From 1569747bd02f974f6fd17980f5de38a870156423 Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Tue, 15 Nov 2022 13:28:09 +0100
Subject: [PATCH] api-docs: extract the keycloak settings from the generic oidc
 config

In the future we plan to replace the keycloak specific web component used
in the API docs with a generic OIDC one. For this the auth bundle has now
started to set new global twig variables containing OIDC config and the keycloak
variabels are now deprecated.

In case we find the keycloak variables we will still use them, but if not
we will extract them from the OIDC url. This depends on the URL containing
a "/realms/" path element.

Once we move away from keycloak in the core we can remove this hack.
---
 .../SwaggerUi/index.html.twig                 | 12 ++--
 src/Resources/public/index.js                 | 55 +++++++++++++++++--
 2 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/src/Resources/ApiPlatformBundle/SwaggerUi/index.html.twig b/src/Resources/ApiPlatformBundle/SwaggerUi/index.html.twig
index 6dfa2bd..ff352ed 100644
--- a/src/Resources/ApiPlatformBundle/SwaggerUi/index.html.twig
+++ b/src/Resources/ApiPlatformBundle/SwaggerUi/index.html.twig
@@ -26,7 +26,7 @@
     <script id="swagger-data" type="application/json">{{ swagger_data|merge(oauth_data)|json_encode(65)|raw }}</script>
 
     {# insert auth web component, use token in Swagger UI #}
-    {% if keycloak_server_url and keycloak_realm and keycloak_frontend_client_id %}
+    {% if (keycloak_server_url or oidc_server_url) and (keycloak_realm or oidc_server_url) and (keycloak_frontend_client_id or oidc_frontend_client_id) %}
         <style>
             /* Hide the builtin auth key button in case we have a keycloak setup */
             .swagger-ui .auth-wrapper .authorize {
@@ -34,10 +34,12 @@
             }
         </style>
         <script>
-            var keycloakConfig = {
-                url: "{{ keycloak_server_url }}",
-                realm: "{{ keycloak_realm }}",
-                clientId: "{{ keycloak_frontend_client_id }}"
+            var oidcConfig = {
+                oidcServer: "{{ oidc_server_url }}",
+                oidcFrontendClientId: "{{ oidc_frontend_client_id }}",
+                keycloakUrl: "{{ keycloak_server_url }}",
+                keycloakRealm: "{{ keycloak_realm }}",
+                keycloakClientId: "{{ keycloak_frontend_client_id }}"
             };
         </script>
         <script type="module" src="{{ asset('bundles/dbprelaycore/index.js', assetPackage) }}"></script>
diff --git a/src/Resources/public/index.js b/src/Resources/public/index.js
index b245746..481595e 100644
--- a/src/Resources/public/index.js
+++ b/src/Resources/public/index.js
@@ -36,6 +36,54 @@ function useToken(token) {
 
 var delayInsertTimer = 0;
 
+function getKeycloakServerUrl() {
+    let config = window.oidcConfig;
+    if (config.keycloakUrl.length) {
+        // deprecated config value, remove once removed in the auth/oidc bundle
+        return config.keycloakUrl;
+    } else if (config.oidcServer.length) {
+        let url = config.oidcServer;
+        // XXX: extract the base url from the server url, hacky put works..
+        // In the future we might want to use a non-keycloak specific component here,
+        // and fetch .well-known/openid-configuration
+        let match = url.match(/(?<base>.*)\/realms\/(?<realm>[^/]*)/);
+        if (match !== null) {
+            return match.groups.base;
+        }
+    }
+    return '';
+}
+
+function getKeycloakRealm()
+{
+    let config = window.oidcConfig;
+    if (config.keycloakRealm.length) {
+        // deprecated config value, remove once removed in the auth/oidc bundle
+        return config.keycloakRealm;
+    } else if (config.oidcServer.length) {
+        let url = config.oidcServer;
+        // XXX: extract the realm from the server url, hacky put works..
+        // In the future we might want to use a non-keycloak specific component here,
+        // and fetch .well-known/openid-configuration
+        let match = url.match(/(?<base>.*)\/realms\/(?<realm>[^/]*)/);
+        if (match !== null) {
+            return match.groups.realm;
+        }
+    }
+    return '';
+}
+
+function getKeycloakClientId() {
+    let config = window.oidcConfig;
+    if (config.keycloakClientId.length) {
+        // deprecated config value, remove once removed in the auth/oidc bundle
+        return config.keycloakClientId;
+    } else if (config.oidcFrontendClientId.length) {
+        return config.oidcFrontendClientId;
+    }
+    return '';
+}
+
 function insertDBPContainer() {
     let target = document.getElementsByClassName('scheme-container')[0];
     if (target === undefined)
@@ -43,12 +91,11 @@ function insertDBPContainer() {
 
     // see ../auth/README.md
     var element = document.createElement('api-platform-auth');
-    let config = window.keycloakConfig;
 
     element.setAttribute('lang', 'en');
-    element.setAttribute('url', config.url);
-    element.setAttribute('realm', config.realm);
-    element.setAttribute('client-id', config.clientId);
+    element.setAttribute('url', getKeycloakServerUrl());
+    element.setAttribute('realm', getKeycloakRealm());
+    element.setAttribute('client-id', getKeycloakClientId());
     element.setAttribute('silent-check-sso-redirect-uri', new URL("auth/silent-check-sso.html", import.meta.url).href);
     element.setAttribute('entry-point-url', new URL('../..', import.meta.url).href);
     element.setAttribute('auth', '');
-- 
GitLab