feat: make OAuth2 configuration optional

[svor]

This pull request introduces several changes to enable and check OAuth2 support in the application. The key changes include adding methods to check OAuth2 status, modifying the security configuration, and updating the web UI to reflect OAuth2 status.

In case when OAuth2 is not configured Publish and Log In buttons are hidden and we have like readonly mode:

Related issue: #1041

Web version:

Mobile version:

What I did to test how it works

1. Remove from openvsx/server/src/dev/resources/application.yml this block:

  security:
      oauth2:
        client:
          registration:
            eclipse:
              authorization-grant-type: authorization_code
              redirect-uri: http://localhost/login/oauth2/code/eclipse
              scope: openvsx_publisher_agreement, profile
          provider:
            eclipse:
              authorization-uri: https://accounts.eclipse.org/oauth2/authorize
              token-uri: https://accounts.eclipse.org/oauth2/token
              user-info-uri: https://accounts.eclipse.org/oauth2/UserInfo
              user-name-attribute: name
              user-info-authentication-method: header

2. Remove from openvsx/server/scripts/generate-properties.sh part that generates OAuth props:

# Set the GitHub OAuth client id and client secret
echo "spring.security.oauth2.client.registration.github.client-id=${GITHUB_CLIENT_ID:-none}" >> $OVSX_APP_PROFILE
echo "spring.security.oauth2.client.registration.github.client-secret=${GITHUB_CLIENT_SECRET:-none}" >> $OVSX_APP_PROFILE
if [ -n "$GITHUB_CLIENT_ID" ] && [ -n "$GITHUB_CLIENT_SECRET" ]
then
    echo "GitHub OAuth is enabled."
fi

# Set the Eclipse OAuth client id and client secret
echo "spring.security.oauth2.client.registration.eclipse.client-id=${ECLIPSE_CLIENT_ID:-none}" >> $OVSX_APP_PROFILE
echo "spring.security.oauth2.client.registration.eclipse.client-secret=${ECLIPSE_CLIENT_SECRET:-none}" >> $OVSX_APP_PROFILE
if [ -n "$ECLIPSE_CLIENT_ID" ] && [ -n "$ECLIPSE_CLIENT_SECRET" ]
then
    echo "ovsx.eclipse.publisher-agreement.version=1" >> $OVSX_APP_PROFILE
    echo "ovsx.publishing.require-license=true" >> $OVSX_APP_PROFILE
    echo "Eclipse OAuth is enabled."
fi

3. Build and run all components
4. The application should run without errors and on the UI no PUBLISH and Log In buttons but it's possible to publish extensions via ovsx cli

[svor]

@amvanbaren Here is my response to the comment #1056 (comment)

the Publish and Login buttons would not be displayed in the UI by default

No, that would be a breaking change. open-vsx.org and other deployments expect the Publish and Login buttons to be displayed by default.

The configuration for open-vsx.org and other deployments includes OAuth2. The UI will remain unchanged since isOAuth2Enabled returns true - Publish and Login buttons will be displayed by default as usual.

But for the new instances only if they will be configured without OAuth2 configuration, Publish and Login buttons would not be displayed in the UI by default. And it makes it possible to run OpenVSX instance without dummy GH OAuth2 configuration.

About a slight glitch, I tested current changes on gitpod and this is what I see:
When OAuth2 is configured in application.yaml

no_oauth.mp4

When OAuth2 is NOT configured in application.yaml and application-ovsx.properties

no_oauth.mp4

How can I switch to the dark theme?

[amvanbaren]

How can I switch to the black theme?

By selecting dark mode in your browser.

[svor]

By selecting dark mode in your browser.

I can see the glitch after refreshing now:

screencast-nimbusweb_me-2024_12_10-15_15_52.mp4

I'll try to find a way how to fix that.

@amvanbaren do you happen to have any suggestions or ideas?

[svor]

@amvanbaren I ran the OpenVSX registry without my changes from the master branch on gitpod and I see the same behavior. It seems the issue is not caused by my changes:

screencast-nimbusweb_me-2024_12_10-16_33_57.mp4

[amvanbaren]

@svor I've narrowed the scope of this PR by checking if a user can login instead of whether oauth is enabled.

[svor]

@amvanbaren Thank you, changes look good!
I've deployed registry on OpenShift and tested it with and without GH OAuth2 configuration:

Without OAuth:

With OAuth:

screencast-nimbusweb_me-2024_12_11-13_59_47.mp4

[svor]

Hell @amvanbaren,
Can this PR be merged?