artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 15:27:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature/Integrate Hydra ORA as OIDC Identity Provider

Browse Source
This commit is contained in:
Marko Milić 2022-06-06 16:54:06 +02:00
parent 9bb0cdc367
commit 0ba5d15ff6
2 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
obp-api/src/main/scala/code/api/openidconnect.scala
View File

@ -176,17 +176,10 @@ object OpenIdConnect extends OBPRestHelper with MdcLoggable {
}
private def extractParams(s: S): (String, String, String) = {
val tuple3 = for {
code <- s.param("code")
state <- s.param("state")
sessionState <- OpenIDConnectSessionState.get
} yield {
(code, state, sessionState.toString())
}
tuple3 match {
case Full(tuple) => tuple
case _ => ("", "", "")
}
val code = s.param("code")
val state = s.param("state")
val sessionState = OpenIDConnectSessionState.get
(code.getOrElse(""), state.getOrElse(""), sessionState.toString())
}
private def getOrCreateAuthUser(user: User): Box[AuthUser] = {

17
obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -59,6 +59,7 @@ import code.util.HydraUtil._
import com.github.dwickern.macros.NameOf.nameOf
import sh.ory.hydra.model.AcceptLoginRequest
import net.liftweb.http.S.fmapFunc
import sh.ory.hydra.api.AdminApi
import scala.concurrent.Future
@ -934,6 +935,8 @@ def restoreSomeSessions(): Unit = {
* case5: UnKnow error --> UnexpectedErrorDuringLogin
*/
override def login: NodeSeq = {
// This query parameter is specific to Hydra ORA login request
val loginChallenge = S.param("login_challenge").getOrElse("")
def redirectUri(): String = {
loginRedirect.get match {
case Full(url) =>
@ -962,7 +965,19 @@ def restoreSomeSessions(): Unit = {
tryo{AuthUser.grantEmailDomainEntitlementsToUser(user)}
.openOr(logger.error(s"${user} checkInternalRedirectAndLogUserIn.grantEmailDomainEntitlementsToUser throw exception! "))
}}
S.redirectTo(redirect)
// We use Hydra as an Headless Identity Provider which implies OBP-API must provide User Management.
// If there is the query parameter login_challenge in a url we know it is tha Hydra request
// TODO Write standalone application for Login and Consent Request of Hydra as Identity Provider
integrateWithHydra match {
case true if !loginChallenge.isEmpty =>
val acceptLoginRequest = new AcceptLoginRequest
val adminApi: AdminApi = new AdminApi
acceptLoginRequest.setSubject(user.username.get)
val result = adminApi.acceptLoginRequest(loginChallenge, acceptLoginRequest)
S.redirectTo(result.getRedirectTo)
case false =>
S.redirectTo(redirect)
}
})
} else {
S.error(S.?(ErrorMessages.InvalidInternalRedirectUrl))