apollo-portal-oidc

[vdiskg]

What's the purpose of this PR

provide OpenID Connect login

1. to configure application-oidc.yml

spring:
  security:
    oauth2:
      client:
        provider:
          # provider-name 是 oidc 提供者的名称, 任意字符均可, registration 的配置需要用到这个名称
          provider-name:
            # 必须是 https, oidc 的 issuer-uri, 和 jwt 的 issuer-uri 一致的话直接引用即可, 也可以单独设置
            issuer-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}
        registration:
          # registration-name 是 oidc 客户端的名称, 任意字符均可
          registration-name:
            # oidc 登录必须配置一个 authorization_code 类型的 registration
            authorization-grant-type: authorization_code
            client-authentication-method: basic
            # client-id 是在 oidc 提供者处配置的客户端ID, 用于登录 provider
            client-id: apollo-portal
            # provider 的名称, 需要和上面配置的 provider 名称保持一致
            provider: provider-name
            scope:
              - openid
            # client-secret 是在 oidc 提供者处配置的客户端密码, 用于登录 provider
            # 更推荐使用环境变量来配置 SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAME_VDISK_CLIENT_SECRET (REGISTRATION_NAME 需替换为自定义的 oidc 客户端的名称)
            client-secret: d43c91c0-xxxx-xxxx-xxxx-xxxxxxxxxxxx
          # registration-name-client 是 oidc 客户端的名称, 任意字符均可, client_credentials 类型的 registration 为选填项, 可以不配置
          registration-name-client:
            # client_credentials 类型的 registration 为选填项, 可以不配置
            authorization-grant-type: client_credentials
            client-authentication-method: basic
            # client-id 是在 oidc 提供者处配置的客户端ID, 用于登录 provider
            client-id: apollo-portal
            # provider 的名称, 需要和上面配置的 provider 名称保持一致
            provider: provider-name
            scope:
              - openid
            # client-secret 是在 oidc 提供者处配置的客户端密码, 用于登录 provider, 多个 registration 的密码如果一致可以直接引用
            client-secret: ${spring.security.oauth2.client.registration.registration-name.client-secret}
      resourceserver:
        jwt:
          # 必须是 https, jwt 的 issuer-uri
          issuer-uri: https://host:port/auth/realms/apollo

2. to configure startup.sh
   -Dspring.profiles.active=github,oidc

[codecov-io]

Codecov Report

Merging #3534 (92f82f2) into master (9cc32f7) will decrease coverage by 0.41%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##             master    #3534      +/-   ##
============================================
- Coverage     51.32%   50.91%   -0.42%     
- Complexity     2315     2321       +6     
============================================
  Files           442      447       +5     
  Lines         13843    13989     +146     
  Branches       1408     1423      +15     
============================================
+ Hits           7105     7122      +17     
- Misses         6248     6376     +128     
- Partials        490      491       +1     

Impacted Files	Coverage Δ	Complexity Δ
...lo/portal/spi/configuration/AuthConfiguration.java	5.55% <0.00%> (-0.84%)	2.00 <0.00> (ø)
...ClientCredentialsClientRegistrationRepository.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...i/oidc/OidcAuthenticationSuccessEventListener.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...k/apollo/portal/spi/oidc/OidcLocalUserService.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...work/apollo/portal/spi/oidc/OidcLogoutHandler.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...ork/apollo/portal/spi/oidc/OidcUserInfoHolder.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9cc32f7...92f82f2. Read the comment docs.

[nobodyiam]

Please add the config file sample to config folder and also update the wiki so that users could know how to enable this feature.

[vdiskg]

Please add the config file sample to config folder and also update the wiki so that users could know how to enable this feature.

the updated wiki https://github.com/vdisk-group/apollo.wiki.git
how to create a PR of wiki?

[Anilople]

Please add the config file sample to config folder and also update the wiki so that users could know how to enable this feature.

the updated wiki https://github.com/vdisk-group/apollo.wiki.git
how to create a PR of wiki?

The file path docs/zh/development/portal-how-to-implement-user-login-function.md in git repository, update its content on this pull request.

[nobodyiam]

I don't have an openid connect environment on hand but the code looks okay to me.