OIDC: added more providers

quarkusio · Jan 14, 2022 · 8548d2b · 8548d2b
1 parent f1122ee
commit 8548d2b
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 5 deletions.
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
@@ -937,8 +937,10 @@ public static enum ApplicationType {
 
     public static enum Provider {
         APPLE,
+        FACEBOOK,
         GITHUB,
-        GOOGLE
+        GOOGLE,
+        MICROSOFT
     }
 
     public Optional<Provider> getProvider() {

diff --git a/...ions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/...ions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
@@ -1,5 +1,6 @@
 package io.quarkus.oidc.runtime.providers;
 
+import java.util.HashMap;
 import java.util.List;
 
 import io.quarkus.oidc.OidcTenantConfig;
@@ -15,6 +16,10 @@ public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) {
             return google();
         } else if (OidcTenantConfig.Provider.APPLE == provider) {
             return apple();
+        } else if (OidcTenantConfig.Provider.MICROSOFT == provider) {
+            return microsoft();
+        } else if (OidcTenantConfig.Provider.FACEBOOK == provider) {
+            return facebook();
         }
         return null;
     }
@@ -27,7 +32,7 @@ private static OidcTenantConfig github() {
         ret.setAuthorizationPath("authorize");
         ret.setTokenPath("access_token");
         ret.setUserInfoPath("https://api.github.com/user");
-        ret.getAuthentication().setScopes(List.of("read:user"));
+        ret.getAuthentication().setScopes(List.of("user:email"));
         ret.getAuthentication().setUserInfoRequired(true);
         ret.getAuthentication().setIdTokenRequired(false);
         return ret;
@@ -37,14 +42,42 @@ private static OidcTenantConfig google() {
         OidcTenantConfig ret = new OidcTenantConfig();
         ret.setAuthServerUrl("https://accounts.google.com");
         ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
+        ret.getAuthentication().setScopes(List.of("openid", "email", "profile"));
+        return ret;
+    }
+
+    private static OidcTenantConfig microsoft() {
+        OidcTenantConfig ret = new OidcTenantConfig();
+        ret.setAuthServerUrl("https://login.microsoftonline.com/common/v2.0");
+        ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
+        ret.getToken().setIssuer("any");
+        ret.getAuthentication().setScopes(List.of("openid", "email", "profile"));
+        return ret;
+    }
+
+    private static OidcTenantConfig facebook() {
+        OidcTenantConfig ret = new OidcTenantConfig();
+        ret.setAuthServerUrl("https://www.facebook.com");
+        ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
+        ret.setDiscoveryEnabled(false);
+        ret.setAuthorizationPath("https://facebook.com/dialog/oauth/");
+        ret.setTokenPath("https://graph.facebook.com/v12.0/oauth/access_token");
+        ret.setJwksPath("https://www.facebook.com/.well-known/oauth/openid/jwks/");
+        ret.setUserInfoPath("https://graph.facebook.com/me/?fields=id,name,email,first_name,last_name");
+        ret.getAuthentication().setScopes(List.of("email", "public_profile"));
+        ret.getAuthentication().setUserInfoRequired(true);
+        ret.getAuthentication().setIdTokenRequired(false);
         return ret;
     }
 
     private static OidcTenantConfig apple() {
         OidcTenantConfig ret = new OidcTenantConfig();
         ret.setAuthServerUrl("https://appleid.apple.com/");
         ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
-        ret.getAuthentication().setScopes(List.of("openid,email,name"));
+        ret.getAuthentication().setScopes(List.of("openid", "email", "name"));
+        ret.getAuthentication().setExtraParams(new HashMap<>());
+        ret.getAuthentication().getExtraParams().put("response_mode", "form_post");
+        ret.getAuthentication().setForceRedirectHttpsScheme(true);
         ret.getCredentials().getClientSecret().setMethod(Method.POST_JWT);
         ret.getCredentials().getJwt().setSignatureAlgorithm(SignatureAlgorithm.ES256.getAlgorithm());
         ret.getCredentials().getJwt().setAudience("https://appleid.apple.com/");

diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -47,7 +47,7 @@ public void testAcceptGitHubProperties() throws Exception {
 
         assertFalse(config.authentication.idTokenRequired.get());
         assertTrue(config.authentication.userInfoRequired.get());
-        assertEquals(List.of("read:user"), config.authentication.scopes.get());
+        assertEquals(List.of("user:email"), config.authentication.scopes.get());
     }
 
     @Test
@@ -116,7 +116,7 @@ public void testAcceptAppleProperties() throws Exception {
         assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
         assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get());
         assertEquals("https://appleid.apple.com/", config.getAuthServerUrl().get());
-        assertEquals(List.of("openid,email,name"), config.authentication.scopes.get());
+        assertEquals(List.of("openid", "email", "name"), config.authentication.scopes.get());
         assertEquals(Method.POST_JWT, config.credentials.clientSecret.method.get());
         assertEquals("https://appleid.apple.com/", config.credentials.jwt.audience.get());
         assertEquals(SignatureAlgorithm.ES256.getAlgorithm(), config.credentials.jwt.signatureAlgorithm.get());