Add upstream OAuth 2.0 providers name and branding

matrix-org · Nov 20, 2023 · 5126d36 · 5126d36
1 parent a5428f1
commit 5126d36
Show file tree

Hide file tree

Showing 21 changed files with 295 additions and 107 deletions.
diff --git a/crates/cli/src/commands/config.rs b/crates/cli/src/commands/config.rs
@@ -267,6 +267,8 @@ async fn sync(root: &super::Options, prune: bool, dry_run: bool) -> anyhow::Resu
                     provider.id,
                     UpstreamOAuthProviderParams {
                         issuer: provider.issuer,
+                        human_name: provider.human_name,
+                        brand_name: provider.brand_name,
                         scope: provider.scope.parse()?,
                         token_endpoint_auth_method,
                         token_endpoint_signing_alg,

diff --git a/crates/config/src/sections/upstream_oauth2.rs b/crates/config/src/sections/upstream_oauth2.rs
@@ -245,6 +245,22 @@ pub struct Provider {
     /// The OIDC issuer URL
     pub issuer: String,
 
+    /// A human-readable name for the provider, that will be shown to users
+    pub human_name: Option<String>,
+
+    /// A brand identifier used to customise the UI, e.g. `apple`, `google`,
+    /// `github`, etc.
+    ///
+    /// Values supported by the default template are:
+    ///
+    ///  - `apple`
+    ///  - `google`
+    ///  - `facebook`
+    ///  - `github`
+    ///  - `gitlab`
+    ///  - `twitter`
+    pub brand_name: Option<String>,
+
     /// The client ID to use when authenticating with the provider
     pub client_id: String,
 

diff --git a/crates/data-model/src/upstream_oauth2/provider.rs b/crates/data-model/src/upstream_oauth2/provider.rs
@@ -128,6 +128,8 @@ impl std::fmt::Display for PkceMode {
 pub struct UpstreamOAuthProvider {
     pub id: Ulid,
     pub issuer: String,
+    pub human_name: Option<String>,
+    pub brand_name: Option<String>,
     pub discovery_mode: DiscoveryMode,
     pub pkce_mode: PkceMode,
     pub jwks_uri_override: Option<Url>,

diff --git a/crates/handlers/src/upstream_oauth2/cache.rs b/crates/handlers/src/upstream_oauth2/cache.rs
@@ -491,6 +491,8 @@ mod tests {
         let provider = UpstreamOAuthProvider {
             id: Ulid::nil(),
             issuer: "https://valid.example.com/".to_owned(),
+            human_name: Some("Example Ltd.".to_owned()),
+            brand_name: None,
             discovery_mode: UpstreamOAuthProviderDiscoveryMode::Oidc,
             pkce_mode: UpstreamOAuthProviderPkceMode::Auto,
             jwks_uri_override: None,

diff --git a/crates/handlers/src/upstream_oauth2/link.rs b/crates/handlers/src/upstream_oauth2/link.rs
@@ -861,6 +861,8 @@ mod tests {
                 &state.clock,
                 UpstreamOAuthProviderParams {
                     issuer: "https://example.com/".to_owned(),
+                    human_name: Some("Example Ltd.".to_owned()),
+                    brand_name: None,
                     scope: Scope::from_iter([OPENID]),
                     token_endpoint_auth_method: OAuthClientAuthenticationMethod::None,
                     token_endpoint_signing_alg: None,

diff --git a/crates/handlers/src/views/login.rs b/crates/handlers/src/views/login.rs
@@ -351,6 +351,8 @@ mod test {
                 &state.clock,
                 UpstreamOAuthProviderParams {
                     issuer: "https://first.com/".to_owned(),
+                    human_name: Some("First Ltd.".to_owned()),
+                    brand_name: None,
                     scope: [OPENID].into_iter().collect(),
                     token_endpoint_auth_method: OAuthClientAuthenticationMethod::None,
                     token_endpoint_signing_alg: None,
@@ -383,6 +385,8 @@ mod test {
                 &state.clock,
                 UpstreamOAuthProviderParams {
                     issuer: "https://second.com/".to_owned(),
+                    human_name: Some("Second Ltd.".to_owned()),
+                    brand_name: None,
                     scope: [OPENID].into_iter().collect(),
                     token_endpoint_auth_method: OAuthClientAuthenticationMethod::None,
                     token_endpoint_signing_alg: None,
@@ -405,11 +409,11 @@ mod test {
         let response = state.request(Request::get("/login").empty()).await;
         response.assert_status(StatusCode::OK);
         response.assert_header_value(CONTENT_TYPE, "text/html; charset=utf-8");
-        assert!(response.body().contains(&escape_html("first.com/")));
+        assert!(response.body().contains(&escape_html("First Ltd.")));
         assert!(response
             .body()
             .contains(&escape_html(&first_provider_login.path_and_query())));
-        assert!(response.body().contains(&escape_html("second.com/")));
+        assert!(response.body().contains(&escape_html("Second Ltd.")));
         assert!(response
             .body()
             .contains(&escape_html(&second_provider_login.path_and_query())));

diff --git a/...rage-pg/.sqlx/query-1f131aa966a4358d83e7247d3e30451f8bcf5df20faf46a4a4c0d4a36d1ff173.json b/...rage-pg/.sqlx/query-1f131aa966a4358d83e7247d3e30451f8bcf5df20faf46a4a4c0d4a36d1ff173.json
diff --git a/...e882c90c0118ff77a92d2d93fe97dbd33233.json → ...a8cdf1d21f788a533477c233455c57a1b755.json b/...e882c90c0118ff77a92d2d93fe97dbd33233.json → ...a8cdf1d21f788a533477c233455c57a1b755.json
diff --git a/...rage-pg/.sqlx/query-311957a0b745660aa2a21b1bd211376739318efa1e84670e04189e1257d4a8ed.json b/...rage-pg/.sqlx/query-311957a0b745660aa2a21b1bd211376739318efa1e84670e04189e1257d4a8ed.json
diff --git a/...rage-pg/.sqlx/query-4668abf6520ecca2fa71a26b02d206600624bbba57985d4a7fba2763478cd065.json b/...rage-pg/.sqlx/query-4668abf6520ecca2fa71a26b02d206600624bbba57985d4a7fba2763478cd065.json
diff --git a/...rage-pg/.sqlx/query-75b58c1b7f4e26997e961ad64418938938f09b3215a9b14f7edb3dd91cdf2dd5.json b/...rage-pg/.sqlx/query-75b58c1b7f4e26997e961ad64418938938f09b3215a9b14f7edb3dd91cdf2dd5.json