/os2display/display-api-service/pull/128)
-  Added ttl_update: true config option for jwt refresh bundle.
-  Added refresh_token_expiration key to respone body.
+  - Added ttl_update: true config option for jwt refresh bundle.
+  - Added refresh_token_expiration key to respone body.
 - [#124](https://github.com/os2display/display-api-service/pull/124)
-  Created ThemeItemDataProvider instead of
-  ThemeOutputDataTransformer, to make theme accessible in the client on shared slides.
-  Made it possible for editors to view themes and connect them to slides: security: 'is_granted("ROLE_SCREEN") or
-  is_granted("ROLE_ADMIN") or is_granted("ROLE_EDITOR")'.
+  - Created ThemeItemDataProvider instead of
+  - ThemeOutputDataTransformer, to make theme accessible in the client on shared slides.
+  - Made it possible for editors to view themes and connect them to slides: security: 'is_granted("ROLE_SCREEN") or
+is_granted("ROLE_ADMIN") or is_granted("ROLE_EDITOR")'.
 - [#126](https://github.com/os2display/display-api-service/pull/126)
-  Added config option for setting token TTL for screen users.
+  - Added config option for setting token TTL for screen users.
 - [#123](https://github.com/os2display/display-api-service/pull/123)
-  Updated fixtures.
+  - Updated fixtures.
 - [#125](https://github.com/os2display/display-api-service/pull/125)
-  Changed error handling to not always return empty array even though it is only one resource that reports error.
-  Added error logging.
+  - Changed error handling to not always return empty array even though it is only one resource that reports error.
+  - Added error logging.
 - [#122](https://github.com/os2display/display-api-service/pull/122)
-  Updated docker setup to match new itkdev base setup.
+  - Updated docker setup to match new itkdev base setup.
 - [#121](https://github.com/os2display/display-api-service/pull/121)
-  Changed load screen layout command to allow updating existing layouts.
+  - Changed load screen layout command to allow updating existing layouts.
 
 ## [1.1.0] - 2022-09-29
 
 - [#120](https://github.com/os2display/display-api-service/pull/120)
-  Fixed path for shared Media.
+  - Fixed path for shared Media.
 - [#119](https://github.com/os2display/display-api-service/pull/119)
-  KOBA feed source: Changed naming in resource options. Sorted options.
+  - KOBA feed source: Changed naming in resource options. Sorted options.
 
 ## [1.0.4] - 2022-09-05
 
 - [#117](https://github.com/os2display/display-api-service/pull/117)
-  Removed screen width and height. Added resolution/orientation.
+  - Removed screen width and height. Added resolution/orientation.
 
 ## [1.0.3] - 2022-09-01