tusaryan opened a new pull request, #17341:
URL: https://github.com/apache/dolphinscheduler/pull/17341
This pull request integrates the OIDC authentication flow into the
`LoginController`, exposing the feature via REST endpoints. It introduces the
necessary endpoints to initiate the OIDC login redirect and handle the callback
from the identity provider.
Upon successful authentication via the `OidcAuthenticator`, this PR ensures
a user session is created using the existing `SessionService`, fully enabling
OIDC as a valid login method.
Closes: #17171 (Part 2)
<!--Thanks very much for contributing to Apache DolphinScheduler, we are
happy that you want to help us improve DolphinScheduler! -->
## Purpose of the pull request
<!--(For example: This pull request adds checkstyle plugin).-->
## Brief change log
<!--*(for example:)*
- *Add maven-checkstyle-plugin to root pom.xml*
-->
- **Feature:** Added the `/oauth2/authorization/{providerId}` endpoint in
`LoginController` to initiate the OIDC login flow and redirect users to the
Identity Provider.
- **Feature:** Added the `/login/oauth2/code/{providerId}` endpoint in
`LoginController` to handle the callback from the OIDC provider, process the
authorization code, and create a user session.
- **Feature:** Added the `/oidc-providers` endpoint to `LoginController` to
expose the list of configured providers to the UI.
- **Enhancement:** Updated `AppConfiguration.java` to exclude the new OIDC
endpoints from the `LoginHandlerInterceptor`, allowing unauthenticated access
for the login process.
- **Test:** Added `LoginControllerOidcTest.java` to provide comprehensive
unit tests for the new OIDC endpoints, mocking the `OidcAuthenticator` and
`SessionService` to verify redirect logic, error handling, and successful
session creation.
- **Test:** Updated `LoginControllerTest.java` to ensure existing
password-based login functionality remains unaffected.
## Verify this pull request
<!--*(Please pick either of the following options)*-->
This change is covered by new and updated unit tests:
- **`LoginControllerOidcTest.java`**: Mocks the entire OIDC login flow to
test the controller logic, including successful login, error callbacks from the
IdP, and internal authentication failures.
- **`LoginControllerTest.java`**: Ensures no regressions in existing login
functionalities.
<!--*(example:)*
- *Added dolphinscheduler-dao tests for end-to-end.*
- *Added CronUtilsTest to verify the change.*
- *Manually verified the change by testing locally.* -->
## Pull Request Notice
[Pull Request
Notice](https://github.com/apache/dolphinscheduler/blob/dev/docs/docs/en/contribute/join/pull-request.md)
If your pull request contains incompatible change, you should also add it to
`docs/docs/en/guide/upgrade/incompatible.md`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
