Skip to content

Commit

Permalink
Introduce LinkedIn OIDC provider
Browse files Browse the repository at this point in the history
Apply suggestions from code review, tests and docs

Co-authored-by: Sergey Beryozkin <[email protected]>
  • Loading branch information
gastaldi and sberyozkin committed Dec 14, 2023
1 parent ecdd3b2 commit 862881f
Show file tree
Hide file tree
Showing 7 changed files with 81 additions and 26 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
27 changes: 26 additions & 1 deletion docs/src/main/asciidoc/security-openid-connect-providers.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
include::_attributes.adoc[]
:diataxis-type: concept
:categories: security,web
:keywords: oidc github twitter google facebook mastodon microsoft apple spotify twitch
:keywords: oidc github twitter google facebook mastodon microsoft apple spotify twitch linkedin
:toclevels: 3
:topics: security,oidc,github,twitter,google,facebook,mastodon,microsoft,apple,spotify,twitch
:extensions: io.quarkus:quarkus-oidc
Expand Down Expand Up @@ -501,6 +501,31 @@ quarkus.oidc.client-id=<Client ID>
quarkus.oidc.credentials.client-secret=<Client Secret>
----

[[linkedin]]
=== LinkedIn

Create a https://developer.linkedin.com/[LinkedIn application]:

image::oidc-linkedin-1.png[role="thumb"]

Add the `Sign In with LinkedIn using OpenId Connect` product:

image::oidc-linkedin-2.png[role="thumb"]

You now can get your client id and secret. Don't forget to also add the authorized redirect URLs for your application:

image::oidc-linkedin-3.png[role="thumb"]

You can now configure your `application.properties`:

[source,properties]
----
quarkus.oidc.provider=linkedin
quarkus.oidc.client-id=<Client ID>
quarkus.oidc.credentials.client-secret=<Client Secret>
----



[[provider-scope]]
== Provider scopes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1808,6 +1808,7 @@ public static enum Provider {
FACEBOOK,
GITHUB,
GOOGLE,
LINKEDIN,
MASTODON,
MICROSOFT,
SPOTIFY,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,29 @@
public class KnownOidcProviders {

public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) {
switch (provider) {
case APPLE:
return apple();
case DISCORD:
return discord();
case FACEBOOK:
return facebook();
case GITHUB:
return github();
case GOOGLE:
return google();
case MASTODON:
return mastodon();
case MICROSOFT:
return microsoft();
case SPOTIFY:
return spotify();
case TWITCH:
return twitch();
case TWITTER:
case X:
return twitter();
default:
return null;
}
return switch (provider) {
case APPLE -> apple();
case DISCORD -> discord();
case FACEBOOK -> facebook();
case GITHUB -> github();
case GOOGLE -> google();
case LINKEDIN -> linkedIn();
case MASTODON -> mastodon();
case MICROSOFT -> microsoft();
case SPOTIFY -> spotify();
case TWITCH -> twitch();
case TWITTER, X -> twitter();
};
}

private static OidcTenantConfig linkedIn() {
OidcTenantConfig ret = new OidcTenantConfig();
ret.setAuthServerUrl("https://www.linkedin.com/oauth");
ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
ret.getAuthentication().setScopes(List.of("email", "profile"));
ret.getCredentials().getClientSecret().setMethod(Method.POST);
ret.getToken().setPrincipalClaim("name");
return ret;
}

private static OidcTenantConfig github() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;

import io.quarkus.oidc.OIDCException;
Expand Down Expand Up @@ -519,6 +520,36 @@ public void testOverrideDiscordProperties() throws Exception {
assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
}

@Test
public void testAcceptLinkedInProperties() throws Exception {
OidcTenantConfig tenant = new OidcTenantConfig();
tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.LINKEDIN));

assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
assertEquals("https://www.linkedin.com/oauth", config.getAuthServerUrl().get());
assertEquals(List.of("email", "profile"), config.authentication.scopes.get());
}

@Test
public void testOverrideLinkedInProperties() throws Exception {
OidcTenantConfig tenant = new OidcTenantConfig();
tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);

tenant.setApplicationType(ApplicationType.HYBRID);
tenant.setAuthServerUrl("http://localhost/wiremock");
tenant.credentials.clientSecret.setMethod(Method.BASIC);
tenant.authentication.setForceRedirectHttpsScheme(false);

OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.LINKEDIN));

assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
assertEquals(ApplicationType.HYBRID, config.getApplicationType().get());
assertEquals("http://localhost/wiremock", config.getAuthServerUrl().get());
assertFalse(config.getAuthentication().isForceRedirectHttpsScheme().get());
assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
}

@Test
public void testCorrectTokenType() throws Exception {
OidcTenantConfig.Token tokenClaims = new OidcTenantConfig.Token();
Expand Down

0 comments on commit 862881f

Please sign in to comment.