Move scopes from hard-coded to meta-data

2025-07-17 20:50:44 +00:00 · 2025-04-10 14:50:22 -05:00
parent af51641d2a
commit 9056be056e
3 changed files with 38 additions and 3 deletions
--- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java
+++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java
@ -39,6 +39,7 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData
   private String baseUrl;
   private String tokenUrl;
   private String clientId;
+   private String scopes;

   private String userSessionTableName;
   private String redirectStateTableName;
@ -80,6 +81,7 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData
      qInstanceValidator.assertCondition(StringUtils.hasContent(baseUrl), prefix + "baseUrl must be set");
      qInstanceValidator.assertCondition(StringUtils.hasContent(clientId), prefix + "clientId must be set");
      qInstanceValidator.assertCondition(StringUtils.hasContent(clientSecret), prefix + "clientSecret must be set");
+      qInstanceValidator.assertCondition(StringUtils.hasContent(scopes), prefix + "scopes must be set");

      if(qInstanceValidator.assertCondition(StringUtils.hasContent(userSessionTableName), prefix + "userSessionTableName must be set"))
      {
@ -284,4 +286,35 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData
      return (this);
   }

+
+   /*******************************************************************************
+    ** Getter for scopes
+    *******************************************************************************/
+   public String getScopes()
+   {
+      return (this.scopes);
+   }
+
+
+
+   /*******************************************************************************
+    ** Setter for scopes
+    *******************************************************************************/
+   public void setScopes(String scopes)
+   {
+      this.scopes = scopes;
+   }
+
+
+
+   /*******************************************************************************
+    ** Fluent setter for scopes
+    *******************************************************************************/
+   public OAuth2AuthenticationMetaData withScopes(String scopes)
+   {
+      this.scopes = scopes;
+      return (this);
+   }
+
+
 }
--- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java
+++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java
@ -134,7 +134,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac
            AuthorizationCodeGrant codeGrant         = new AuthorizationCodeGrant(code, redirectURI);

            URI          tokenEndpoint = getOIDCProviderMetadata(oauth2MetaData).getTokenEndpointURI();
-            Scope        scope         = new Scope("openid profile email offline_access");
+            Scope        scope         = new Scope(oauth2MetaData.getScopes());
            TokenRequest tokenRequest  = new TokenRequest(tokenEndpoint, clientSecretBasic, codeGrant, scope);

            return createSessionFromTokenRequest(tokenRequest);
@ -155,7 +155,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac
            ClientAuthentication clientAuth   = new ClientSecretBasic(clientID, clientSecret);

            URI          tokenEndpoint = getOIDCProviderMetadata(oauth2MetaData).getTokenEndpointURI();
-            Scope        scope         = new Scope("openid profile email offline_access");
+            Scope        scope         = new Scope(oauth2MetaData.getScopes());
            TokenRequest tokenRequest  = new TokenRequest(tokenEndpoint, clientAuth, codeGrant, scope);

            return createSessionFromTokenRequest(tokenRequest);
@ -304,7 +304,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac
            + "?client_id=" + URLEncoder.encode(oauth2MetaData.getClientId(), StandardCharsets.UTF_8)
            + "&redirect_uri=" + URLEncoder.encode(originalUrl, StandardCharsets.UTF_8)
            + "&response_type=code"
-            + "&scope=" + URLEncoder.encode("openid profile email", StandardCharsets.UTF_8)
+            + "&scope=" + URLEncoder.encode(oauth2MetaData.getScopes(), StandardCharsets.UTF_8)
            + "&state=" + URLEncoder.encode(state.getValue(), StandardCharsets.UTF_8);
      }
      catch(Exception e)
--- a/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java
+++ b/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java
@ -53,11 +53,13 @@ public class OAuth2MetaDataProvider implements MetaDataProducerInterface<QAuthen
      String oauth2BaseUrl      = qMetaDataVariableInterpreter.interpret("${env.OAUTH2_BASE_URL}");
      String oauth2ClientId     = qMetaDataVariableInterpreter.interpret("${env.OAUTH2_CLIENT_ID}");
      String oauth2ClientSecret = qMetaDataVariableInterpreter.interpret("${env.OAUTH2_CLIENT_SECRET}");
+      String oauth2Scopes       = qMetaDataVariableInterpreter.interpret("${env.OAUTH2_SCOPES}");

      return (new OAuth2AuthenticationMetaData()
         .withBaseUrl(oauth2BaseUrl)
         .withClientId(oauth2ClientId)
         .withClientSecret(oauth2ClientSecret)
+         .withScopes(oauth2Scopes)
         .withUserSessionTableName(UserSession.TABLE_NAME)
         .withRedirectStateTableName(RedirectStateMetaDataProducer.TABLE_NAME)
         .withName(NAME));