diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java index 084f95ae33d91e..b4657ec5962621 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java @@ -937,8 +937,10 @@ public static enum ApplicationType { public static enum Provider { APPLE, + FACEBOOK, GITHUB, - GOOGLE + GOOGLE, + MICROSOFT } public Optional getProvider() { diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java index 5c7aa0440843c3..c32fed19b53c3a 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java @@ -1,5 +1,6 @@ package io.quarkus.oidc.runtime.providers; +import java.util.HashMap; import java.util.List; import io.quarkus.oidc.OidcTenantConfig; @@ -15,6 +16,10 @@ public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) { return google(); } else if (OidcTenantConfig.Provider.APPLE == provider) { return apple(); + } else if (OidcTenantConfig.Provider.MICROSOFT == provider) { + return microsoft(); + } else if (OidcTenantConfig.Provider.FACEBOOK == provider) { + return facebook(); } return null; } @@ -27,7 +32,7 @@ private static OidcTenantConfig github() { ret.setAuthorizationPath("authorize"); ret.setTokenPath("access_token"); ret.setUserInfoPath("https://api.github.com/user"); - ret.getAuthentication().setScopes(List.of("read:user")); + ret.getAuthentication().setScopes(List.of("user:email")); ret.getAuthentication().setUserInfoRequired(true); ret.getAuthentication().setIdTokenRequired(false); return ret; @@ -37,6 +42,31 @@ private static OidcTenantConfig google() { OidcTenantConfig ret = new OidcTenantConfig(); ret.setAuthServerUrl("https://accounts.google.com"); ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP); + ret.getAuthentication().setScopes(List.of("openid", "email", "profile")); + return ret; + } + + private static OidcTenantConfig microsoft() { + OidcTenantConfig ret = new OidcTenantConfig(); + ret.setAuthServerUrl("https://login.microsoftonline.com/common/v2.0"); + ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP); + ret.getToken().setIssuer("any"); + ret.getAuthentication().setScopes(List.of("openid", "email", "profile")); + return ret; + } + + private static OidcTenantConfig facebook() { + OidcTenantConfig ret = new OidcTenantConfig(); + ret.setAuthServerUrl("https://www.facebook.com"); + ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP); + ret.setDiscoveryEnabled(false); + ret.setAuthorizationPath("https://facebook.com/dialog/oauth/"); + ret.setTokenPath("https://graph.facebook.com/v12.0/oauth/access_token"); + ret.setJwksPath("https://www.facebook.com/.well-known/oauth/openid/jwks/"); + ret.setUserInfoPath("https://graph.facebook.com/me/?fields=id,name,email,first_name,last_name"); + ret.getAuthentication().setScopes(List.of("email", "public_profile")); + ret.getAuthentication().setUserInfoRequired(true); + ret.getAuthentication().setIdTokenRequired(false); return ret; } @@ -44,7 +74,10 @@ private static OidcTenantConfig apple() { OidcTenantConfig ret = new OidcTenantConfig(); ret.setAuthServerUrl("https://appleid.apple.com/"); ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP); - ret.getAuthentication().setScopes(List.of("openid,email,name")); + ret.getAuthentication().setScopes(List.of("openid", "email", "name")); + ret.getAuthentication().setExtraParams(new HashMap<>()); + ret.getAuthentication().getExtraParams().put("response_mode", "form_post"); + ret.getAuthentication().setForceRedirectHttpsScheme(true); ret.getCredentials().getClientSecret().setMethod(Method.POST_JWT); ret.getCredentials().getJwt().setSignatureAlgorithm(SignatureAlgorithm.ES256.getAlgorithm()); ret.getCredentials().getJwt().setAudience("https://appleid.apple.com/"); diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java index 28807ca2ada397..a2f17f6565ba93 100644 --- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java +++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java @@ -47,7 +47,7 @@ public void testAcceptGitHubProperties() throws Exception { assertFalse(config.authentication.idTokenRequired.get()); assertTrue(config.authentication.userInfoRequired.get()); - assertEquals(List.of("read:user"), config.authentication.scopes.get()); + assertEquals(List.of("user:email"), config.authentication.scopes.get()); } @Test @@ -116,7 +116,7 @@ public void testAcceptAppleProperties() throws Exception { assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get()); assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get()); assertEquals("https://appleid.apple.com/", config.getAuthServerUrl().get()); - assertEquals(List.of("openid,email,name"), config.authentication.scopes.get()); + assertEquals(List.of("openid", "email", "name"), config.authentication.scopes.get()); assertEquals(Method.POST_JWT, config.credentials.clientSecret.method.get()); assertEquals("https://appleid.apple.com/", config.credentials.jwt.audience.get()); assertEquals(SignatureAlgorithm.ES256.getAlgorithm(), config.credentials.jwt.signatureAlgorithm.get());