add more discovery to kazoo auth (2600hz#6470)

pqkazoo · Apr 13, 2020 · d07ef04 · d07ef04
1 parent b8c6d52
commit d07ef04
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 7 deletions.
diff --git a/core/kazoo_auth/src/kz_auth.erl b/core/kazoo_auth/src/kz_auth.erl
@@ -69,6 +69,7 @@ authenticate(Token)
   when is_map(Token) ->
     Routines = [fun kz_auth_token_util:add_application/1
                ,fun kz_auth_token_util:add_provider/1
+               ,fun kz_auth_token_util:add_discovery/1
                ,fun kz_auth_token_util:access_code/1
                ,fun kz_auth_token_util:access_token/1
                ,fun kz_auth_token_util:verify/1

diff --git a/core/kazoo_auth/src/kz_auth_profile.erl b/core/kazoo_auth/src/kz_auth_profile.erl
@@ -126,6 +126,15 @@ maybe_load_profile(#{auth_provider := #{profile_url := _ProfileURL}
                     ,original := Original
                     }=Token) ->
     maybe_load_profile(Token#{access_token => Original});
+maybe_load_profile(#{auth_provider := #{profile_discovery_field := ProfileField} = AuthProvider
+                    ,discovery := Discovery
+                    }=Token) ->
+    maybe_load_profile(Token#{auth_provider => AuthProvider#{profile_url => kz_json:get_ne_binary_value(ProfileField, Discovery)}});
+maybe_load_profile(#{auth_provider := AuthProvider
+                    ,discovery := Discovery
+                    }=Token) ->
+    ProfileField = <<"userinfo_endpoint">>,
+    maybe_load_profile(Token#{auth_provider => AuthProvider#{profile_url => kz_json:get_ne_binary_value(ProfileField, Discovery)}});
 maybe_load_profile(#{} = Token) -> Token#{profile => kz_json:new()}.
 
 -spec profile_authorization(map(), kz_term:ne_binary()) -> binary().
@@ -218,9 +227,10 @@ maybe_add_user_identity(#{auth_provider := #{profile_identity_fields := Fields}
             lager:debug("found user identity ~p", [Identity]),
             Token#{user_identity => Identity}
     end;
-maybe_add_user_identity(#{auth_provider := #{name := Prov}}=Token) ->
-    lager:debug("provider '~s' doesn't support identity profile info", [Prov]),
-    Token.
+maybe_add_user_identity(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_user_identity(#{auth_provider := Provider} = Token) ->
+    maybe_add_user_identity(Token#{auth_provider => Provider#{profile_identity_field => <<"sub">>}}).
 
 -spec maybe_add_display_name(map()) -> map().
 maybe_add_display_name(#{display_name := _DisplayName} = Token) -> Token;
@@ -236,9 +246,10 @@ maybe_add_display_name(#{auth_provider := #{profile_displayName_field := Field}
             lager:debug("found user displayName ~p", [DisplayName]),
             Token#{display_name => DisplayName}
     end;
-maybe_add_display_name(#{auth_provider := #{name := Prov}}=Token) ->
-    lager:debug("provider '~s' doesn't support displayName profile info", [Prov]),
-    Token.
+maybe_add_display_name(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_display_name(#{auth_provider := Provider} = Token) ->
+    maybe_add_display_name(Token#{auth_provider => Provider#{profile_displayName_field => <<"name">>}}).
 
 -spec maybe_add_photo_url(map()) -> map().
 maybe_add_photo_url(#{photo_url := _PhotoUrl} = Token) -> Token;
@@ -254,7 +265,10 @@ maybe_add_photo_url(#{auth_provider := #{profile_photo_url_field := Field}
             lager:debug("found user photoUrl ~p", [PhotoUrl]),
             Token#{photo_url => PhotoUrl}
     end;
-maybe_add_photo_url(Token) -> Token.
+maybe_add_photo_url(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+maybe_add_photo_url(#{auth_provider := Provider} = Token) ->
+    maybe_add_photo_url(Token#{auth_provider => Provider#{profile_photo_url_field => <<"picture">>}}).
 
 -spec maybe_add_user_email(map()) -> map().
 maybe_add_user_email(#{user_email := _UserEmail} = Token) -> Token;

diff --git a/core/kazoo_auth/src/kz_auth_token_util.erl b/core/kazoo_auth/src/kz_auth_token_util.erl
@@ -15,6 +15,7 @@
 
 -export([add_application/1
         ,add_provider/1
+        ,add_discovery/1
         ,verify/1
         ,access_code/1
         ,access_token/1
@@ -39,6 +40,23 @@ add_provider(#{claims := #{iss :=Issuer}}=Token) ->
     Token#{auth_provider => kz_auth_providers:provider_by_issuer(Issuer)};
 add_provider(#{}=Token) -> Token.
 
+-spec add_discovery(map()) -> map().
+add_discovery(#{auth_provider := #{discovery := DiscoveryUrl}}=Token) ->
+    lager:debug("getting discovery document from ~s", [DiscoveryUrl]),
+    case kz_auth_util:get_json_from_url(DiscoveryUrl) of
+        {'ok', JObj} -> Token#{discovery => JObj};
+        _ -> Token
+    end;
+add_discovery(#{auth_provider := #{name := <<"kazoo">>}}=Token) ->
+    Token;
+add_discovery(#{payload := #{<<"iss">> := <<"http", _/binary>> = Issuer}}=Token) ->
+    DiscoveryUrl = <<Issuer/binary, "/.well-known/openid-configuration">>,
+    case kz_auth_util:get_json_from_url(DiscoveryUrl) of
+        {'ok', JObj} -> Token#{discovery => JObj};
+        _ -> Token
+    end;
+add_discovery(#{}=Token) -> Token.
+
 
 -spec access_code(map()) -> map().
 access_code(#{code := Code