1717 ]).
1818
1919-include (" oauth2_client.hrl"
20+
2021-spec get_access_token (oauth_provider (), access_token_request ()) ->
21- {ok , successful_access_token_response ()} | {error , unsuccessful_access_token_response () | any ()}.
22+ {ok , successful_access_token_response ()} |
23+ {error , unsuccessful_access_token_response () | any ()}.
2224get_access_token (OAuthProvider , Request ) ->
2325 rabbit_log :debug (" get_access_token using OAuthProvider:~p and client_id:~p "
2426 [OAuthProvider , Request # access_token_request .client_id ]),
@@ -33,7 +35,8 @@ get_access_token(OAuthProvider, Request) ->
3335 parse_access_token_response (Response ).
3436
3537-spec refresh_access_token (oauth_provider (), refresh_token_request ()) ->
36- {ok , successful_access_token_response ()} | {error , unsuccessful_access_token_response () | any ()}.
38+ {ok , successful_access_token_response ()} |
39+ {error , unsuccessful_access_token_response () | any ()}.
3740refresh_access_token (OAuthProvider , Request ) ->
3841 URL = OAuthProvider # oauth_provider .token_endpoint ,
3942 Header = [],
@@ -50,8 +53,9 @@ append_paths(Path1, Path2) ->
5053
5154-spec build_openid_discovery_endpoint (Issuer :: uri_string :uri_string (),
5255 OpenIdConfigurationPath :: uri_string :uri_string () | undefined ,
53- Params :: query_list ()) -> uri_string :uri_string ().
56+ Params :: query_list ()) -> uri_string :uri_string () | undefined .
5457
58+ build_openid_discovery_endpoint (undefined , _ , _ ) -> undefined ;
5559build_openid_discovery_endpoint (Issuer , undefined , Params ) ->
5660 build_openid_discovery_endpoint (Issuer , ? DEFAULT_OPENID_CONFIGURATION_PATH ,
5761 Params );
@@ -95,23 +99,23 @@ get_openid_configuration(DiscoverEndpoint, TLSOptions) ->
9599
96100-spec merge_openid_configuration (openid_configuration (), oauth_provider ()) ->
97101 oauth_provider ().
98- merge_openid_configuration (OpendIdConfiguration , OAuthProvider0 ) ->
99- OAuthProvider1 = case OpendIdConfiguration # openid_configuration .token_endpoint of
102+ merge_openid_configuration (OpenId , OAuthProvider0 ) ->
103+ OAuthProvider1 = case OpenId # openid_configuration .token_endpoint of
100104 undefined -> OAuthProvider0 ;
101105 TokenEndpoint ->
102106 OAuthProvider0 # oauth_provider {token_endpoint = TokenEndpoint }
103107 end ,
104- OAuthProvider2 = case OpendIdConfiguration # openid_configuration .authorization_endpoint of
108+ OAuthProvider2 = case OpenId # openid_configuration .authorization_endpoint of
105109 undefined -> OAuthProvider1 ;
106110 AuthorizationEndpoint ->
107111 OAuthProvider1 # oauth_provider {authorization_endpoint = AuthorizationEndpoint }
108112 end ,
109- OAuthProvider3 = case OpendIdConfiguration # openid_configuration .end_session_endpoint of
113+ OAuthProvider3 = case OpenId # openid_configuration .end_session_endpoint of
110114 undefined -> OAuthProvider2 ;
111115 EndSessionEndpoint ->
112116 OAuthProvider2 # oauth_provider {end_session_endpoint = EndSessionEndpoint }
113117 end ,
114- case OpendIdConfiguration # openid_configuration .jwks_uri of
118+ case OpenId # openid_configuration .jwks_uri of
115119 undefined -> OAuthProvider3 ;
116120 JwksUri ->
117121 OAuthProvider3 # oauth_provider {jwks_uri = JwksUri }
@@ -146,7 +150,8 @@ parse_openid_configuration_response({error, Reason}) ->
146150parse_openid_configuration_response ({ok ,{{_ ,Code ,Reason }, Headers , Body }}) ->
147151 map_response_to_openid_configuration (Code , Reason , Headers , Body ).
