#6155: OAuth 2.0 - Microsoft

src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java

@@ -20,6 +20,7 @@
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.MicrosoftOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProviderFactory;
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
@@ -880,13 +881,15 @@ public AuthenticatedUser canLogInAsBuiltinUser(String username, String password)
     public List<String> getAuthenticationProviderIdsSorted() {
         GitHubOAuth2AP github = new GitHubOAuth2AP(null, null);
         GoogleOAuth2AP google = new GoogleOAuth2AP(null, null);
+        MicrosoftOAuth2AP microsoft = new MicrosoftOAuth2AP(null, null);
         return Arrays.asList(
                 BuiltinAuthenticationProvider.PROVIDER_ID,
                 ShibAuthenticationProvider.PROVIDER_ID,
                 OrcidOAuth2AP.PROVIDER_ID_PRODUCTION,
                 OrcidOAuth2AP.PROVIDER_ID_SANDBOX,
                 github.getId(),
-                google.getId()
+                google.getId(),
+                microsoft.getId()
         );
     }
 

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/AbstractOAuth2AuthenticationProvider.java

@@ -116,6 +116,10 @@ public OAuth2UserRecord getUserRecord(String code, String state, String redirect
         final OAuthRequest request = new OAuthRequest(Verb.GET, userEndpoint, service);
         request.addHeader("Authorization", "Bearer " + accessToken.getAccessToken());
         request.setCharset("UTF-8");
+
+        // Microsoft
+        request.addHeader("Accept", "application/json");
+
 
         final Response response = request.send();
         int responseCode = response.getCode();

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2AuthenticationProviderFactory.java

@@ -7,6 +7,7 @@
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.MicrosoftOAuth2AP;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
@@ -31,6 +32,7 @@ public OAuth2AuthenticationProviderFactory() {
         builders.put("github", (row, data) -> readRow(row, new GitHubOAuth2AP(data.get("clientId"), data.get("clientSecret"))));
         builders.put("google", (row, data) -> readRow(row, new GoogleOAuth2AP(data.get("clientId"), data.get("clientSecret"))));
         builders.put("orcid", (row, data)  -> readRow(row, new OrcidOAuth2AP(data.get("clientId"), data.get("clientSecret"), data.get("userEndpoint"))));
+        builders.put("microsoft", (row, data) -> readRow(row, new MicrosoftOAuth2AP(data.get("clientId"), data.get("clientSecret"))));
     }
 
     @Override

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/impl/MicrosoftAzureApi.java

@@ -0,0 +1,65 @@
+package edu.harvard.iq.dataverse.authorization.providers.oauth2.impl;
+
+import com.github.scribejava.core.builder.api.DefaultApi20;
+import com.github.scribejava.core.model.OAuthConfig;
+import com.github.scribejava.core.model.ParameterList;
+import com.github.scribejava.core.model.Verb;
+import java.util.Map;
+
+/**
+ *
+ * @CIMMYT
+ *
+ */
+
+public class MicrosoftAzureApi extends DefaultApi20{
+
+    private static class InstanceHolder {
+        private static final MicrosoftAzureApi INSTANCE = new MicrosoftAzureApi();
+    }
+
+    public static MicrosoftAzureApi instance()
+    {
+        return InstanceHolder.INSTANCE;
+    }
+
+    @Override
+    public Verb getAccessTokenVerb()
+    {
+        return Verb.POST;
+    }
+
+    @Override
+    public String getAccessTokenEndpoint()
+    {
+        return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+    }
+
+    @Override
+    protected String getAuthorizationBaseUrl()
+    {
+        return "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+    }
+
+    @Override
+    public String getAuthorizationUrl(OAuthConfig config, Map<String, String> additionalParams)
+    {
+        ParameterList parameters = new ParameterList(additionalParams);
+
+        parameters.add("response_type", config.getResponseType());
+        parameters.add("client_id", config.getApiKey());
+        String callback = config.getCallback();
+        if (callback != null) {
+            parameters.add("redirect_uri", callback);
+        }
+        parameters.add("scope", "user.read");
+        //parameters.add("domain_hint", "cgiar.org");
+
+        String state = config.getState();
+        if (state != null) {
+            parameters.add("state", state);
+        }
+        return parameters.appendTo(getAuthorizationBaseUrl());
+    }
+
+}

src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/impl/MicrosoftOAuth2AP.java

@@ -0,0 +1,59 @@
+package edu.harvard.iq.dataverse.authorization.providers.oauth2.impl;
+
+import com.github.scribejava.core.builder.api.BaseApi;
+import com.github.scribejava.core.oauth.OAuth20Service;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider;
+
+import java.util.Collections;
+import java.util.logging.Logger;
+import java.io.StringReader;
+import javax.json.Json;
+import javax.json.JsonObject;
+import javax.json.JsonReader;
+import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
+
+/**
+ *
+ * @author
+ */
+public class MicrosoftOAuth2AP extends AbstractOAuth2AuthenticationProvider{
+
+    private static final Logger logger = Logger.getLogger(MicrosoftOAuth2AP.class.getCanonicalName());
+
+    public MicrosoftOAuth2AP(String aClientId, String aClientSecret){
+        this.id = "microsoft";
+        this.title = "Microsoft";
+        this.clientId = aClientId;
+        this.clientSecret = aClientSecret;
+        this.scope = "user.read";
+        this.baseUserEndpoint = "https://graph.microsoft.com/v1.0/me";
+    }
+
+    @Override
+    public BaseApi<OAuth20Service> getApiInstance(){
+        return MicrosoftAzureApi.instance();
+    }
+
+    @Override
+    protected ParsedUserResponse parseUserResponse(final String responseBody) {
+        try ( StringReader rdr = new StringReader(responseBody);
+              JsonReader jrdr = Json.createReader(rdr) )  {
+            JsonObject response = jrdr.readObject();
+            AuthenticatedUserDisplayInfo displayInfo = new AuthenticatedUserDisplayInfo(
+                    response.getString("givenName", ""),
+                    response.getString("surname", ""),
+                    response.getString("userPrincipalName", ""),
+                    "", "");
+            String persistentUserId = response.getString("id");
+            String username = response.getString("userPrincipalName");
+            return new ParsedUserResponse(displayInfo, persistentUserId, username,
+                    (displayInfo.getEmailAddress().length() > 0 ? Collections.singletonList(displayInfo.getEmailAddress()) : Collections.emptyList() )
+            );
+        }
+    }
+
+    public boolean isDisplayIdentifier()
+    {
+        return false;
+    }
+}