Add Twitch OIDC Provider

Simplify Twitch configuration Co-Authored-By: Sergey Beryozkin <[email protected]>
quarkusio · Jul 21, 2023 · ede422b · ede422b
1 parent b229350
commit ede422b
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 0 deletions.
diff --git a/docs/src/main/asciidoc/images/oidc-twitch-1.png b/docs/src/main/asciidoc/images/oidc-twitch-1.png
diff --git a/docs/src/main/asciidoc/security-openid-connect-providers.adoc b/docs/src/main/asciidoc/security-openid-connect-providers.adoc
@@ -412,6 +412,23 @@ quarkus.oidc.credentials.secret=<Client Secret>
 
 `quarkus.oidc.provider=spotiify` will request `Spotify` to add `user-read-private` and `user-read-email` scopes to issued access tokens. For information about overriding these scopes or requesting more scopes, see the  <<provider-scope>> section.
 
+[[twitch]]
+=== Twitch
+
+Create a https://dev.twitch.tv/console/apps[Twitch application]:
+
+image::oidc-twitch-1.png[role="thumb"]
+
+You can now configure your `application.properties`:
+
+[source,properties]
+----
+quarkus.oidc.provider=twitch
+quarkus.oidc.client-id=<Client ID>
+quarkus.oidc.credentials.client-secret.value=<Client Secret>
+----
+
+
 [[provider-scope]]
 == Provider scopes
 
@@ -512,6 +529,10 @@ quarkus.oidc.authentication.extra-params.scope=https://www.googleapis.com/auth/c
 quarkus.rest-client.google-calendar-api.url=https://www.googleapis.com/calendar/v3
 ----
 
+== HTTPS Redirect URL
+
+Some providers will only accept HTTPS-based redirect URLs. Tools such as https://ngrok.com/[ngrok] https://linuxhint.com/set-up-use-ngrok/[can be set up] to help testing such providers with Quarkus endpoints running on localhost in devmode.
+
 == References
 
 * xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications]

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
@@ -1605,6 +1605,7 @@ public static enum Provider {
         GOOGLE,
         MICROSOFT,
         SPOTIFY,
+        TWITCH,
         TWITTER
     }
 

diff --git a/...ions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/...ions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
@@ -24,6 +24,8 @@ public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) {
             return spotify();
         } else if (OidcTenantConfig.Provider.TWITTER == provider) {
             return twitter();
+        } else if (OidcTenantConfig.Provider.TWITCH == provider) {
+            return twitch();
         }
         return null;
     }
@@ -126,4 +128,15 @@ private static OidcTenantConfig spotify() {
 
         return ret;
     }
+
+    private static OidcTenantConfig twitch() {
+        // Ref https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#oidc-authorization-code-grant-flow
+
+        OidcTenantConfig ret = new OidcTenantConfig();
+        ret.setAuthServerUrl("https://id.twitch.tv/oauth2");
+        ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
+        ret.getAuthentication().setForceRedirectHttpsScheme(true);
+        ret.getCredentials().getClientSecret().setMethod(Method.POST);
+        return ret;
+    }
 }
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -342,6 +342,38 @@ public void testOverrideSpotifyProperties() {
         assertFalse(config.token.verifyAccessTokenWithUserInfo.get());
     }
 
+    @Test
+    public void testAcceptTwitchProperties() throws Exception {
+        OidcTenantConfig tenant = new OidcTenantConfig();
+        tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
+        OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.TWITCH));
+
+        assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
+        assertEquals(ApplicationType.WEB_APP, config.getApplicationType().get());
+        assertEquals("https://id.twitch.tv/oauth2", config.getAuthServerUrl().get());
+        assertEquals(Method.POST, config.credentials.clientSecret.method.get());
+        assertTrue(config.authentication.forceRedirectHttpsScheme.get());
+    }
+
+    @Test
+    public void testOverrideTwitchProperties() throws Exception {
+        OidcTenantConfig tenant = new OidcTenantConfig();
+        tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
+
+        tenant.setApplicationType(ApplicationType.HYBRID);
+        tenant.setAuthServerUrl("http://localhost/wiremock");
+        tenant.credentials.clientSecret.setMethod(Method.BASIC);
+        tenant.authentication.setForceRedirectHttpsScheme(false);
+
+        OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.FACEBOOK));
+
+        assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
+        assertEquals(ApplicationType.HYBRID, config.getApplicationType().get());
+        assertEquals("http://localhost/wiremock", config.getAuthServerUrl().get());
+        assertFalse(config.getAuthentication().isForceRedirectHttpsScheme().get());
+        assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
+    }
+
     @Test
     public void testCorrectTokenType() throws Exception {
         OidcTenantConfig.Token tokenClaims = new OidcTenantConfig.Token();
-Original file line number
+Diff line change
@@ Expand Up / @@ -1605,6 +1605,7 @@ public static enum Provider { @@
             GOOGLE,
             MICROSOFT,
             SPOTIFY,
+            TWITCH,
             TWITTER
         }
@@ Expand Down @@