From 9056be056eff272d7eb9ac7f3136765f4bdf23f0 Mon Sep 17 00:00:00 2001 From: Darin Kelkhoff Date: Thu, 10 Apr 2025 14:50:22 -0500 Subject: [PATCH] Move scopes from hard-coded to meta-data --- .../OAuth2AuthenticationMetaData.java | 33 +++++++++++++++++++ .../OAuth2AuthenticationModule.java | 6 ++-- .../metadata/OAuth2MetaDataProvider.java | 2 ++ 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java index f46fd55a..13ac62b8 100644 --- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java +++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/metadata/authentication/OAuth2AuthenticationMetaData.java @@ -39,6 +39,7 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData private String baseUrl; private String tokenUrl; private String clientId; + private String scopes; private String userSessionTableName; private String redirectStateTableName; @@ -80,6 +81,7 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData qInstanceValidator.assertCondition(StringUtils.hasContent(baseUrl), prefix + "baseUrl must be set"); qInstanceValidator.assertCondition(StringUtils.hasContent(clientId), prefix + "clientId must be set"); qInstanceValidator.assertCondition(StringUtils.hasContent(clientSecret), prefix + "clientSecret must be set"); + qInstanceValidator.assertCondition(StringUtils.hasContent(scopes), prefix + "scopes must be set"); if(qInstanceValidator.assertCondition(StringUtils.hasContent(userSessionTableName), prefix + "userSessionTableName must be set")) { @@ -284,4 +286,35 @@ public class OAuth2AuthenticationMetaData extends QAuthenticationMetaData return (this); } + + /******************************************************************************* + ** Getter for scopes + *******************************************************************************/ + public String getScopes() + { + return (this.scopes); + } + + + + /******************************************************************************* + ** Setter for scopes + *******************************************************************************/ + public void setScopes(String scopes) + { + this.scopes = scopes; + } + + + + /******************************************************************************* + ** Fluent setter for scopes + *******************************************************************************/ + public OAuth2AuthenticationMetaData withScopes(String scopes) + { + this.scopes = scopes; + return (this); + } + + } diff --git a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java index a17cd53a..aa644b12 100644 --- a/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java +++ b/qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/OAuth2AuthenticationModule.java @@ -134,7 +134,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac AuthorizationCodeGrant codeGrant = new AuthorizationCodeGrant(code, redirectURI); URI tokenEndpoint = getOIDCProviderMetadata(oauth2MetaData).getTokenEndpointURI(); - Scope scope = new Scope("openid profile email offline_access"); + Scope scope = new Scope(oauth2MetaData.getScopes()); TokenRequest tokenRequest = new TokenRequest(tokenEndpoint, clientSecretBasic, codeGrant, scope); return createSessionFromTokenRequest(tokenRequest); @@ -155,7 +155,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret); URI tokenEndpoint = getOIDCProviderMetadata(oauth2MetaData).getTokenEndpointURI(); - Scope scope = new Scope("openid profile email offline_access"); + Scope scope = new Scope(oauth2MetaData.getScopes()); TokenRequest tokenRequest = new TokenRequest(tokenEndpoint, clientAuth, codeGrant, scope); return createSessionFromTokenRequest(tokenRequest); @@ -304,7 +304,7 @@ public class OAuth2AuthenticationModule implements QAuthenticationModuleInterfac + "?client_id=" + URLEncoder.encode(oauth2MetaData.getClientId(), StandardCharsets.UTF_8) + "&redirect_uri=" + URLEncoder.encode(originalUrl, StandardCharsets.UTF_8) + "&response_type=code" - + "&scope=" + URLEncoder.encode("openid profile email", StandardCharsets.UTF_8) + + "&scope=" + URLEncoder.encode(oauth2MetaData.getScopes(), StandardCharsets.UTF_8) + "&state=" + URLEncoder.encode(state.getValue(), StandardCharsets.UTF_8); } catch(Exception e) diff --git a/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java b/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java index ffb753fd..49a30db3 100644 --- a/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java +++ b/qqq-sample-project/src/main/java/com/kingsrook/sampleapp/metadata/OAuth2MetaDataProvider.java @@ -53,11 +53,13 @@ public class OAuth2MetaDataProvider implements MetaDataProducerInterface