feat: Add Kanidm generic provider (#1155)

Co-authored-by: Lucas Michot <[email protected]>

monorepo-builder.yml

@@ -94,6 +94,7 @@ parameters:
     src/Jira: '[email protected]:SocialiteProviders/Jira.git'
     src/JumpCloud: '[email protected]:SocialiteProviders/JumpCloud.git'
     src/Kakao: '[email protected]:SocialiteProviders/Kakao.git'
+    src/Kanidm: '[email protected]:SocialiteProviders/Kanidm.git'
     src/Keycloak: '[email protected]:SocialiteProviders/Keycloak.git'
     src/LaravelPassport: '[email protected]:SocialiteProviders/Laravel-Passport.git'
     src/Lichess: '[email protected]:SocialiteProviders/Lichess.git'

src/Kanidm/KanidmExtendSocialite.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace SocialiteProviders\Kanidm;
+
+use SocialiteProviders\Manager\SocialiteWasCalled;
+
+class KanidmExtendSocialite
+{
+    public function handle(SocialiteWasCalled $socialiteWasCalled): void
+    {
+        $socialiteWasCalled->extendSocialite('kanidm', Provider::class);
+    }
+}

src/Kanidm/Provider.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace SocialiteProviders\Kanidm;
+
+use GuzzleHttp\RequestOptions;
+use InvalidArgumentException;
+use SocialiteProviders\Manager\OAuth2\AbstractProvider;
+use SocialiteProviders\Manager\OAuth2\User;
+
+class Provider extends AbstractProvider
+{
+    public const IDENTIFIER = 'KANIDM';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $scopes = [
+        'email',
+        'openid',
+        'profile',
+    ];
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $scopeSeparator = ' ';
+
+    /**
+     * Get the base URL.
+     *
+     * @return string
+     *
+     * @throws \InvalidArgumentException
+     */
+    protected function getBaseUrl(): string
+    {
+        $baseUrl = $this->getConfig('base_url');
+
+        if ($baseUrl === null) {
+            throw new InvalidArgumentException('Missing base URL value.');
+        }
+
+        return $baseUrl;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function additionalConfigKeys(): array
+    {
+        return ['base_url'];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getAuthUrl($state): string
+    {
+        return $this->buildAuthUrlFromBase($this->getBaseUrl().'/ui/oauth2', $state);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getTokenUrl(): string
+    {
+        return $this->getBaseUrl().'/oauth2/token';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getUserByToken($token)
+    {
+        $uri = "{$this->getBaseUrl()}/oauth2/openid/{$this->clientId}/userinfo";
+
+        $response = $this->getHttpClient()->get($uri, [
+            RequestOptions::HEADERS => [
+                'Authorization' => 'Bearer '.$token,
+            ],
+        ]);
+
+        return json_decode((string) $response->getBody(), true);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function mapUserToObject(array $user)
+    {
+        return (new User)->setRaw($user)->map([
+            'id'       => $user['sub'],
+            'nickname' => $user['preferred_username'],
+            'name'     => trim(($user['given_name'] ?? '').' '.($user['family_name'] ?? '')),
+            'email'    => $user['email'],
+            'avatar'   => null,
+        ]);
+    }
+}

src/Kanidm/README.md

@@ -0,0 +1,58 @@
+# Kanidm
+
+```bash
+composer require socialiteproviders/kanidm
+```
+
+## Installation & Basic Usage
+
+Please see the [Base Installation Guide](https://socialiteproviders.com/usage/), then follow the provider specific instructions below.
+
+### Add configuration to `config/services.php`
+
+```php
+'kanidm' => [
+  'client_id' => env('KANIDM_CLIENT_ID'),
+  'client_secret' => env('KANIDM_CLIENT_SECRET'),
+  'redirect' => env('KANIDM_REDIRECT_URI'),
+  'base_url' => env('KANIDM_BASE_URL'),
+],
+```
+
+### Add base URL to `.env`
+
+Kanidm may require you to autorize against a custom URL, which you may provide as the base URL.
+
+```bash
+KANIDM_BASE_URL=https://idm.example.com/
+```
+
+### Add provider event listener
+
+Configure the package's listener to listen for `SocialiteWasCalled` events.
+
+Add the event to your `listen[]` array in `app/Providers/EventServiceProvider`. See the [Base Installation Guide](https://socialiteproviders.com/usage/) for detailed instructions.
+
+```php
+protected $listen = [
+    \SocialiteProviders\Manager\SocialiteWasCalled::class => [
+        // ... other providers
+        \SocialiteProviders\Kanidm\KanidmExtendSocialite::class.'@handle',
+    ],
+];
+```
+
+### Usage
+
+You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):
+
+```php
+return Socialite::driver('kanidm')->redirect();
+```
+
+### Returned User fields
+
+- ``id``
+- ``nickname``
+- ``name``
+- ``email``

src/Kanidm/composer.json

@@ -0,0 +1,33 @@
+{
+    "name": "socialiteproviders/kanidm",
+    "description": "Kanidm OAuth2 Provider for Laravel Socialite",
+    "license": "MIT",
+    "keywords": [
+        "kanidm",
+        "laravel",
+        "oauth",
+        "provider",
+        "socialite"
+    ],
+    "authors": [
+        {
+            "name": "Tom Hubrecht",
+            "email": "[email protected]"
+        }
+    ],
+    "support": {
+        "issues": "https://github.com/socialiteproviders/providers/issues",
+        "source": "https://github.com/socialiteproviders/providers",
+        "docs": "https://socialiteproviders.com/kanidm"
+    },
+    "require": {
+        "php": "^8.0",
+        "ext-json": "*",
+        "socialiteproviders/manager": "^4.4"
+    },
+    "autoload": {
+        "psr-4": {
+            "SocialiteProviders\\Kanidm\\": ""
+        }
+    }
+}