Add token endpoint params to schema

Author: MarcialRosales

deps/oauth2_client/include/types.hrl

@@ -6,7 +6,7 @@
 %%
 
 %% The closest we have to a type import in Erlang
--type option(T) :: rabbit_types:option(T).
+-type(option(T) :: T | 'undefined').
 
 -type oauth_provider_id() :: root | binary().
 
@@ -22,10 +22,15 @@
 -record(oauth_provider, {
   id :: oauth_provider_id(),
   issuer :: option(uri_string:uri_string()),
+  discovery_endpoint_path :: option(uri_string:uri_string()),
+  discovery_endpoint_params :: option([tuple()]),
   token_endpoint :: option(uri_string:uri_string()),
+  token_endpoint_params :: option([tuple()]),
   authorization_endpoint :: option(uri_string:uri_string()),
+  authorization_endpoint_params :: option([tuple()]),
   end_session_endpoint :: option(uri_string:uri_string()),
   jwks_uri :: option(uri_string:uri_string()),
+  jwks_uri_params :: option([tuple()]),
   ssl_options :: option(list())
   }).
 

deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema

@@ -158,20 +158,55 @@
  "rabbitmq_auth_backend_oauth2.authorization_endpoint",
  [{datatype, string}, {validators, ["uri", "https_uri"]}]}.
 
-%% auth_oauth2.authorization_endpoint_params.audience
-%% auth_oauth2.resource_servers.rabbitmq.authorization_endpoint_params.audience
-%% auth_oauth2.resource_servers.rabbitmq.token_endpoint_params.audience
-%% auth_oauth2.resource_servers.rabbitmq.jkws_uri_params.appId =
-
-%%{mapping,
-%% "auth_oauth2.authorization_endpoint_params.$param",
-%% "rabbitmq_auth_backend_oauth2.oauth_providers",
-%% [{datatype, string}]}.
-
-%%{translation, "rabbitmq_auth_backend_oauth2.authorization_endpoint_params",
-%% fun(Conf) ->
-%%    oauth2_schema:translate_authorization_endpoint_params(Conf)
-%% end}.
+{mapping,
+ "auth_oauth2.authorization_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.authorization_endpoint_params",
+ [{datatype, string}]}.
+
+{translation, "rabbitmq_auth_backend_oauth2.authorization_endpoint_params",
+ fun(Conf) ->
+    oauth2_schema:translate_endpoint_params("authorization_endpoint_params", Conf)
+ end}.
+
+{mapping,
+ "auth_oauth2.discovery_endpoint_path",
+ "rabbitmq_auth_backend_oauth2.discovery_endpoint_path",
+ [{datatype, string}]}.
+
+{mapping,
+ "auth_oauth2.discovery_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.discovery_endpoint_params",
+ [{datatype, string}]}.
+
+{translation, "rabbitmq_auth_backend_oauth2.discovery_endpoint_params",
+ fun(Conf) ->
+    oauth2_schema:translate_endpoint_params("discovery_endpoint_params", Conf)
+ end}.
+
+{mapping,
+ "auth_oauth2.oauth_providers.$name.discovery_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.oauth_providers",
+ [{datatype, string}]}.
+
+{mapping,
+ "auth_oauth2.token_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.token_endpoint_params",
+ [{datatype, string}]}.
+
+{translation, "rabbitmq_auth_backend_oauth2.token_endpoint_params",
+ fun(Conf) ->
+    oauth2_schema:translate_endpoint_params("token_endpoint_params", Conf)
+ end}.
+
+{mapping,
+ "auth_oauth2.oauth_providers.$name.authorization_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.oauth_providers",
+ [{datatype, string}]}.
+
+{mapping,
+ "auth_oauth2.oauth_providers.$name.token_endpoint_params.$param",
+ "rabbitmq_auth_backend_oauth2.oauth_providers",
+ [{datatype, string}]}.
 
 {mapping,
  "auth_oauth2.oauth_providers.$name.algorithms.$algorithm",

deps/rabbitmq_auth_backend_oauth2/src/oauth2_schema.erl

@@ -11,8 +11,8 @@
 -export([
     translate_oauth_providers/1,
     translate_resource_servers/1,
-    translate_signing_keys/1 %,
-    %%translate_authorization_endpoint_params/1
+    translate_signing_keys/1,
+    translate_endpoint_params/2
 ]).
 
 extract_key_as_binary({Name,_}) -> list_to_binary(Name).
@@ -40,9 +40,13 @@ translate_oauth_providers(Conf) ->
 
     merge_list_of_maps([
         extract_oauth_providers_properties(Settings),
+        extract_oauth_providers_endpoint_params(discovery_endpoint_params, Settings),
+        extract_oauth_providers_endpoint_params(authorization_endpoint_params, Settings),
+        extract_oauth_providers_endpoint_params(token_endpoint_params, Settings),
         extract_oauth_providers_algorithm(Settings),
         extract_oauth_providers_https(Settings),
-        extract_oauth_providers_signing_keys(Settings)]).
+        extract_oauth_providers_signing_keys(Settings)
+        ]).
 
