feat: add azure provider templates (#5441)

Adds possibility to manage and use Microsoft Azure template based providers
2025-08-12 08:57:35 +00:00 · 2023-03-15 07:48:37 +01:00
parent 93e1fe0056
commit 5a307afe62
30 changed files with 2843 additions and 60 deletions
--- a/internal/idp/providers/azuread/session_test.go
+++ b/internal/idp/providers/azuread/session_test.go
@@ -25,6 +25,7 @@ func TestSession_FetchUser(t *testing.T) {
 		clientID     string
 		clientSecret string
 		redirectURI  string
+		scopes       []string
 		httpMock     func()
 		options      []ProviderOptions
 		authURL      string
@@ -61,7 +62,7 @@ func TestSession_FetchUser(t *testing.T) {
 				redirectURI:  "redirectURI",
 				httpMock: func() {
 					gock.New("https://graph.microsoft.com").
-						Get("/oidc/userinfo").
+						Get("/v1.0/me").
 						Reply(200).
 						JSON(userinfo())
 				},
@@ -82,7 +83,7 @@ func TestSession_FetchUser(t *testing.T) {
 				redirectURI:  "redirectURI",
 				httpMock: func() {
 					gock.New("https://graph.microsoft.com").
-						Get("/oidc/userinfo").
+						Get("/v1.0/me").
 						Reply(http.StatusInternalServerError)
 				},
 				authURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email&state=testState",
@@ -119,7 +120,7 @@ func TestSession_FetchUser(t *testing.T) {
 				redirectURI:  "redirectURI",
 				httpMock: func() {
 					gock.New("https://graph.microsoft.com").
-						Get("/oidc/userinfo").
+						Get("/v1.0/me").
 						Reply(200).
 						JSON(userinfo())
 				},
@@ -145,16 +146,20 @@ func TestSession_FetchUser(t *testing.T) {
 			},
 			want: want{
 				user: &User{
-					Sub:               "sub",
-					FamilyName:        "lastname",
-					GivenName:         "firstname",
-					Name:              "firstname lastname",
-					PreferredUsername: "username",
+					ID:                "id",
+					BusinessPhones:    []domain.PhoneNumber{"phone1", "phone2"},
+					DisplayName:       "firstname lastname",
+					FirstName:         "firstname",
+					JobTitle:          "title",
 					Email:             "email",
-					Picture:           "picture",
+					MobilePhone:       "mobile",
+					OfficeLocation:    "office",
+					PreferredLanguage: "en",
+					LastName:          "lastname",
+					UserPrincipalName: "username",
 					isEmailVerified:   false,
 				},
-				id:                "sub",
+				id:                "id",
 				firstName:         "firstname",
 				lastName:          "lastname",
 				displayName:       "firstname lastname",
@@ -164,8 +169,7 @@ func TestSession_FetchUser(t *testing.T) {
 				isEmailVerified:   false,
 				phone:             "",
 				isPhoneVerified:   false,
-				preferredLanguage: language.Und,
-				avatarURL:         "picture",
+				preferredLanguage: language.English,
 				profile:           "",
 			},
 		},
@@ -180,7 +184,7 @@ func TestSession_FetchUser(t *testing.T) {
 				},
 				httpMock: func() {
 					gock.New("https://graph.microsoft.com").
-						Get("/oidc/userinfo").
+						Get("/v1.0/me").
 						Reply(200).
 						JSON(userinfo())
 				},
@@ -206,16 +210,20 @@ func TestSession_FetchUser(t *testing.T) {
 			},
 			want: want{
 				user: &User{
-					Sub:               "sub",
-					FamilyName:        "lastname",
-					GivenName:         "firstname",
-					Name:              "firstname lastname",
-					PreferredUsername: "username",
+					ID:                "id",
+					BusinessPhones:    []domain.PhoneNumber{"phone1", "phone2"},
+					DisplayName:       "firstname lastname",
+					FirstName:         "firstname",
+					JobTitle:          "title",
 					Email:             "email",
-					Picture:           "picture",
+					MobilePhone:       "mobile",
+					OfficeLocation:    "office",
+					PreferredLanguage: "en",
+					LastName:          "lastname",
+					UserPrincipalName: "username",
 					isEmailVerified:   true,
 				},
-				id:                "sub",
+				id:                "id",
 				firstName:         "firstname",
 				lastName:          "lastname",
 				displayName:       "firstname lastname",
@@ -225,8 +233,7 @@ func TestSession_FetchUser(t *testing.T) {
 				isEmailVerified:   true,
 				phone:             "",
 				isPhoneVerified:   false,
-				preferredLanguage: language.Und,
-				avatarURL:         "picture",
+				preferredLanguage: language.English,
 				profile:           "",
 			},
 		},
@@ -237,7 +244,7 @@ func TestSession_FetchUser(t *testing.T) {
 			tt.fields.httpMock()
 			a := assert.New(t)

-			provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.options...)
+			provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)
 			require.NoError(t, err)

 			session := &oauth.Session{
@@ -272,15 +279,18 @@ func TestSession_FetchUser(t *testing.T) {
 	}
 }

-func userinfo() oidc.UserInfoSetter {
-	userinfo := oidc.NewUserInfo()
-	userinfo.SetSubject("sub")
-	userinfo.SetName("firstname lastname")
-	userinfo.SetPreferredUsername("username")
-	userinfo.SetNickname("nickname")
-	userinfo.SetEmail("email", false) // azure add does not send the email_verified claim
-	userinfo.SetPicture("picture")
-	userinfo.SetGivenName("firstname")
-	userinfo.SetFamilyName("lastname")
-	return userinfo
+func userinfo() *User {
+	return &User{
+		ID:                "id",
+		BusinessPhones:    []domain.PhoneNumber{"phone1", "phone2"},
+		DisplayName:       "firstname lastname",
+		FirstName:         "firstname",
+		JobTitle:          "title",
+		Email:             "email",
+		MobilePhone:       "mobile",
+		OfficeLocation:    "office",
+		PreferredLanguage: "en",
+		LastName:          "lastname",
+		UserPrincipalName: "username",
+	}
 }