[4.3] add more discovery to kazoo auth (#6469)

2600hz · Apr 13, 2020 · fa0fc9a · fa0fc9a
1 parent fd15c2a
commit fa0fc9a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 9 deletions.
diff --git a/core/kazoo_auth/src/kz_auth.erl b/core/kazoo_auth/src/kz_auth.erl
@@ -64,6 +64,7 @@ authenticate(Token)
   when is_map(Token) ->
     Routines = [fun kz_auth_token_util:add_application/1
                ,fun kz_auth_token_util:add_provider/1
+               ,fun kz_auth_token_util:add_discovery/1
                ,fun kz_auth_token_util:access_code/1
                ,fun kz_auth_token_util:access_token/1
                ,fun kz_auth_token_util:verify/1

diff --git a/core/kazoo_auth/src/kz_auth_identity.erl b/core/kazoo_auth/src/kz_auth_identity.erl
@@ -379,12 +379,11 @@ reset_secret(Claims) ->
 reset_doc_secret(JObj) ->
     kz_json:set_value(?PVT_SIGNING_SECRET, generate_new_kazoo_signing_secret(), JObj).
 
-
 %%------------------------------------------------------------------------------
 %% @doc Check if `?PVT_SIGNING_SECRET' is a non-empty value
 %% @end
 %%------------------------------------------------------------------------------
--spec has_doc_secret(kz_json:object()) -> kz_json:object().
+-spec has_doc_secret(kz_json:object()) -> boolean().
 has_doc_secret(JObj) ->
     kz_json:get_ne_binary_value(?PVT_SIGNING_SECRET, JObj) =/= 'undefined'.
 

diff --git a/core/kazoo_auth/src/kz_auth_profile.erl b/core/kazoo_auth/src/kz_auth_profile.erl
@@ -122,6 +122,15 @@ maybe_load_profile(#{auth_provider := #{profile_url := _ProfileURL}
                     ,original := Original
                     }=Token) ->
     maybe_load_profile(Token#{access_token => Original});
+maybe_load_profile(#{auth_provider := #{profile_discovery_field := ProfileField} = AuthProvider
+                    ,discovery := Discovery
+                    }=Token) ->
+    maybe_load_profile(Token#{auth_provider => AuthProvider#{profile_url => kz_json:get_ne_binary_value(ProfileField, Discovery)}});
+maybe_load_profile(#{auth_provider := AuthProvider
+                    ,discovery := Discovery
+                    }=Token) ->
+    ProfileField = <<"userinfo_endpoint">>,
+    maybe_load_profile(Token#{auth_provider => AuthProvider#{profile_url => kz_json:get_ne_binary_value(ProfileField, Discovery)}});
 maybe_load_profile(#{} = Token) -> Token#{profile => kz_json:new()}.
 
 -spec profile_authorization(map(), kz_term:ne_binary()) -> binary().
@@ -214,9 +223,10 @@ maybe_add_user_identity(#{auth_provider := #{profile_identity_fields := Fields}
             lager:debug("found user identity ~p", [Identity]),
             Token#{user_identity => Identity}
     end;
-maybe_add_user_identity(#{auth_provider := #{name := Prov}}=Token) ->
-    lager:debug("provider '~s' doesn't support identity profile info", [Prov]),
-    Token.
+maybe_add_user_identity(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_user_identity(#{auth_provider := Provider} = Token) ->
+    maybe_add_user_identity(Token#{auth_provider => Provider#{profile_identity_field => <<"sub">>}}).
 
 -spec maybe_add_display_name(map()) -> map().
 maybe_add_display_name(#{display_name := _DisplayName} = Token) -> Token;
@@ -232,9 +242,10 @@ maybe_add_display_name(#{auth_provider := #{profile_displayName_field := Field}
             lager:debug("found user displayName ~p", [DisplayName]),
             Token#{display_name => DisplayName}
     end;
-maybe_add_display_name(#{auth_provider := #{name := Prov}}=Token) ->
-    lager:debug("provider '~s' doesn't support displayName profile info", [Prov]),
-    Token.
+maybe_add_display_name(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_display_name(#{auth_provider := Provider} = Token) ->
+    maybe_add_display_name(Token#{auth_provider => Provider#{profile_displayName_field => <<"name">>}}).
 
 -spec maybe_add_photo_url(map()) -> map().
 maybe_add_photo_url(#{photo_url := _PhotoUrl} = Token) -> Token;
@@ -250,7 +261,10 @@ maybe_add_photo_url(#{auth_provider := #{profile_photo_url_field := Field}
             lager:debug("found user photoUrl ~p", [PhotoUrl]),
             Token#{photo_url => PhotoUrl}
     end;
-maybe_add_photo_url(Token) -> Token.
+maybe_add_photo_url(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_photo_url(#{auth_provider := Provider} = Token) ->
+    maybe_add_photo_url(Token#{auth_provider => Provider#{profile_photo_url_field => <<"picture">>}}).
 
 -spec maybe_add_user_email(map()) -> map().
 maybe_add_user_email(#{user_email := _UserEmail} = Token) -> Token;

diff --git a/core/kazoo_auth/src/kz_auth_token_util.erl b/core/kazoo_auth/src/kz_auth_token_util.erl
@@ -11,6 +11,7 @@
 
 -export([add_application/1
         ,add_provider/1
+        ,add_discovery/1
         ,verify/1
         ,access_code/1
         ,access_token/1
@@ -35,6 +36,23 @@ add_provider(#{claims := #{iss :=Issuer}}=Token) ->
     Token#{auth_provider => kz_auth_providers:provider_by_issuer(Issuer)};
 add_provider(#{}=Token) -> Token.
 
+-spec add_discovery(map()) -> map().
+add_discovery(#{auth_provider := #{discovery := DiscoveryUrl}}=Token) ->
+    lager:debug("getting discovery document from ~s", [DiscoveryUrl]),
+    case kz_auth_util:get_json_from_url(DiscoveryUrl) of
+        {'ok', JObj} -> Token#{discovery => JObj};
+        _ -> Token
+    end;
+add_discovery(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+add_discovery(#{payload := #{<<"iss">> := <<"http", _/binary>> = Issuer}}=Token) ->
+    DiscoveryUrl = <<Issuer/binary, "/.well-known/openid-configuration">>,
+    case kz_auth_util:get_json_from_url(DiscoveryUrl) of
+        {'ok', JObj} -> Token#{discovery => JObj};
+        _ -> Token
+    end;
+add_discovery(#{}=Token) -> Token.
+
 
 -spec access_code(map()) -> map().
 access_code(#{code := Code