From dc1c552ac3baa28d4449d96aa6ecc39343519137 Mon Sep 17 00:00:00 2001 From: Olivier Levitt Date: Fri, 9 Feb 2024 16:02:11 +0100 Subject: [PATCH] OIDC : extra query params (#378) --- README.md | 1 + .../api/controller/pub/ConfigurationController.java | 1 + .../insee/onyxia/api/security/OIDCConfiguration.java | 11 +++++++++++ .../java/fr/insee/onyxia/model/region/Region.java | 10 ++++++++++ 4 files changed, 23 insertions(+) diff --git a/README.md b/README.md index 4337b0c6..be8cff08 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ Configurable properties : | `oidc.audience` | | Optional : audience to validate. Must be the same as the token's `aud` field | | `oidc.username-claim` | `preferred_username` | Claim to be used as user id. Must conform to [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names) | | `oidc.groups-claim` | `groups` | Claim to be used as list of user groups. | +| `oidc.extra-query-params` | | Optional : query params to be added by client. e.g : `prompt=consent&kc_idp_hint=google` | ### Security configuration : | Key | Default | Description | diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/controller/pub/ConfigurationController.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/controller/pub/ConfigurationController.java index e03f5509..0c245d70 100644 --- a/onyxia-api/src/main/java/fr/insee/onyxia/api/controller/pub/ConfigurationController.java +++ b/onyxia-api/src/main/java/fr/insee/onyxia/api/controller/pub/ConfigurationController.java @@ -53,6 +53,7 @@ public AppInfo configuration() { if (oidcConfiguration != null) { OIDCConfiguration.setIssuerURI(oidcConfiguration.getIssuerUri()); OIDCConfiguration.setClientID(oidcConfiguration.getClientID()); + OIDCConfiguration.setExtraQueryParams(oidcConfiguration.getExtraQueryParams()); appInfo.setOidcConfiguration(OIDCConfiguration); } return appInfo; diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java index 77015f4f..95dccce2 100644 --- a/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java +++ b/onyxia-api/src/main/java/fr/insee/onyxia/api/security/OIDCConfiguration.java @@ -58,6 +58,9 @@ public class OIDCConfiguration { @Value("${oidc.clientID}") private String clientID; + @Value("${oidc.extra-query-params}") + private String extraQueryParams; + private final HttpRequestUtils httpRequestUtils; @Autowired @@ -210,6 +213,14 @@ public void setClientID(String clientID) { this.clientID = clientID; } + public String getExtraQueryParams() { + return extraQueryParams; + } + + public void setExtraQueryParams(String extraQueryParams) { + this.extraQueryParams = extraQueryParams; + } + @Bean @ConditionalOnProperty(prefix = "oidc", name = "issuer-uri") NimbusJwtDecoder jwtDecoder() { diff --git a/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java b/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java index 83929907..7702ddd3 100644 --- a/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java +++ b/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java @@ -1095,6 +1095,8 @@ public static class OIDCConfiguration { private String issuerURI; private String clientID; + private String extraQueryParams; + public String getIssuerURI() { return issuerURI; } @@ -1110,6 +1112,14 @@ public String getClientID() { public void setClientID(String clientID) { this.clientID = clientID; } + + public String getExtraQueryParams() { + return extraQueryParams; + } + + public void setExtraQueryParams(String extraQueryParams) { + this.extraQueryParams = extraQueryParams; + } } public static class Expose {