Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

UserInfo endpoint responds to "email" scope

Download Browse

Part of story #14714: be an OpenID Connect provider To test you need an access token with the 'openid' scope AND the 'email' scope (if the usage of PKCE is forced, add the mandatory parameters): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=openid%20email&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token and an ID token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. Access the UserInfo endpoint with the given Access token: shell> curl -H 'Authorization: Bearer <access_token>' https://tuleap.example.com/oauth2/userinfo 6. The response will be a JSON object containing the "sub", "email" and "email_verified" keys Change-Id: Ib552388d09acf52323522e2b2548024bfaf3d1d0

+536 −84
Joris MASSON (jmasson) 2020-04-09 12:44
Joris MASSON (jmasson) 2020-04-09 17:42
80d70b188ffe4fd893927d43945af5266e91ad52
58e76d1a26fe7040909718a774a9468101d252fb
git #tuleap/stable/80d70b188ffe4fd893927d43945af5266e91ad52

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenVerifier.php +11 −6 Go to diff View file
A plugins/oauth2_server/include/OpenIDConnect/Scope/OpenIDConnectEmailScope.php +105 −0 Go to diff View file
M plugins/oauth2_server/include/User/UserInfoController.php +26 −24 Go to diff View file
A plugins/oauth2_server/include/User/UserInfoResponseRepresentation.php +76 −0 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +9 −7 Go to diff View file
M plugins/oauth2_server/phpunit/AccessToken/OAuth2AccessTokenVerifierTest.php +13 −10 Go to diff View file
A plugins/oauth2_server/phpunit/OpenIDConnect/Scope/OpenIDConnectEmailScopeTest.php +34 −0 Go to diff View file
M plugins/oauth2_server/phpunit/User/UserInfoControllerTest.php +49 −11 Go to diff View file
M plugins/oauth2_server/site-content/fr_FR/LC_MESSAGES/tuleap-oauth2_server.po +6 −0 Go to diff View file
M src/common/User/OAuth2/AccessToken/VerifyOAuth2AccessTokenEvent.php +11 −8 Go to diff View file
A src/common/User/OAuth2/ResourceServer/GrantedAuthorization.php +67 −0 Go to diff View file
M src/common/User/OAuth2/ResourceServer/OAuth2ResourceServerMiddleware.php +3 −3 Go to diff View file
M tests/lib/Builders/UserTestBuilder.php +9 −0 Go to diff View file
A tests/phpcs/TuleapCodingStandard/Tuleap/OAuth2Server/User/UserInfoResponseRepresentationTest.php +48 −0 Go to diff View file
M tests/phpunit/common/User/OAuth2/AccessToken/VerifyOAuth2AccessTokenEventTest.php +12 −8 Go to diff View file
A tests/phpunit/common/User/OAuth2/ResourceServer/GrantedAuthorizationTest.php +41 −0 Go to diff View file
M tests/phpunit/common/User/OAuth2/ResourceServer/OAuth2ResourceServerMiddlewareTest.php +16 −7 Go to diff View file