| 
									
										
										
										
											2021-08-20 10:58:07 -07:00
										 |  |  | package auth.sso.oidc;
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-10 16:57:28 -07:00
										 |  |  | import auth.sso.SsoProvider;
 | 
					
						
							| 
									
										
										
										
											2021-09-28 16:30:17 -07:00
										 |  |  | import auth.sso.oidc.custom.CustomOidcClient;
 | 
					
						
							| 
									
										
										
										
											2021-09-10 16:57:28 -07:00
										 |  |  | import com.google.common.collect.ImmutableMap;
 | 
					
						
							| 
									
										
										
										
											2022-06-06 15:39:44 -05:00
										 |  |  | import lombok.extern.slf4j.Slf4j;
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  | import org.pac4j.core.client.Client;
 | 
					
						
							|  |  |  | import org.pac4j.core.http.callback.PathParameterCallbackUrlResolver;
 | 
					
						
							|  |  |  | import org.pac4j.oidc.config.OidcConfiguration;
 | 
					
						
							|  |  |  | import org.pac4j.oidc.credentials.OidcCredentials;
 | 
					
						
							|  |  |  | import org.pac4j.oidc.profile.OidcProfile;
 | 
					
						
							| 
									
										
										
										
											2022-06-13 10:12:06 -04:00
										 |  |  | import org.pac4j.oidc.profile.OidcProfileDefinition;
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /**
 | 
					
						
							|  |  |  |  * Implementation of {@link SsoProvider} supporting the OIDC protocol.
 | 
					
						
							|  |  |  |  *
 | 
					
						
							|  |  |  |  * This class is a thin wrapper over a Pac4J {@link Client} object and all DataHub-specific OIDC related
 | 
					
						
							|  |  |  |  * configuration options, which reside in an instance of {@link OidcConfigs}.
 | 
					
						
							|  |  |  |  *
 | 
					
						
							|  |  |  |  * It is responsible for initializing this client from a configuration object ({@link OidcConfigs}. Note that
 | 
					
						
							|  |  |  |  * this class is not related to the logic performed when an IdP performs a callback to DataHub.
 | 
					
						
							|  |  |  |  */
 | 
					
						
							| 
									
										
										
										
											2022-06-06 15:39:44 -05:00
										 |  |  | @Slf4j
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  | public class OidcProvider implements SsoProvider<OidcConfigs> {
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   private static final String OIDC_CLIENT_NAME = "oidc";
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   private final OidcConfigs _oidcConfigs;
 | 
					
						
							|  |  |  |   private final Client<OidcCredentials, OidcProfile> _oidcClient; // Used primarily for redirecting to IdP.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   public OidcProvider(final OidcConfigs configs) {
 | 
					
						
							|  |  |  |     _oidcConfigs = configs;
 | 
					
						
							|  |  |  |     _oidcClient = createPac4jClient();
 | 
					
						
							|  |  |  |   }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   @Override
 | 
					
						
							|  |  |  |   public Client<OidcCredentials, OidcProfile> client() {
 | 
					
						
							|  |  |  |     return _oidcClient;
 | 
					
						
							|  |  |  |   }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   @Override
 | 
					
						
							|  |  |  |   public OidcConfigs configs() {
 | 
					
						
							|  |  |  |     return _oidcConfigs;
 | 
					
						
							|  |  |  |   }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   @Override
 | 
					
						
							|  |  |  |   public SsoProtocol protocol() {
 | 
					
						
							|  |  |  |     return SsoProtocol.OIDC;
 | 
					
						
							|  |  |  |   }
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   private Client<OidcCredentials, OidcProfile> createPac4jClient() {
 | 
					
						
							|  |  |  |     final OidcConfiguration oidcConfiguration = new OidcConfiguration();
 | 
					
						
							|  |  |  |     oidcConfiguration.setClientId(_oidcConfigs.getClientId());
 | 
					
						
							|  |  |  |     oidcConfiguration.setSecret(_oidcConfigs.getClientSecret());
 | 
					
						
							|  |  |  |     oidcConfiguration.setDiscoveryURI(_oidcConfigs.getDiscoveryUri());
 | 
					
						
							|  |  |  |     oidcConfiguration.setClientAuthenticationMethodAsString(_oidcConfigs.getClientAuthenticationMethod());
 | 
					
						
							|  |  |  |     oidcConfiguration.setScope(_oidcConfigs.getScope());
 | 
					
						
							| 
									
										
										
										
											2022-06-06 15:39:44 -05:00
										 |  |  |     try {
 | 
					
						
							|  |  |  |       oidcConfiguration.setReadTimeout(Integer.parseInt(_oidcConfigs.getReadTimeout()));
 | 
					
						
							|  |  |  |     } catch (NumberFormatException e) {
 | 
					
						
							|  |  |  |       log.warn("Invalid read timeout configuration, defaulting to 5000ms");
 | 
					
						
							|  |  |  |     }
 | 
					
						
							| 
									
										
										
										
											2021-09-10 16:57:28 -07:00
										 |  |  |     _oidcConfigs.getResponseType().ifPresent(oidcConfiguration::setResponseType);
 | 
					
						
							| 
									
										
										
										
											2021-09-16 16:54:38 -07:00
										 |  |  |     _oidcConfigs.getResponseMode().ifPresent(oidcConfiguration::setResponseMode);
 | 
					
						
							| 
									
										
										
										
											2021-09-10 16:57:28 -07:00
										 |  |  |     _oidcConfigs.getUseNonce().ifPresent(oidcConfiguration::setUseNonce);
 | 
					
						
							|  |  |  |     _oidcConfigs.getCustomParamResource()
 | 
					
						
							|  |  |  |         .ifPresent(value -> oidcConfiguration.setCustomParams(ImmutableMap.of("resource", value)));
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-28 16:30:17 -07:00
										 |  |  |     final CustomOidcClient oidcClient = new CustomOidcClient(oidcConfiguration);
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  |     oidcClient.setName(OIDC_CLIENT_NAME);
 | 
					
						
							|  |  |  |     oidcClient.setCallbackUrl(_oidcConfigs.getAuthBaseUrl() + _oidcConfigs.getAuthBaseCallbackPath());
 | 
					
						
							|  |  |  |     oidcClient.setCallbackUrlResolver(new PathParameterCallbackUrlResolver());
 | 
					
						
							| 
									
										
										
										
											2022-06-13 10:12:06 -04:00
										 |  |  |     oidcClient.addAuthorizationGenerator(new OidcAuthorizationGenerator(new OidcProfileDefinition(), _oidcConfigs));
 | 
					
						
							| 
									
										
										
										
											2021-08-20 07:42:18 -07:00
										 |  |  |     return oidcClient;
 | 
					
						
							|  |  |  |   }
 | 
					
						
							|  |  |  | }
 |