148152map_response_to_openid_configuration (Code , Reason , Headers , Body ) ->
149- case decode_body (proplists :get_value (" content-type" Headers , ? CONTENT_JSON ), Body ) of
153+ case decode_body (proplists :get_value (" content-type" Headers ,
154+ ? CONTENT_JSON ), Body ) of
150155 {error , {error , InternalError }} ->
151156 {error , InternalError };
152157 {error , _ } = Error ->
@@ -162,13 +167,16 @@ map_to_openid_configuration(Map) ->
162167 # openid_configuration {
163168 issuer = maps :get (? RESPONSE_ISSUER , Map ),
164169 token_endpoint = maps :get (? RESPONSE_TOKEN_ENDPOINT , Map , undefined ),
165- authorization_endpoint = maps :get (? RESPONSE_AUTHORIZATION_ENDPOINT , Map , undefined ),
166- end_session_endpoint = maps :get (? RESPONSE_END_SESSION_ENDPOINT , Map , undefined ),
170+ authorization_endpoint = maps :get (? RESPONSE_AUTHORIZATION_ENDPOINT ,
171+ Map , undefined ),
172+ end_session_endpoint = maps :get (? RESPONSE_END_SESSION_ENDPOINT ,
173+ Map , undefined ),
167174 jwks_uri = maps :get (? RESPONSE_JWKS_URI , Map , undefined )
168175 }.
169176
170177-spec get_expiration_time (successful_access_token_response ()) ->
171- {ok , [{expires_in , integer () }| {exp , integer () }]} | {error , missing_exp_field }.
178+ {ok , [{expires_in , integer () }| {exp , integer () }]} |
179+ {error , missing_exp_field }.
172180get_expiration_time (# successful_access_token_response {expires_in = ExpiresInSec ,
173181 access_token = AccessToken }) ->
174182 case ExpiresInSec of
@@ -188,15 +196,8 @@ update_oauth_provider_endpoints_configuration(OAuthProvider) ->
188196 unlock (LockId )
189197 end .
190198
191- update_oauth_provider_endpoints_configuration (OAuthProviderId , OAuthProvider ) ->
192- LockId = lock (),
193- try do_update_oauth_provider_endpoints_configuration (OAuthProviderId , OAuthProvider ) of
194- V -> V
195- after
196- unlock (LockId )
197- end .
198-
199- do_update_oauth_provider_endpoints_configuration (OAuthProvider ) ->
199+ do_update_oauth_provider_endpoints_configuration (OAuthProvider ) when
200+ OAuthProvider # oauth_provider .id == root ->
200201 case OAuthProvider # oauth_provider .token_endpoint of
201202 undefined -> do_nothing ;
202203 TokenEndpoint -> set_env (token_endpoint , TokenEndpoint )
@@ -215,10 +216,12 @@ do_update_oauth_provider_endpoints_configuration(OAuthProvider) ->
215216 JwksEndPoint -> [{jwks_url , JwksEndPoint } | proplists :delete (jwks_url , List )]
216217 end ,
217218 set_env (key_config , ModifiedList ),
218- rabbit_log :debug (" Updated oauth_provider details: ~p " format_oauth_provider (OAuthProvider )]),
219- OAuthProvider .
219+ rabbit_log :debug (" Updated oauth_provider details: ~p "
220+ [format_oauth_provider (OAuthProvider )]),
221+ OAuthProvider ;
220222
221- do_update_oauth_provider_endpoints_configuration (OAuthProviderId , OAuthProvider ) ->
223+ do_update_oauth_provider_endpoints_configuration (OAuthProvider ) ->
224+ OAuthProviderId = OAuthProvider # oauth_provider .id ,
222225 OAuthProviders = get_env (oauth_providers , #{}),
223226 Proplist = maps :get (OAuthProviderId , OAuthProviders ),
224227 ModifiedOAuthProviders = maps :put (OAuthProviderId ,
@@ -241,7 +244,8 @@ lock() ->
241244 false -> undefined
242245 end ;
243246 {Nodes , Retries } ->
244- case global :set_lock ({oauth2_config_lock , rabbitmq_auth_backend_oauth2 }, Nodes , Retries ) of
247+ case global :set_lock ({oauth2_config_lock , rabbitmq_auth_backend_oauth2 },
248+ Nodes , Retries ) of
245249 true -> rabbitmq_auth_backend_oauth2 ;
246250 false -> undefined
247251 end
@@ -252,8 +256,10 @@ unlock(LockId) ->
252256 undefined -> ok ;
253257 Value ->
254258 case use_global_locks_on_all_nodes () of
255- {} -> global :del_lock ({oauth2_config_lock , Value });
256- {Nodes , _Retries } -> global :del_lock ({oauth2_config_lock , Value }, Nodes )
259+ {} ->
260+ global :del_lock ({oauth2_config_lock , Value });
261+ {Nodes , _Retries } ->
262+ global :del_lock ({oauth2_config_lock , Value }, Nodes )
257263 end
258264 end .