 -spec translate_signing_keys([{list(), binary()}]) -> map().
 translate_signing_keys(Conf) ->
@@ -64,10 +68,13 @@ translate_list_of_signing_keys(ListOfKidPath) ->
         end,
     maps:map(fun(_K, Path) -> {pem, TryReadingFileFun(Path)} end, maps:from_list(ListOfKidPath)).
 
-%%-spec translate_authorization_endpoint_params([{list(), binary()}]) -> map().
-%%translate_authorization_endpoint_params(Conf) ->
-%%    Params = cuttlefish_variable:filter_by_prefix("auth_oauth2.authorization_endpoint_params", Conf),
-%%    lists:map(fun({Id, Value}) -> {list_to_binary(lists:last(Id)), Value} end, Params).
+-spec translate_endpoint_params(list(), [{list(), binary()}]) -> map().
+translate_endpoint_params(Variable, Conf) ->
+    Params0 = cuttlefish_variable:filter_by_prefix("auth_oauth2." ++ Variable, Conf),
+    ct:log("translate_endpoint_params ~p -> ~p", [Variable, Params0]),
+    Params = [{list_to_binary(Param), list_to_binary(V)} ||
+        {["auth_oauth2", Name, Param], V} <- Params0],
+    maps:from_list(Params).
 
 validator_file_exists(Attr, Filename) ->
     case file:read_file(Filename) of
@@ -154,6 +161,14 @@ extract_resource_server_preferred_username_claims(Settings) ->
     maps:map(fun(_K,V)-> [{preferred_username_claims, V}] end,
         maps:groups_from_list(KeyFun, fun({_, V}) -> V end, Claims)).
 
+extract_oauth_providers_endpoint_params(Variable, Settings) ->
+    KeyFun = fun extract_key_as_binary/1,
+
+    IndexedParams = [{Name, {ParamName, list_to_binary(V)}} ||
+        {["auth_oauth2","oauth_providers", Name, EndpointVar, ParamName], V} <- Settings, EndpointVar == Variable ],
+    maps:map(fun(_K,V)-> [{Variable, V}] end,
+        maps:groups_from_list(KeyFun, fun({_, V}) -> V end, IndexedParams)).
+
 extract_oauth_providers_signing_keys(Settings) ->
     KeyFun = fun extract_key_as_binary/1,
 

deps/rabbitmq_auth_backend_oauth2/test/oauth2_schema_SUITE.erl

@@ -12,6 +12,7 @@
 -include_lib("common_test/include/ct.hrl").
 -include_lib("eunit/include/eunit.hrl").
 
+-import(oauth2_schema, [translate_endpoint_params/2, translate_oauth_providers/1]).
 
 all() ->
     [
@@ -24,6 +25,8 @@ all() ->
         test_oauth_providers_https,
         test_oauth_providers_https_with_missing_cacertfile,
         test_oauth_providers_signing_keys,
+        test_without_endpoint_params,
+        test_with_endpoint_params,
         test_without_resource_servers,
         test_with_one_resource_server,
         test_with_many_resource_servers,
@@ -38,6 +41,25 @@ test_without_oauth_providers(_) ->
 test_without_resource_servers(_) ->
     #{} = oauth2_schema:translate_resource_servers([]).
 
+test_without_endpoint_params(_) ->
+    #{} = translate_endpoint_params("discovery_endpoint_params", []),
+    #{} = translate_endpoint_params("token_endpoint_params", []),
+    #{} = translate_endpoint_params("authorization_endpoint_params", []).
+
+test_with_endpoint_params(_) ->
+    Conf = [
+        {["auth_oauth2","discovery_endpoint_params","param1"], "some-value1"},
+        {["auth_oauth2","discovery_endpoint_params","param2"], "some-value2"},
+        {["auth_oauth2","token_endpoint_params","audience"], "some-audience"},
+        {["auth_oauth2","authorization_endpoint_params","resource"], "some-resource"}
+    ],
+    #{ <<"param1">> := <<"some-value1">>, <<"param2">> := <<"some-value2">> } =
+        translate_endpoint_params("discovery_endpoint_params", Conf),
+    #{ <<"audience">> := <<"some-audience">>} =
+        translate_endpoint_params("token_endpoint_params", Conf),
+    #{ <<"resource">> := <<"some-resource">>} =
+        translate_endpoint_params("authorization_endpoint_params", Conf).
+
 test_with_one_oauth_provider(_) ->
     Conf = [{["auth_oauth2","oauth_providers","keycloak","issuer"],"https://rabbit"}
             ],