Add pocket id SSO support

Author: karlomikus

app/Providers/AppServiceProvider.php

@@ -39,6 +39,7 @@ public function boot()
             $event->extendSocialite('authentik', \SocialiteProviders\Authentik\Provider::class);
             $event->extendSocialite('authelia', \SocialiteProviders\Authelia\Provider::class);
             $event->extendSocialite('keycloak', \SocialiteProviders\Keycloak\Provider::class);
+            $event->extendSocialite('pocketid', \Kami\Cocktail\Services\Auth\PocketIdProvider::class);
         });
 
         if (DB::getDriverName() === 'sqlite') {

app/Services/Auth/OauthProvider.php

@@ -18,6 +18,7 @@ enum OauthProvider: string
     case Authentik = 'authentik';
     case Authelia = 'authelia';
     case Keycloak = 'keycloak';
+    case PocketId = 'pocketid';
 
     public function getPrettyName(): string
     {
@@ -28,6 +29,7 @@ public function getPrettyName(): string
             self::Authentik => 'Authentik',
             self::Authelia => 'Authelia',
             self::Keycloak => 'Keycloak',
+            self::PocketId => 'PocketId',
         };
     }
 }

app/Services/Auth/PocketIdExtendSocialite.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Kami\Cocktail\Services\Auth;
+
+use Laravel\Socialite\Contracts\Provider;
+use SocialiteProviders\Manager\SocialiteWasCalled;
+
+class PocketIdExtendSocialite
+{
+    public function handle(SocialiteWasCalled $socialiteWasCalled): void
+    {
+        $socialiteWasCalled->extendSocialite('pocketid', Provider::class);
+    }
+}

app/Services/Auth/PocketIdProvider.php

@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Kami\Cocktail\Services\Auth;
+
+use GuzzleHttp\RequestOptions;
+use Illuminate\Support\Arr;
+use SocialiteProviders\Manager\OAuth2\AbstractProvider;
+use SocialiteProviders\Manager\OAuth2\User;
+
+class PocketIdProvider extends AbstractProvider
+{
+    public const IDENTIFIER = 'POCKETID';
+
+    /**
+     * @var array<string>
+     */
+    protected $scopes = ['openid profile email'];
+
+    /**
+     * @return array<string>
+     */
+    public static function additionalConfigKeys(): array
+    {
+        return ['base_url'];
+    }
+
+    protected function getBaseUrl(): string
+    {
+        return rtrim($this->getConfig('base_url'), '/');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getAuthUrl($state)
+    {
+        return $this->buildAuthUrlFromBase($this->getBaseUrl() . '/authorize', $state);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getTokenUrl()
+    {
+        return $this->getBaseUrl() . '/api/oidc/token';
+    }
+
+    /**
+     * @return array<mixed>
+     */
+    protected function getUserByToken($token): array
+    {
+        $response = $this->getHttpClient()->get($this->getBaseUrl() . '/api/oidc/userinfo', [
+            RequestOptions::HEADERS => [
+                'Authorization' => 'Bearer '.$token,
+            ],
+        ]);
+
+        return json_decode((string) $response->getBody(), true);
+    }
+
+    /**
+     * @param array<mixed> $user
+     */
+    protected function mapUserToObject(array $user): User
+    {
+        return (new User())->setRaw($user)->map([
+            'id' => Arr::get($user, 'sub'),
+            'nickname' => Arr::get($user, 'preferred_username'),
+            'name' => Arr::get($user, 'name'),
+            'email' => Arr::get($user, 'email'),
+        ]);
+    }
+}

config/services.php

@@ -70,4 +70,11 @@
         'base_url' => env('KEYCLOAK_BASE_URL'),
         'realms' => env('KEYCLOAK_REALM'),
     ],
+
+    'pocketid' => [
+        'base_url' => env('POCKETID_BASE_URL'),
+        'client_id' => env('POCKETID_CLIENT_ID'),
+        'client_secret' => env('POCKETID_CLIENT_SECRET'),
+        'redirect' => env('POCKETID_REDIRECT_URI')
+    ],
 ];