From 18b8012107c7e77ccd48dff5f09c35851dc9cefc Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 9 May 2023 23:18:52 +0100
Subject: [PATCH] Update OIDC Spotify properties

---
 .../devservices/OidcDevConsoleProcessor.java           |  2 +-
 .../src/main/java/io/quarkus/oidc/UserInfo.java        |  5 +++++
 .../oidc/runtime/providers/KnownOidcProviders.java     |  6 ++++--
 .../java/io/quarkus/oidc/runtime/OidcUtilsTest.java    |  8 +++++++-
 .../java/io/quarkus/oidc/runtime/UserInfoTest.java     | 10 ++++++++--
 5 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
index 6c15186d98fee..2d6e29600cef7 100644
--- a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
+++ b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevConsoleProcessor.java
@@ -46,7 +46,7 @@ public class OidcDevConsoleProcessor extends AbstractDevConsoleProcessor {
 
     private static final String KEYCLOAK = "Keycloak";
     private static final String AZURE = "Azure";
-    private static final Set<String> OTHER_PROVIDERS = Set.of("Auth0", "Okta", "Google", "Github");
+    private static final Set<String> OTHER_PROVIDERS = Set.of("Auth0", "Okta", "Google", "Github", "Spotify");
 
     OidcBuildTimeConfig oidcConfig;
 
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java
index ae2da99e3f5d9..766c86c3f31d2 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/UserInfo.java
@@ -12,6 +12,7 @@ public class UserInfo extends AbstractJsonObjectResponse {
     private static final String NAME = "name";
     private static final String FIRST_NAME = "first_name";
     private static final String FAMILY_NAME = "family_name";
+    private static final String DISPLAY_NAME = "display_name";
 
     public UserInfo() {
     }
@@ -40,6 +41,10 @@ public String getFamilyName() {
         return getString(FAMILY_NAME);
     }
 
+    public String getDisplayName() {
+        return getString(DISPLAY_NAME);
+    }
+
     public String getPreferredUserName() {
         return getString(Claims.preferred_username.name());
     }
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
index cd1f335783054..97578c1078376 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
@@ -117,11 +117,13 @@ private static OidcTenantConfig spotify() {
 
         OidcTenantConfig.Authentication authentication = ret.getAuthentication();
         authentication.setAddOpenidScope(false);
-        authentication.setScopes(List.of("user-read-email"));
-        authentication.setUserInfoRequired(true);
+        authentication.setScopes(List.of("user-read-private", "user-read-email"));
         authentication.setIdTokenRequired(false);
         authentication.setPkceRequired(true);
 
+        ret.getToken().setVerifyAccessTokenWithUserInfo(true);
+        ret.getToken().setPrincipalClaim("display_name");
+
         return ret;
     }
 }
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
index ec454f5a7fa49..4a8a8e812768f 100644
--- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
+++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -312,7 +312,9 @@ public void testAcceptSpotifyProperties() {
         assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
         assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get());
         assertEquals("https://accounts.spotify.com", config.getAuthServerUrl().get());
-        assertEquals(List.of("user-read-email"), config.authentication.scopes.get());
+        assertEquals(List.of("user-read-private", "user-read-email"), config.authentication.scopes.get());
+        assertTrue(config.token.verifyAccessTokenWithUserInfo.get());
+        assertEquals("display_name", config.getToken().getPrincipalClaim().get());
     }
 
     @Test
@@ -325,6 +327,8 @@ public void testOverrideSpotifyProperties() {
         tenant.getToken().setIssuer("http://localhost/wiremock");
         tenant.authentication.setScopes(List.of("write"));
         tenant.authentication.setForceRedirectHttpsScheme(false);
+        tenant.token.setPrincipalClaim("firstname");
+        tenant.token.setVerifyAccessTokenWithUserInfo(false);
 
         OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.SPOTIFY));
 
@@ -334,6 +338,8 @@ public void testOverrideSpotifyProperties() {
         assertEquals(List.of("write"), config.authentication.scopes.get());
         assertEquals("http://localhost/wiremock", config.getToken().getIssuer().get());
         assertFalse(config.authentication.forceRedirectHttpsScheme.get());
+        assertEquals("firstname", config.getToken().getPrincipalClaim().get());
+        assertFalse(config.token.verifyAccessTokenWithUserInfo.get());
     }
 
     @Test
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/UserInfoTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/UserInfoTest.java
index 099120d147f72..0cb7890644694 100644
--- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/UserInfoTest.java
+++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/UserInfoTest.java
@@ -18,8 +18,9 @@ public class UserInfoTest {
                     + "\"sub\": \"alice123456\","
                     + "\"name\": \"alice\","
                     + "\"first_name\": \"Alice\","
-                    + "\"family_name\": \"Alice\","
+                    + "\"family_name\": \"Brown\","
                     + "\"preferred_username\": \"Alice Alice\","
+                    + "\"display_name\": \"Alice Brown\","
                     + "\"email\": \"alice@email.com\","
                     + "\"admin\": true,"
                     + "\"custom\": null,"
@@ -40,7 +41,7 @@ public void testGetFirstName() {
 
     @Test
     public void testGetFamilyName() {
-        assertEquals("Alice", userInfo.getFamilyName());
+        assertEquals("Brown", userInfo.getFamilyName());
     }
 
     @Test
@@ -48,6 +49,11 @@ public void testPreferredName() {
         assertEquals("Alice Alice", userInfo.getPreferredUserName());
     }
 
+    @Test
+    public void testDisplayName() {
+        assertEquals("Alice Brown", userInfo.getDisplayName());
+    }
+
     @Test
     public void testGetEmail() {
         assertEquals("alice@email.com", userInfo.getEmail());