259265
@@ -262,52 +268,70 @@ get_oauth_provider(ListOfRequiredAttributes) ->
262268 case get_env (default_oauth_provider ) of
263269 undefined -> get_oauth_provider_from_keyconfig (ListOfRequiredAttributes );
264270 DefaultOauthProviderId ->
265- rabbit_log :debug (" Using default_oauth_provider ~p " DefaultOauthProviderId ]),
271+ rabbit_log :debug (" Using default_oauth_provider ~p "
272+ [DefaultOauthProviderId ]),
266273 get_oauth_provider (DefaultOauthProviderId , ListOfRequiredAttributes )
267274 end .
268275
276+ -spec download_oauth_provider (oauth_provider ()) -> {ok , oauth_provider ()} |
277+ {error , any ()}.
278+ download_oauth_provider (OAuthProvider ) ->
279+ case OAuthProvider # oauth_provider .discovery_endpoint of
280+ undefined -> {error , {missing_oauth_provider_attributes , [issuer ]}};
281+ URL ->
282+ rabbit_log :debug (" Downloading oauth_provider using ~p " URL ]),
283+ case get_openid_configuration (URL , get_ssl_options_if_any (OAuthProvider )) of
284+ {ok , OpenIdConfiguration } ->
285+ {ok , update_oauth_provider_endpoints_configuration (
286+ merge_openid_configuration (OpenIdConfiguration , OAuthProvider ))};
287+ {error , _ } = Error2 -> Error2
288+ end
289+ end .
290+
291+ ensure_oauth_provider_has_attributes (OAuthProvider , ListOfRequiredAttributes ) ->
292+ case find_missing_attributes (OAuthProvider , ListOfRequiredAttributes ) of
293+ [] ->
294+ rabbit_log :debug (" Resolved oauth_provider ~p "
295+ [format_oauth_provider (OAuthProvider )]),
296+ {ok , OAuthProvider };
297+ _ = Attrs ->
298+ {error , {missing_oauth_provider_attributes , Attrs }}
299+ end .
300+
269301get_oauth_provider_from_keyconfig (ListOfRequiredAttributes ) ->
270302 OAuthProvider = lookup_oauth_provider_from_keyconfig (),
271- rabbit_log :debug (" Using oauth_provider ~p from keyconfig" format_oauth_provider (OAuthProvider )]),
303+ rabbit_log :debug (" Using oauth_provider ~p from keyconfig"
304+ [format_oauth_provider (OAuthProvider )]),
272305 case find_missing_attributes (OAuthProvider , ListOfRequiredAttributes ) of
273306 [] ->
274307 {ok , OAuthProvider };
275308 _ = MissingAttributes ->
276- rabbit_log :debug (" Looking up missing attributes ~p ..." MissingAttributes ]),
277- Result2 = case OAuthProvider # oauth_provider .discovery_endpoint of
278- undefined -> {error , {missing_oauth_provider_attributes , [issuer ]}};
279- URL ->
280- rabbit_log :debug (" Downloading oauth_provider using ~p " URL ]),
281- case get_openid_configuration (URL , get_ssl_options_if_any (OAuthProvider )) of
282- {ok , OpenIdConfiguration } ->
283- {ok , update_oauth_provider_endpoints_configuration (
284- merge_openid_configuration (OpenIdConfiguration , OAuthProvider ))};
285- {error , _ } = Error2 -> Error2
286- end
287- end ,
288- case Result2 of
289- {ok , OAuthProvider2 } ->
290- case find_missing_attributes (OAuthProvider2 , ListOfRequiredAttributes ) of
291- [] ->
292- rabbit_log :debug (" Resolved oauth_provider ~p " format_oauth_provider (OAuthProvider )]),
293- {ok , OAuthProvider2 };
294- _ = Attrs ->
295- {error , {missing_oauth_provider_attributes , Attrs }}
296- end ;
297- {error , _ } = Error3 -> Error3
309+ rabbit_log :debug (" Looking up missing attributes ~p ..."
