feat: add auth support (default and paia)

2026-01-20 00:23:03 +00:00 · 2022-01-24 18:43:00 +00:00
parent 046a95ba1d
commit b5f239ea4e
85 changed files with 3626 additions and 119 deletions
--- a/src/environments/environment.fake.ts
+++ b/src/environments/environment.fake.ts
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018-2020 StApps
+ * Copyright (C) 2018-2022 StApps
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation, version 3.
@@ -12,9 +12,74 @@
 * You should have received a copy of the GNU General Public License along with
 * this program. If not, see <https://www.gnu.org/licenses/>.
 */
+// The file contents for the current environment will overwrite these during build.
+// The build system defaults to the dev environment which uses `environment.ts`, but if you do
+// `ng build --env=prod` then `environment.prod.ts` will be used instead.
+// The list of which env maps to which file can be found in `.angular-cli.json`.
+import {AuthorizationServiceConfigurationJson} from '@openid/appauth';
+import {IAuthConfig} from 'ionic-appauth';
+// import config from 'capacitor.config';
+
+const appDomain = 'mobile.app.uni-frankfurt.de';
+
 export const environment = {
  backend_url: 'https://mobile.server.uni-frankfurt.de',
+  appDomain: 'mobile.app.uni-frankfurt.de',
  backend_version: '2.0.0',
  use_fake_backend: true,
  production: false,
+  oauth2: {
+    client: {
+      his: {
+        client_id: '1cac3f99-33fa-4234-8438-979f07e0cdab',
+        client_secret: 'CLIENT_SECRET',
+        server_host: 'https://cas.rz.uni-frankfurt.de/cas/oauth2.0',
+        redirect_url: `https://${appDomain}/auth/callback`,
+        scopes: '',
+        pkce: true,
+      } as IAuthConfig,
+      paia: {
+        client_id: '',
+        client_secret: '',
+        server_host:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        // TODO: Use Custom URL Scheme (ideally bundle ID from capacitor.config)
+        redirect_url: `https://${appDomain}/auth/paia/callback`,
+        scopes: '',
+        pkce: true,
+      } as IAuthConfig,
+    },
+    service: {
+      his: {
+        authorization_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/authorize',
+        token_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/accessToken',
+        userinfo_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/profile',
+      } as AuthorizationServiceConfigurationJson,
+      paia: {
+        authorization_endpoint:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        token_endpoint: 'https://hds.hebis.de:8443/auth/login',
+        userinfo_endpoint: 'https://hds.hebis.de:8443/core',
+      } as AuthorizationServiceConfigurationJson,
+    },
+    endpointMappings: {
+      userinfo: {
+        id: 'employeeNumber',
+        given_name: 'givenName',
+        family_name: 'sn',
+        email: 'mailPrimaryAddress',
+      },
+    },
+  },
 };
+
+/*
+ * In development mode, to ignore zone related error stack frames such as
+ * `zone.run`, `zoneDelegate.invokeTask` for easier debugging, you can
+ * import the following file, but please comment it out in production mode
+ * because it will have performance impact when throw error
+ */
+// import 'zone.js/plugins/zone-error';  // Included with Angular CLI.
--- a/src/environments/environment.prod.ts
+++ b/src/environments/environment.prod.ts
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018-2020 StApps
+ * Copyright (C) 2018-2022 StApps
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation, version 3.
@@ -12,10 +12,74 @@
 * You should have received a copy of the GNU General Public License along with
 * this program. If not, see <https://www.gnu.org/licenses/>.
 */
-// eslint-disable-next-line unicorn/prevent-abbreviations
+// The file contents for the current environment will overwrite these during build.
+// The build system defaults to the dev environment which uses `environment.ts`, but if you do
+// `ng build --env=prod` then `environment.prod.ts` will be used instead.
+// The list of which env maps to which file can be found in `.angular-cli.json`.
