tusaryan opened a new pull request, #17340: URL: https://github.com/apache/dolphinscheduler/pull/17340
<!--Thanks very much for contributing to Apache DolphinScheduler, we are happy that you want to help us improve DolphinScheduler! --> ## Purpose of the pull request This pull request introduces the core backend components for OIDC authentication as outlined in [DSIP-88](https://github.com/apache/dolphinscheduler/issues/17171). It establishes the foundational configuration structure and the primary `OidcAuthenticator` service responsible for handling the OIDC protocol interactions. This initial PR focuses exclusively on the backend authentication logic, ensuring a clean and reviewable submission that is fully unit-tested. Closes: #17171 (Part 1) <!--(For example: This pull request adds checkstyle plugin).--> ## Brief change log <!--*(for example:)* - *Add maven-checkstyle-plugin to root pom.xml* --> - **Feature:** Added new configuration classes (`OidcConfigProperties`, `OidcProviderConfig`, `OidcUserConfig`) to load OIDC settings from `application.yaml`. - **Feature:** Implemented the `OidcAuthenticator` class, which uses the Nimbus SDK to handle OIDC discovery, token exchange, and user information retrieval. - **Enhancement:** Updated `AuthenticationType.java` to include `OIDC` as a new authentication method. - **Enhancement:** Modified `SecurityConfig.java` to instantiate the `OidcAuthenticator` when the authentication type is set to `OIDC`. - **Config:** Added a default OIDC configuration section to `application.yaml` to enable the feature and provide an example. - **Test:** Added `OidcConfigPropertiesTest.java` to verify that OIDC configuration is loaded correctly from test properties. - **Test:** Added `SecurityConfigOidcTest.java` to ensure the correct authenticator bean is created when `security.authentication.type` is `OIDC`. - **Test:** Added `OidcAuthenticatorTest.java` to unit test the core logic of the `OidcAuthenticator`, including state validation, token exchange, and user creation/lookup. ## Verify this pull request <!--*(Please pick either of the following options)*--> This change is covered by new unit tests that verify the configuration loading, authenticator bean creation, and core authentication logic: - **`OidcConfigPropertiesTest.java`**: Confirms that all properties under `security.authentication.oidc` are correctly mapped to the `OidcConfigProperties` bean. - **`SecurityConfigOidcTest.java`**: Ensures that the `OidcAuthenticator` is correctly injected as the primary `Authenticator` bean when the configuration is active. - **`OidcAuthenticatorTest.java`**: Mocks the OIDC flow to verify internal authenticator logic, including user role mapping and auto-provisioning. <!--*(example:)* - *Added dolphinscheduler-dao tests for end-to-end.* - *Added CronUtilsTest to verify the change.* - *Manually verified the change by testing locally.* --> ## Pull Request Notice [Pull Request Notice](https://github.com/apache/dolphinscheduler/blob/dev/docs/docs/en/contribute/join/pull-request.md) If your pull request contains incompatible change, you should also add it to `docs/docs/en/guide/upgrade/incompatible.md` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
