Introduce customizable URL fragments for PingIdentity (#2192)

Add a set of customizable palces where the URL fragments used after the instance URI. The original hard-coded values are now the defaults for the environment variables if no value is set.
Kitware · May 3, 2024 · e03f882 · e03f882
1 parent 8d8af21
commit e03f882
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 8 deletions.
diff --git a/config/services.php b/config/services.php
@@ -49,6 +49,9 @@
         'client_secret' => env('PINGIDENTITY_CLIENT_SECRET'),
         'redirect' => env('APP_URL').'/auth/pingidentity/callback',
         'instance_uri' => env('PINGIDENTITY_DOMAIN'),
+        'auth_endpoint' => env('PINGIDENTITY_AUTH_ENDPOINT', '/as/authorization.oauth2'),
+        'token_endpoint'=> env('PINGIDENTITY_TOKEN_ENDPOINT', '/as/token.oauth2'),
+        'user_endpoint'=> env('PINGIDENTITY_USER_ENDPOINT', '/idp/userinfo.openid'),
         'enable' => env('PINGIDENTITY_ENABLE', false),
         'autoregister' => env('PINGIDENTITY_AUTO_REGISTER_NEW_USERS', false),
         'oauth' => true,

diff --git a/docs/authentication.md b/docs/authentication.md
@@ -101,10 +101,13 @@ Begin by [creating OAuth2 client in your PingIdentity console](https://docs.ping
 
 | Variable | Description | Default |
 | -------- |------------ | ------- |
-| PINGIDENTITY_ENABLE | Whether or not to use Google as an OAuth2 provider. | false |
-| PINGIDENTITY_CLIENT_ID | The client ID from your Google OAuth2 credentials. | '' |
-| PINGIDENTITY_CLIENT_SECRET | The client secret from your Google OAuth2 credentials. | '' |
-| PINGIDENTITY_DOMAIN | The GitLab server to authenticate against. | https://auth.pingone.com/ |
+| PINGIDENTITY_ENABLE | Whether or not to use PingIdentity as an OAuth2 provider. | false |
+| PINGIDENTITY_CLIENT_ID | The client ID from your PingIdentity OAuth2 credentials. | '' |
+| PINGIDENTITY_CLIENT_SECRET | The client secret from your PingIdentity OAuth2 credentials. | '' |
+| PINGIDENTITY_DOMAIN | The PingIdentity server to authenticate against. | https://auth.pingone.com |
+| PINGIDENTITY_AUTH_ENDPOINT |  The URL fragment to the endpoint to ask for Authorization | '/as/authorization.oauth2' |
+| PINGIDENTITY_TOKEN_ENDPOINT | The URL fragment to the endpoint to ask for the Token | '/as/token.oauth2' |
+| PINGIDENTITY_USER_ENDPOINT | The URL fragment to the endpoint to ask for the user's information with the token | '/idp/userinfo.openid' |
 | PINGIDENTITY_AUTO_REGISTER_NEW_USERS | Whether to automatically register a new user or provide them the Registration form | false
 
 ## SAML2

diff --git a/resources/providers/PingIdentity/Provider.php b/resources/providers/PingIdentity/Provider.php
@@ -30,7 +30,7 @@ class Provider extends AbstractProvider
      */
     protected function getAuthUrl($state): string
     {
-        $auth_url = $this->buildAuthUrlFromBase($this->getInstanceUri().'/as/authorization.oauth2', $state);
+        $auth_url = $this->buildAuthUrlFromBase($this->getInstanceUri().$this->getAuthEndpoint(), $state);
         $auth_url .= "&acr_values=Single_Factor&prompt=login";
         return $auth_url;
     }
@@ -40,7 +40,7 @@ protected function getAuthUrl($state): string
      */
     protected function getTokenUrl(): string
     {
-        return $this->getInstanceUri() . '/as/token.oauth2?acr_values=Single_Factor&prompt=login';
+        return $this->getInstanceUri() . $this->getTokenEndpoint() . '?acr_values=Single_Factor&prompt=login';
     }
 
     /**
@@ -55,6 +55,32 @@ protected function mapUserToObject(array $user): \Laravel\Socialite\Two\User
         ]);
     }
 
+    /**
+     * Get the URL fragment that represents the auth endpoint for the provider.
+     */
+    protected function getAuthEndpoint(): string
+    {
+        return $this->getConfig('auth_endpoint');
+    }
+
+
+    /**
+     * GGet the URL fragment that represents the token endpoint for the provider.
+     */
+    protected function getTokenEndpoint(): string
+    {
+        return $this->getConfig('token_endpoint');
+    }
+
+
+    /**
+     * Get the URL fragment that represents the user endpoint for the provider.
+     */
+    protected function getUserEndpoint(): string
+    {
+        return $this->getConfig('user_endpoint');
+    }
+
     /**
      * Get the Instance URL for the provider.
      */
@@ -71,7 +97,7 @@ protected function getInstanceUri(): string
      */
     protected function getUserByToken($token): array
     {
-        $response = $this->getHttpClient()->get($this->getInstanceUri() . '/idp/userinfo.openid', [
+        $response = $this->getHttpClient()->get($this->getInstanceUri() . $this->getUserEndpoint(), [
             RequestOptions::HEADERS => [
                 'Authorization' => "Bearer $token",
             ],
@@ -86,6 +112,6 @@ protected function getUserByToken($token): array
      */
     public static function additionalConfigKeys(): array
     {
-        return ['instance_uri'];
+        return ['instance_uri', 'auth_endpoint', 'token_endpoint', 'user_endpoint'];
     }
 }