feat(auth): Add OIDC support (#3517) (#6549)

spec/actions.js: Add OIDC metadata fetching components/auth/oauth2: Add OIDC URL to the Authorization popup
2020-12-09 10:11:33 -08:00
parent 20a89877b2
commit 0807687f91
5 changed files with 186 additions and 6 deletions
--- a/test/unit/core/plugins/oas3/wrap-auth-selectors.js
+++ b/test/unit/core/plugins/oas3/wrap-auth-selectors.js
@@ -1,5 +1,5 @@

-import { fromJS } from "immutable"
+import { fromJS, Map } from "immutable"
 import {
  definitionsToAuthorize
 } from "corePlugins/oas3/auth-extensions/wrap-selectors"
@@ -12,6 +12,7 @@ describe("oas3 plugin - auth extensions - wrapSelectors", function(){
      // Given
      const system = {
        getSystem: () => system,
+        getState: () => new Map(),
        specSelectors: {
          specJson: () => fromJS({
            openapi: "3.0.0"
@@ -53,7 +54,39 @@ describe("oas3 plugin - auth extensions - wrapSelectors", function(){
                    }
                  }
                }
-              }
+              },
+              "oidc": {
+                "type": "openIdConnect",
+                "openIdConnectUrl": "https://accounts.google.com/.well-known/openid-configuration",
+                "openIdConnectData": {
+                  "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
+                  "token_endpoint": "https://oauth2.googleapis.com/token",
+                  "scopes_supported": [
+                    "openid",
+                    "email",
+                    "profile"
+                  ],
+                  "grant_types_supported": [
+                    "authorization_code",
+                    "refresh_token",
+                    "urn:ietf:params:oauth:grant-type:device_code",
+                    "urn:ietf:params:oauth:grant-type:jwt-bearer"
+                  ]
+                }
+              },
+              "oidcNoGrant": {
+                "type": "openIdConnect",
+                "openIdConnectUrl": "https://accounts.google.com/.well-known/openid-configuration",
+                "openIdConnectData": {
+                  "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
+                  "token_endpoint": "https://oauth2.googleapis.com/token",
+                  "scopes_supported": [
+                    "openid",
+                    "email",
+                    "profile"
+                  ]
+                },
+              },
            })
          }
        }
@@ -106,6 +139,96 @@ describe("oas3 plugin - auth extensions - wrapSelectors", function(){
            type: "oauth2"
          }
        },
+        {
+          oidc: {
+            flow: "authorization_code",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
+        {
+          oidc: {
+            flow: "refresh_token",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
+        {
+          oidc: {
+            flow: "urn:ietf:params:oauth:grant-type:device_code",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
+        {
+          oidc: {
+            flow: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
+        {
+          // See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+          // grant_types_supported
+          //   OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that
+          //   this OP supports. Dynamic OpenID Providers MUST support the authorization_code
+          //   and implicit Grant Type values and MAY support other Grant Types. If omitted,
+          //   the default value is ["authorization_code", "implicit"]. 
+          oidcNoGrant: {
+            flow: "authorization_code",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
+        {
+          oidcNoGrant: {
+            flow: "implicit",
+            authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+            tokenUrl: "https://oauth2.googleapis.com/token",
+            openIdConnectUrl: "https://accounts.google.com/.well-known/openid-configuration",
+            scopes: {
+              "openid": "",
+              "email": "",
+              "profile": "",
+            },
+            type: "oauth2"
+          }
+        },
      ])

    })