From 3be04c211a23bbf272e2662e4575b8113fd925de Mon Sep 17 00:00:00 2001
From: Felix <23635466+its-felix@users.noreply.github.com>
Date: Wed, 23 Oct 2024 01:09:57 +0200
Subject: [PATCH] feat: always prompt the login screen at IDP when adding new
login provider
---
pom.xml | 2 +-
.../OAuth2ClientConfiguration.java | 40 +++++++++++++++++--
.../server/web/account/AccountController.java | 1 +
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0473038..77d2fd3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
com.gw2auth
oauth2-server
- 1.86.0
+ 1.87.0
jar
diff --git a/src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ClientConfiguration.java b/src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ClientConfiguration.java
index 99a6261..3fe9177 100644
--- a/src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ClientConfiguration.java
+++ b/src/main/java/com/gw2auth/oauth2/server/configuration/OAuth2ClientConfiguration.java
@@ -16,9 +16,7 @@
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
+import java.util.*;
@Configuration
@EnableConfigurationProperties(OAuth2ClientProperties.class)
@@ -41,11 +39,47 @@ public ClientRegistration findByRegistrationId(String registrationId) {
return Optional.ofNullable(uriComponents.getHost())
.flatMap((host) -> findBase(registrationId + "@" + host))
.or(() -> findBase(registrationId))
+ .map((v) -> maybeChangeAuthorizationURL(v, uriComponents))
.orElse(null);
}
private Optional findBase(String registrationId) {
return Optional.ofNullable(this.base.findByRegistrationId(registrationId));
}
+
+ private ClientRegistration maybeChangeAuthorizationURL(ClientRegistration base, UriComponents uriComponents) {
+ if (!Objects.equals(uriComponents.getQueryParams().getFirst("add"), "true")) {
+ return base;
+ }
+
+ return switch (base.getRegistrationId()) {
+ case "cognito" -> changeAuthorizationURLCognito(base);
+ case "github", "google" -> changeAuthorizationURLGitHubOrGoogle(base);
+ default -> base;
+ };
+ }
+
+ private ClientRegistration changeAuthorizationURLCognito(ClientRegistration base) {
+ // https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html
+ final String authorizationUri = UriComponentsBuilder.fromHttpUrl(base.getProviderDetails().getAuthorizationUri())
+ .replacePath("/logout")
+ .toUriString();
+
+ return ClientRegistration.withClientRegistration(base)
+ .authorizationUri(authorizationUri)
+ .build();
+ }
+
+ private ClientRegistration changeAuthorizationURLGitHubOrGoogle(ClientRegistration base) {
+ // https://developers.google.com/identity/openid-connect/openid-connect?hl=de#authenticationuriparameters
+ // https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity
+ final String authorizationUri = UriComponentsBuilder.fromHttpUrl(base.getProviderDetails().getAuthorizationUri())
+ .replaceQueryParam("prompt", "select_account")
+ .toUriString();
+
+ return ClientRegistration.withClientRegistration(base)
+ .authorizationUri(authorizationUri)
+ .build();
+ }
}
}
diff --git a/src/main/java/com/gw2auth/oauth2/server/web/account/AccountController.java b/src/main/java/com/gw2auth/oauth2/server/web/account/AccountController.java
index 295552f..fc8bd3e 100644
--- a/src/main/java/com/gw2auth/oauth2/server/web/account/AccountController.java
+++ b/src/main/java/com/gw2auth/oauth2/server/web/account/AccountController.java
@@ -43,6 +43,7 @@ public ResponseEntity addAccountFederation(@AuthenticationPrincipal Gw2Aut
.replacePath("/auth/oauth2/authorization/")
.path(provider)
.replaceQuery(null)
+ .queryParam("add", "true")
.build()
.toUri()
)