310+ [MissingAttributes ]),
311+ case download_oauth_provider (OAuthProvider ) of
312+ {ok , OAuthProvider2 } ->
313+ ensure_oauth_provider_has_attributes (OAuthProvider2 ,
314+ ListOfRequiredAttributes );
315+ {error , _ } = Error3 ->
316+ Error3
298317 end
299318 end .
300319
301320
302- -spec get_oauth_provider (oauth_provider_id (), list ()) -> {ok , oauth_provider ()} | {error , any ()}.
321+ -spec get_oauth_provider (oauth_provider_id (), list ()) -> {ok , oauth_provider ()} |
322+ {error , any ()}.
303323get_oauth_provider (root , ListOfRequiredAttributes ) ->
304324 get_oauth_provider (ListOfRequiredAttributes );
305325
306- get_oauth_provider (OAuth2ProviderId , ListOfRequiredAttributes ) when is_list (OAuth2ProviderId ) ->
307- get_oauth_provider (list_to_binary (OAuth2ProviderId ), ListOfRequiredAttributes );
326+ get_oauth_provider (OAuth2ProviderId , ListOfRequiredAttributes )
327+ when is_list (OAuth2ProviderId ) ->
328+ get_oauth_provider (list_to_binary (OAuth2ProviderId ),
329+ ListOfRequiredAttributes );
308330
309- get_oauth_provider (OAuthProviderId , ListOfRequiredAttributes ) when is_binary (OAuthProviderId ) ->
310- rabbit_log :debug (" get_oauth_provider ~p with at least these attributes: ~p " OAuthProviderId , ListOfRequiredAttributes ]),
331+ get_oauth_provider (OAuthProviderId , ListOfRequiredAttributes )
332+ when is_binary (OAuthProviderId ) ->
333+ rabbit_log :debug (" get_oauth_provider ~p with at least these attributes: ~p "
334+ [OAuthProviderId , ListOfRequiredAttributes ]),
311335 case lookup_oauth_provider_config (OAuthProviderId ) of
312336 {error , _ } = Error0 ->
313337 rabbit_log :debug (" Failed to find oauth_provider ~p configuration due to ~p "
@@ -322,28 +346,12 @@ get_oauth_provider(OAuthProviderId, ListOfRequiredAttributes) when is_binary(OAu
322346 {ok , OAuthProvider };
323347 _ = MissingAttributes ->
324348 rabbit_log :debug (" OauthProvider has following missing attributes ~p " MissingAttributes ]),
325- Result2 = case OAuthProvider # oauth_provider .discovery_endpoint of
326- undefined -> {error , {missing_oauth_provider_attributes , [issuer ]}};
327- URL ->
328- rabbit_log :debug (" Downloading oauth_provider ~p using ~p ..."
329- [OAuthProviderId , URL ]),
330- case get_openid_configuration (URL , get_ssl_options_if_any (OAuthProvider )) of
331- {ok , OpenIdConfiguration } ->
332- {ok , update_oauth_provider_endpoints_configuration (OAuthProviderId ,
333- merge_openid_configuration (OpenIdConfiguration , OAuthProvider ))};
334- {error , _ } = Error2 -> Error2
335- end
336- end ,
337- case Result2 of
349+ case download_oauth_provider (OAuthProvider ) of
338350 {ok , OAuthProvider2 } ->
339- case find_missing_attributes (OAuthProvider2 , ListOfRequiredAttributes ) of
340- [] ->
341- rabbit_log :debug (" Resolved oauth_provider ~p " format_oauth_provider (OAuthProvider )]),
342- {ok , OAuthProvider2 };
343- _ = Attrs ->
344- {error , {missing_oauth_provider_attributes , Attrs }}
345- end ;
346- {error , _ } = Error3 -> Error3
351+ ensure_oauth_provider_has_attributes (OAuthProvider2 ,
352+ ListOfRequiredAttributes );
353+ {error , _ } = Error3 ->
354+ Error3
347355 end
348356 end
349357 end .
0 commit comments