cxf-fediz git commit: Add configurable scope

[co...@apache.org]

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 706971b73 -> da3964183


Add configurable scope


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/da396418
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/da396418
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/da396418

Branch: refs/heads/master
Commit: da39641839b909614b1ea52ba75475a7fac333fb
Parents: 706971b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 29 14:59:49 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 29 14:59:49 2016 +0000

----------------------------------------------------------------------
 .../TrustedIdpOIDCProtocolHandler.java          | 21 +++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/da396418/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index cb7fc52..cbe386e 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -110,6 +110,12 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
      */
     public static final String SUBJECT_CLAIM = "subject.claim";
     
+    /**
+     * Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint.
+     * Fediz will automatically use "openid" for this value. 
+     */
+    public static final String SCOPE = "scope";
+    
     public static final String PROTOCOL = "openid-connect-1.0";
 
     private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpOIDCProtocolHandler.class);
@@ -134,6 +140,19 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
             throw new IllegalStateException("No CLIENT_ID specified");
         }
         
+        String scope = getProperty(trustedIdp, SCOPE);
+        if (scope != null) {
+            scope = scope.trim();
+            if (!scope.startsWith("openid")) {
+                scope = "openid " + scope;
+            }
+        }
+        
+        if (scope == null || scope.isEmpty()) {
+            scope = "openid";
+        }
+        LOG.debug("Using scope: {}", scope);
+        
         try {
             StringBuilder sb = new StringBuilder();
             sb.append(trustedIdp.getUrl());
@@ -148,7 +167,7 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
             sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
             sb.append("&");
             sb.append("scope").append('=');
-            sb.append("openid");
+            sb.append(URLEncoder.encode(scope, "UTF-8"));
             
             String state = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
             sb.append("&").append("state").append('=');