Feat: enable dynamic profile field mapping via env variables for oidc response

src/auth/access-group-provider/access-group-from-graphql-api-call.service.ts

@@ -5,7 +5,6 @@ import { Injectable, Logger } from "@nestjs/common";
 import { UserPayload } from "../interfaces/userPayload.interface";
 import { HttpService } from "@nestjs/axios";
 import { firstValueFrom } from "rxjs";
-
 /**
  * This service is used to fetch access groups from a GraphQL API.
  */
@@ -27,14 +26,19 @@ export class AccessGroupFromGraphQLApiService extends AccessGroupService {
   ): Promise<string[]> {
     const userId = userPayload.userId as string;
     const query = this.graphqlTemplateQuery.replace("{{userId}}", userId);
-    const response = await this.callGraphQLApi(query);
-    const accessGroups = this.responseProcessor(response);
+    try {
+      const response = await this.callGraphQLApi(query);
+      const accessGroups = this.responseProcessor(response);
 
-    Logger.log(
-      "Access groups from graphql api call getAccessGroups: " +
-        accessGroups.join(","),
-    );
-    return accessGroups;
+      Logger.log(
+        accessGroups,
+        "AccessGroupFromGraphQLApiService getAccessGroups:",
+      );
+      return accessGroups;
+    } catch (error) {
+      Logger.error(error, "AccessGroupFromGraphQLApiService");
+      return [];
+    }
   }
 
   async callGraphQLApi(query: string): Promise<Record<string, unknown>> {

src/auth/access-group-provider/access-group-from-multiple-providers.service.ts

@@ -1,4 +1,4 @@
-import { Injectable } from "@nestjs/common";
+import { Injectable, Logger } from "@nestjs/common";
 import { UserPayload } from "../interfaces/userPayload.interface";
 import { AccessGroupService } from "./access-group.service";
 

src/auth/access-group-provider/access-group-from-payload.service.spec.ts

@@ -7,9 +7,7 @@ describe("AccessGroupFromPayloadService", () => {
   let service: AccessGroupFromPayloadService;
 
   const mockConfigService = {
-    get: () => ({
-      accessGroups: "accessGroups",
-    }),
+    get: () => "access_group_property",
   };
 
   beforeEach(async () => {
@@ -30,14 +28,15 @@ describe("AccessGroupFromPayloadService", () => {
   });
 
   it("Should resolve access groups", async () => {
-    const expected = ["AAA", "BBB"];
-    const actual = await service.getAccessGroups({
+    const userPayload = {
       userId: "test_user",
-      accessGroupProperty: "access_group_property",
+      accessGroupProperty: "testGroups",
       payload: {
-        access_group_property: expected,
+        testGroups: ["AAA", "BBB"],
       },
-    } as UserPayload);
+    };
+    const expected = userPayload.payload.testGroups;
+    const actual = await service.getAccessGroups(userPayload as UserPayload);
     expect(actual).toEqual(expected);
   });
 });

src/auth/access-group-provider/access-group-from-payload.service.ts

@@ -17,8 +17,7 @@ export class AccessGroupFromPayloadService extends AccessGroupService {
     //const defaultAccessGroups: string[] = [];
     let accessGroups: string[] = [];
 
-    const accessGroupsProperty = userPayload?.accessGroupProperty;
-
+    const accessGroupsProperty = userPayload.accessGroupProperty;
     if (accessGroupsProperty) {
       const payload: Record<string, unknown> | undefined = userPayload.payload;
       if (
@@ -30,11 +29,9 @@ export class AccessGroupFromPayloadService extends AccessGroupService {
             ? (payload[accessGroupsProperty] as string[])
             : [];
       }
+      Logger.log(accessGroups, "AccessGroupFromPayloadService");
     }
 
-    Logger.log(
-      "Access groups AccessGroupFromPayloadService : " + accessGroups.join(","),
-    );
     return accessGroups;
   }
 }

src/auth/access-group-provider/access-group-service-factory.ts

@@ -1,17 +1,79 @@
 import { ConfigService } from "@nestjs/config";
 import { AccessGroupFromStaticValuesService } from "./access-group-from-static-values.service";
 import { AccessGroupService } from "./access-group.service";
-
+import { AccessGroupFromGraphQLApiService } from "./access-group-from-graphql-api-call.service";
+import { AccessGroupFromPayloadService } from "./access-group-from-payload.service";
+import { HttpService } from "@nestjs/axios";
+import { AccessGroupFromMultipleProvidersService } from "./access-group-from-multiple-providers.service";
+import { Logger } from "@nestjs/common";
+import { ConfigModule } from "@nestjs/config";
 /*
  * this is the default function which provides an empty array as groups
  */
 export const accessGroupServiceFactory = {
+  imports: [ConfigModule],
   provide: AccessGroupService,
   useFactory: (configService: ConfigService) => {
-    const accessGroupsStaticValues = configService.get(
-      "accessGroupsStaticValues",
+    Logger.debug("Service factory starting", "accessGroupServiceFactory");
+    const accessGroupsStaticConfig = configService.get(
+      "accessGroupsStaticConfig",
+    );
+    const accessGroupsGraphQlConfig = configService.get(
+      "accessGroupsGraphQlConfig",
     );
-    return new AccessGroupFromStaticValuesService(accessGroupsStaticValues);
+    const accessGroupsOIDCPayloadConfig = configService.get(
+      "accessGroupsOIDCPayloadConfig",
+    );
+
+    const accessGroupServices: AccessGroupService[] = [];
+    if (accessGroupsStaticConfig?.enabled == true) {
+      Logger.log(
+        JSON.stringify(accessGroupsStaticConfig),
+        "loading static processor",
+      );
+      accessGroupServices.push(
+        new AccessGroupFromStaticValuesService(accessGroupsStaticConfig.value),
+      );
+    }
+    if (accessGroupsOIDCPayloadConfig?.enabled == true) {
+      Logger.log(
+        JSON.stringify(accessGroupsOIDCPayloadConfig),
+        "loading oidc processor",
+      );
+      accessGroupServices.push(
+        new AccessGroupFromPayloadService(configService),
+      );
+    }
+
+    if (accessGroupsGraphQlConfig?.enabled == true) {
+      Logger.log(
+        JSON.stringify(accessGroupsGraphQlConfig),
+        "loading graphql processor",
+      );
+
+      import(accessGroupsGraphQlConfig.responseProcessorSrc).then(
+        (rpModule) => {
+          const gh = rpModule.graphHandler;
+          const responseProcessor: (
+            response: Record<string, unknown>,
+          ) => string[] = gh.responseProcessor;
+          const graphqlTemplateQuery: string = gh.graphqlTemplateQuery;
+          accessGroupServices.push(
+            new AccessGroupFromGraphQLApiService(
+              graphqlTemplateQuery,
+              accessGroupsGraphQlConfig.apiUrl,
+              {
+                Authorization: `Bearer ${accessGroupsGraphQlConfig.token}`,
+              },
+              responseProcessor,
+              new HttpService(),
+            ),
+          );
+        },
+      );
+    }
+
+    return new AccessGroupFromMultipleProvidersService(accessGroupServices);
   },
   inject: [ConfigService],
 };

src/auth/interfaces/oidc-user.interface.ts

@@ -0,0 +1,16 @@
+export interface IOidcUserInfoMapping {
+  id: string;
+  username: string;
+  displayName: string;
+  familyName: string;
+  email: string;
+  thumbnailPhoto: string;
+  groups?: string[];
+  provider?: string;
+  [key: string]: string | string[] | undefined;
+}
+
+export interface IOidcUserQueryMapping {
+  operator: string;
+  filter: string[];
+}