Supported OAuth2 via Huawei (#2657)

- added JWT uri - updated UserInfo uri - set user-info-authentication-method - set scope as profile, since openId doesn't work
saveourtool · Oct 3, 2023 · d7d9722 · d7d9722
1 parent 2a57e82
commit d7d9722
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 5 deletions.
diff --git a/api-gateway/src/main/resources/application-dev.yml b/api-gateway/src/main/resources/application-dev.yml
@@ -18,8 +18,10 @@ spring:
           huawei:
             authorization-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/authorize
             token-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/token
-            user-info-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/userinfo
-            user-name-attribute: login
+            jwk-set-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/certs
+            user-info-uri: https://account.cloud.huawei.com/rest.php?nsp_svc=GOpen.User.getInfo
+            user-name-attribute: openID
+            user-info-authentication-method: post
           gitee:
             authorization-uri: https://gitee.com/oauth/authorize
             token-uri: https://gitee.com/oauth/token
@@ -45,13 +47,17 @@ spring:
             client-id: 943335421056-7ova0sgv6o4goapkripv8dk3ov4og6kc.apps.googleusercontent.com
             client-secret: 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
           huawei:
+            provider: huawei
             client-id: 108713087
             client-secret: 86d1ffd3035595ca33b49eeb1cbfb0b1f467ec7ed3e1245c0fb3c885c2fabb46
             redirect-uri: '${gateway.frontend.url}/{action}/oauth2/code/{registrationId}'
             authorization-grant-type: authorization_code
-            client-authentication-method: basic
-            # also can be profile, email
-            scope: openid
+            client-authentication-method: client_secret_post
+            # can be
+            #  - openid (doesn't work due to invalid_nonce)
+            #  - email (works but user allowed to not select to share an email)
+            #  - profile
+            scope: profile
           gitee:
             client-id: 6b7fc07ecdf7a12d9aa8e2aaf034743baa6f77e036dc22fe6455e02fcf51a851
             client-secret: 8908a8a4239c688af45a4db89ec27d4a7e7f5076dc3125b07b506de6414926a3

diff --git a/api-gateway/src/main/resources/application.yml b/api-gateway/src/main/resources/application.yml
@@ -97,6 +97,13 @@ spring:
             # until we have fixed https://github.com/saveourtool/save-cloud/issues/2336
             # (now we use sub as a default user-name-attribute)
             # ===================
+          huawei:
+            authorization-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/authorize
+            token-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/token
+            jwk-set-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/certs
+            user-info-uri: https://account.cloud.huawei.com/rest.php?nsp_svc=GOpen.User.getInfo
+            user-name-attribute: openID
+            user-info-authentication-method: post
           gitee:
             authorization-uri: https://gitee.com/oauth/authorize
             token-uri: https://gitee.com/oauth/token
@@ -107,6 +114,17 @@ spring:
             # https://docs.github.com/en/rest/reference/users#get-the-authenticated-user
             user-name-attribute: login
         registration:
+          huawei:
+            provider: huawei
+            # hardcoded as for gitee
+            redirect-uri: 'https://saveourtool.com/login/oauth2/code/huawei'
+            authorization-grant-type: authorization_code
+            client-authentication-method: client_secret_post
+            # can be
+            #  - openid (doesn't work due to invalid_nonce)
+            #  - email (works but user allowed to not select to share an email)
+            #  - profile
+            scope: profile
           gitee:
             client-name: Gitee
             provider: gitee

diff --git a/db/v-2/tables/original-login.xml b/db/v-2/tables/original-login.xml
@@ -38,4 +38,8 @@
         <addNotNullConstraint tableName="original_login" columnName="name" columnDataType="varchar(64)"/>
         <addNotNullConstraint tableName="original_login" columnName="source" columnDataType="varchar(64)" defaultNullValue="basic"/>
     </changeSet>
+
+    <changeSet id="increase-original-login-name" author="nulls">
+        <modifyDataType tableName="original_login" columnName="name" newDataType="varchar(255)"/>
+    </changeSet>
 </databaseChangeLog>
diff --git a/db/v-2/tables/user.xml b/db/v-2/tables/user.xml
@@ -117,4 +117,8 @@
         </sql>
     </changeSet>
 
+    <changeSet id="increase-user-name" author="nulls">
+        <modifyDataType tableName="user" columnName="name" newDataType="varchar(255)"/>
+    </changeSet>
+
 </databaseChangeLog>