+import {AuthorizationServiceConfigurationJson} from '@openid/appauth';
+import {IAuthConfig} from 'ionic-appauth';
+// import config from 'capacitor.config';
+
+const appDomain = 'mobile.app.uni-frankfurt.de';
+
 export const environment = {
  backend_url: 'https://mobile.server.uni-frankfurt.de',
+  appDomain: 'mobile.app.uni-frankfurt.de',
  backend_version: '2.0.0',
  use_fake_backend: false,
-  production: true,
+  production: false,
+  oauth2: {
+    client: {
+      his: {
+        client_id: '1cac3f99-33fa-4234-8438-979f07e0cdab',
+        client_secret: 'CLIENT_SECRET',
+        server_host: 'https://cas.rz.uni-frankfurt.de/cas/oauth2.0',
+        redirect_url: `https://${appDomain}/auth/callback`,
+        scopes: '',
+        pkce: true,
+      } as IAuthConfig,
+      paia: {
+        client_id: '',
+        client_secret: '',
+        server_host:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        // TODO: Use Custom URL Scheme (ideally bundle ID from capacitor.config)
+        redirect_url: `https://${appDomain}/auth/paia/callback`,
+        scopes: '',
+        pkce: true,
+      } as IAuthConfig,
+    },
+    service: {
+      his: {
+        authorization_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/authorize',
+        token_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/accessToken',
+        userinfo_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/profile',
+      } as AuthorizationServiceConfigurationJson,
+      paia: {
+        authorization_endpoint:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        token_endpoint: 'https://hds.hebis.de:8443/auth/login',
+        userinfo_endpoint: 'https://hds.hebis.de:8443/core',
+      } as AuthorizationServiceConfigurationJson,
+    },
+    endpointMappings: {
+      userinfo: {
+        id: 'employeeNumber',
+        given_name: 'givenName',
+        family_name: 'sn',
+        email: 'mailPrimaryAddress',
+      },
+    },
+  },
 };
+
+/*
+ * In development mode, to ignore zone related error stack frames such as
+ * `zone.run`, `zoneDelegate.invokeTask` for easier debugging, you can
+ * import the following file, but please comment it out in production mode
+ * because it will have performance impact when throw error
+ */
+// import 'zone.js/plugins/zone-error';  // Included with Angular CLI.
--- a/src/environments/environment.ts
+++ b/src/environments/environment.ts
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018-2020 StApps
+ * Copyright (C) 2018-2022 StApps
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation, version 3.
@@ -16,11 +16,65 @@
 // The build system defaults to the dev environment which uses `environment.ts`, but if you do
 // `ng build --env=prod` then `environment.prod.ts` will be used instead.
 // The list of which env maps to which file can be found in `.angular-cli.json`.
+import {AuthorizationServiceConfigurationJson} from '@openid/appauth';
+import {IAuthConfig} from 'ionic-appauth';
+// import config from 'capacitor.config';
+
+const appDomain = 'mobile.app.uni-frankfurt.de';
+
 export const environment = {
  backend_url: 'https://mobile.server.uni-frankfurt.de',
+  appDomain: 'mobile.app.uni-frankfurt.de',
  backend_version: '2.0.0',
  use_fake_backend: false,
  production: false,
+  oauth2: {
+    client: {
+      his: {
+        client_id: '1cac3f99-33fa-4234-8438-979f07e0cdab',
+        client_secret: '',
+        server_host: 'https://cas.rz.uni-frankfurt.de/cas/oauth2.0',
+        redirect_url: `https://${appDomain}/auth/callback`,
+        scopes: '',
+        pkce: true,
+      } as IAuthConfig,
+      paia: {
+        client_id: '',
+        client_secret: '',
+        server_host:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        // TODO: Use Custom URL Scheme (ideally bundle ID from capacitor.config)
+        redirect_url: `https://${appDomain}/auth/paia/callback`,
+        scopes: '',
+        // TODO: PAIA need to support PKCE, it will then work "out-of-the-box"
+        pkce: true,
+      } as IAuthConfig,
+    },
+    service: {
+      his: {
+        authorization_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/authorize',
+        token_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/accessToken',
+        userinfo_endpoint:
+          'https://cas.rz.uni-frankfurt.de/cas/oauth2.0/profile',
+      } as AuthorizationServiceConfigurationJson,
+      paia: {
+        authorization_endpoint:
+          'https://hds.hebis.de/Shibboleth.sso/UBFFM?target=https://hds.hebis.de/ubffm/paia_login_stub.php',
+        token_endpoint: 'https://hds.hebis.de:8443/auth/login',
+        userinfo_endpoint: 'https://hds.hebis.de:8443/core',
+      } as AuthorizationServiceConfigurationJson,
+    },
+    endpointMappings: {
+      userinfo: {
+        id: 'employeeNumber',
+        given_name: 'givenName',
+        family_name: 'sn',
+        email: 'mailPrimaryAddress',
+      },
+    },
+  },
 };

 /*