From f571d6ccd1107fb8eb63cf205095ee73d759969b Mon Sep 17 00:00:00 2001 From: jack-r-hong Date: Fri, 6 Dec 2024 20:59:13 +0800 Subject: [PATCH 1/3] feat: add support for Line v2.1 OIDC provider and update related configurations Update provider_line_2_1.go --- embedx/config.schema.json | 3 +- selfservice/strategy/oidc/provider_config.go | 1 + .../strategy/oidc/provider_line_2_1.go | 37 +++++++++++++++++++ .../oidc/provider_private_net_test.go | 1 + 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 selfservice/strategy/oidc/provider_line_2_1.go diff --git a/embedx/config.schema.json b/embedx/config.schema.json index 5fcf826f4c2a..f5e2e7d5cd3c 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -460,7 +460,8 @@ "linkedin", "linkedin_v2", "lark", - "x" + "x", + "line_v2_1" ], "examples": ["google"] }, diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index 7b580f9bc10b..3ca71170d74c 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -177,6 +177,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies "patreon": NewProviderPatreon, "lark": NewProviderLark, "x": NewProviderX, + "line_v2_1": NewProviderLineV21, } func (c ConfigurationCollection) Provider(id string, reg Dependencies) (Provider, error) { diff --git a/selfservice/strategy/oidc/provider_line_2_1.go b/selfservice/strategy/oidc/provider_line_2_1.go new file mode 100644 index 000000000000..8d0fadffef5a --- /dev/null +++ b/selfservice/strategy/oidc/provider_line_2_1.go @@ -0,0 +1,37 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package oidc + +import ( + "context" + + "golang.org/x/oauth2" +) + +type ProviderLineV21 struct { + *ProviderGenericOIDC +} + +func NewProviderLineV21( + config *Configuration, + reg Dependencies, +) Provider { + return &ProviderLineV21{ + &ProviderGenericOIDC{ + config: config, + reg: reg, + }, + } +} + +func (g *ProviderLineV21) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { + o, err := g.ProviderGenericOIDC.OAuth2(ctx) + // Line login requires adding id_token_key_type=JWK when getting the token in order to issue an HS256 token. + opts = append(opts, oauth2.SetAuthURLParam("id_token_key_type", "JWK")) + + token, err := o.Exchange(ctx, code, opts...) + + return token, err + +} diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go index 0505a3e19626..33e26bd14b54 100644 --- a/selfservice/strategy/oidc/provider_private_net_test.go +++ b/selfservice/strategy/oidc/provider_private_net_test.go @@ -86,6 +86,7 @@ func TestProviderPrivateIP(t *testing.T) { // Yandex uses a fixed token URL and does not use the issuer. // NetID uses a fixed token URL and does not use the issuer. // X uses a fixed token URL and userinfoRL and does not use the issuer value. + // Line v2.1 uses a fixed token URL and does not use the issuer. } { t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { p := tc.p(tc.c) From ba27d361f76c4c7bbb6770dfdc2ee54a2f8b2fe4 Mon Sep 17 00:00:00 2001 From: jack-r-hong Date: Fri, 6 Dec 2024 21:27:49 +0800 Subject: [PATCH 2/3] fix: handle error during OAuth2 token exchange in Line v2.1 provider --- selfservice/strategy/oidc/provider_line_2_1.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/selfservice/strategy/oidc/provider_line_2_1.go b/selfservice/strategy/oidc/provider_line_2_1.go index 8d0fadffef5a..777ce678b1b1 100644 --- a/selfservice/strategy/oidc/provider_line_2_1.go +++ b/selfservice/strategy/oidc/provider_line_2_1.go @@ -27,6 +27,10 @@ func NewProviderLineV21( func (g *ProviderLineV21) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { o, err := g.ProviderGenericOIDC.OAuth2(ctx) + + if err != nil { + return nil, err + } // Line login requires adding id_token_key_type=JWK when getting the token in order to issue an HS256 token. opts = append(opts, oauth2.SetAuthURLParam("id_token_key_type", "JWK")) From 87488c75c55d4dbb36ab84335e64b40a13179231 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Thu, 2 Jan 2025 10:34:21 +0100 Subject: [PATCH 3/3] Apply suggestions from code review --- embedx/config.schema.json | 2 +- selfservice/strategy/oidc/provider_config.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/embedx/config.schema.json b/embedx/config.schema.json index f5e2e7d5cd3c..0b3c198f265b 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -461,7 +461,7 @@ "linkedin_v2", "lark", "x", - "line_v2_1" + "line" ], "examples": ["google"] }, diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index 3ca71170d74c..d4967d9eb550 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -177,7 +177,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies "patreon": NewProviderPatreon, "lark": NewProviderLark, "x": NewProviderX, - "line_v2_1": NewProviderLineV21, + "line": NewProviderLineV21, } func (c ConfigurationCollection) Provider(id string, reg Dependencies) (Provider, error) {