chore: add tenant to auth request (OIDC)

smarcet · smarcet · commit 34ffe6f07fed · 2025-11-05T12:56:22.000-03:00
diff --git a/app/Strategies/DisplayResponseUserAgentStrategy.php b/app/Strategies/DisplayResponseUserAgentStrategy.php
@@ -13,6 +13,7 @@
  **/
 
 use App\libs\Auth\SocialLoginProviders;
+use Illuminate\Support\Facades\Log;
 use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Redirect;
@@ -40,11 +41,12 @@ public function getConsentResponse(array $data = [])
     public function getLoginResponse(array $data = [])
     {
         $provider = $data["provider"] ?? null;
-
+        $provided_tenant = $data["tenant"] ?? '';
+        Log::debug("OAuth2LoginStrategy::getLogin", ['provider' => $provider , 'provided_tenant' => $provided_tenant]);
         if(!empty($provider)) {
             return redirect()->route('social_login', ['provider' => $provider]);
         }
-        $data['supported_providers'] = SocialLoginProviders::buildSupportedProviders();
+        $data['supported_providers'] = SocialLoginProviders::buildSupportedProviders($provided_tenant);
         return Response::view("auth.login", $data, 200);
     }
 
diff --git a/app/Strategies/OAuth2LoginStrategy.php b/app/Strategies/OAuth2LoginStrategy.php
@@ -15,9 +15,11 @@
 use App\libs\OAuth2\Strategies\ILoginHintProcessStrategy;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
+use OAuth2\Endpoints\AuthorizationEndpoint;
 use OAuth2\Factories\OAuth2AuthorizationRequestFactory;
 use OAuth2\OAuth2Message;
 use OAuth2\Requests\OAuth2AuthenticationRequest;
+use OAuth2\Requests\OAuth2AuthorizationRequest;
 use OAuth2\Services\IMementoOAuth2SerializerService;
 use Services\IUserActionService;
 use Utils\IPHelper;
@@ -52,12 +54,12 @@ public function __construct
     )
     {
         parent::__construct($user_action_service, $auth_service, $login_hint_process_strategy);
-        $this->memento_service          = $memento_service;
+        $this->memento_service = $memento_service;
     }
 
     public function getLogin()
     {
-        Log::debug(sprintf("OAuth2LoginStrategy::getLogin"));
+        Log::debug("OAuth2LoginStrategy::getLogin");
 
         if (!Auth::guest())
             return Redirect::action("UserController@getProfile");
@@ -70,10 +72,13 @@ public function getLogin()
             )
         );
 
+        Log::debug("OAuth2LoginStrategy::getLogin", ['auth_request' => (string)$auth_request ]);
+
         $response_strategy = DisplayResponseStrategyFactory::build($auth_request->getDisplay());
 
         return $response_strategy->getLoginResponse([
-            'provider' => $auth_request instanceof OAuth2AuthenticationRequest ? $auth_request->getProvider() : null
+            'provider' => $auth_request instanceof OAuth2AuthenticationRequest ? $auth_request->getProvider() : null,
+            'tenant' => $auth_request instanceof OAuth2AuthorizationRequest ? $auth_request->getTenant() : null
         ]);
     }
 
diff --git a/app/libs/Auth/SocialLoginProviders.php b/app/libs/Auth/SocialLoginProviders.php
@@ -48,12 +48,14 @@ public static function isSupportedProvider(string $provider): bool
     }
 
     /**
-     * @return string[]
+     * @param string $provided_tenant
+     * @return array
      */
-    public static function buildSupportedProviders(): array
+    public static function buildSupportedProviders(string $provided_tenant = ''): array
     {
+        Log::debug("SocialLoginProviders::buildSupportedProviders", ["provided_tenant" => $provided_tenant]);
         $res = [];
-        $tenant = trim(Request::get('tenant', ''));
+        $tenant = trim(Request::get('tenant', $provided_tenant));
         $allowed_3rd_party_providers = self::toList(
             Config::get("tenants.$tenant.allowed_3rd_party_providers", '')
         );
diff --git a/app/libs/OAuth2/OAuth2Protocol.php b/app/libs/OAuth2/OAuth2Protocol.php
@@ -147,6 +147,11 @@ final class OAuth2Protocol implements IOAuth2Protocol
         self::OAuth2Protocol_ResponseMode_Direct
     );
 
+    /**
+     * custom param
+     */
+    const Tenant = 'tenant';
+
     /**
      * http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
      *
diff --git a/app/libs/OAuth2/Requests/OAuth2AuthorizationRequest.php b/app/libs/OAuth2/Requests/OAuth2AuthorizationRequest.php
@@ -232,4 +232,8 @@ public function getCodeChallenge():?string{
     public function getCodeChallengeMethod():?string{
         return $this->getParam(OAuth2Protocol::PKCE_CodeChallengeMethod);
     }
+
+    public function getTenant():?string{
+        return $this->getParam(OAuth2Protocol::Tenant);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -232,4 +232,8 @@ public function getCodeChallenge():?string{`
`232`	`232`	`public function getCodeChallengeMethod():?string{`
`233`	`233`	`return $this->getParam(OAuth2Protocol::PKCE_CodeChallengeMethod);`
`234`	`234`	`}`
	`235`	`+`
	`236`	`+ public function getTenant():?string{`
	`237`	`+ return $this->getParam(OAuth2Protocol::Tenant);`
	`238`	`+ }`
`235`	`239`	`}`