Merge pull request quarkusio#37730 from gastaldi/linkedIn_oidc

Introduce LinkedIn OIDC provider

docs/src/main/asciidoc/security-openid-connect-providers.adoc

@@ -8,7 +8,7 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
 include::_attributes.adoc[]
 :diataxis-type: concept
 :categories: security,web
-:keywords: oidc github twitter google facebook mastodon microsoft apple spotify twitch
+:keywords: oidc github twitter google facebook mastodon microsoft apple spotify twitch linkedin
 :toclevels: 3
 :topics: security,oidc,github,twitter,google,facebook,mastodon,microsoft,apple,spotify,twitch
 :extensions: io.quarkus:quarkus-oidc
@@ -501,6 +501,31 @@ quarkus.oidc.client-id=<Client ID>
 quarkus.oidc.credentials.client-secret=<Client Secret>
 ----
 
+[[linkedin]]
+=== LinkedIn
+
+Create a https://developer.linkedin.com/[LinkedIn application]:
+
+image::oidc-linkedin-1.png[role="thumb"]
+
+Add the `Sign In with LinkedIn using OpenId Connect` product:
+
+image::oidc-linkedin-2.png[role="thumb"]
+
+You now can get your client id and secret. Don't forget to also add the authorized redirect URLs for your application:
+
+image::oidc-linkedin-3.png[role="thumb"]
+
+You can now configure your `application.properties`:
+
+[source,properties]
+----
+quarkus.oidc.provider=linkedin
+quarkus.oidc.client-id=<Client ID>
+quarkus.oidc.credentials.client-secret=<Client Secret>
+----
+
+
 
 [[provider-scope]]
 == Provider scopes

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java

@@ -1808,6 +1808,7 @@ public static enum Provider {
         FACEBOOK,
         GITHUB,
         GOOGLE,
+        LINKEDIN,
         MASTODON,
         MICROSOFT,
         SPOTIFY,

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java

@@ -10,31 +10,29 @@
 public class KnownOidcProviders {
 
     public static OidcTenantConfig provider(OidcTenantConfig.Provider provider) {
-        switch (provider) {
-            case APPLE:
-                return apple();
-            case DISCORD:
-                return discord();
-            case FACEBOOK:
-                return facebook();
-            case GITHUB:
-                return github();
-            case GOOGLE:
-                return google();
-            case MASTODON:
-                return mastodon();
-            case MICROSOFT:
-                return microsoft();
-            case SPOTIFY:
-                return spotify();
-            case TWITCH:
-                return twitch();
-            case TWITTER:
-            case X:
-                return twitter();
-            default:
-                return null;
-        }
+        return switch (provider) {
+            case APPLE -> apple();
+            case DISCORD -> discord();
+            case FACEBOOK -> facebook();
+            case GITHUB -> github();
+            case GOOGLE -> google();
+            case LINKEDIN -> linkedIn();
+            case MASTODON -> mastodon();
+            case MICROSOFT -> microsoft();
+            case SPOTIFY -> spotify();
+            case TWITCH -> twitch();
+            case TWITTER, X -> twitter();
+        };
+    }
+
+    private static OidcTenantConfig linkedIn() {
+        OidcTenantConfig ret = new OidcTenantConfig();
+        ret.setAuthServerUrl("https://www.linkedin.com/oauth");
+        ret.setApplicationType(OidcTenantConfig.ApplicationType.WEB_APP);
+        ret.getAuthentication().setScopes(List.of("email", "profile"));
+        ret.getCredentials().getClientSecret().setMethod(Method.POST);
+        ret.getToken().setPrincipalClaim("name");
+        return ret;
     }
 
     private static OidcTenantConfig github() {

extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java

@@ -519,6 +519,36 @@ public void testOverrideDiscordProperties() throws Exception {
         assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
     }
 
+    @Test
+    public void testAcceptLinkedInProperties() throws Exception {
+        OidcTenantConfig tenant = new OidcTenantConfig();
+        tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
+        OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.LINKEDIN));
+
+        assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
+        assertEquals("https://www.linkedin.com/oauth", config.getAuthServerUrl().get());
+        assertEquals(List.of("email", "profile"), config.authentication.scopes.get());
+    }
+
+    @Test
+    public void testOverrideLinkedInProperties() throws Exception {
+        OidcTenantConfig tenant = new OidcTenantConfig();
+        tenant.setTenantId(OidcUtils.DEFAULT_TENANT_ID);
+
+        tenant.setApplicationType(ApplicationType.HYBRID);
+        tenant.setAuthServerUrl("http://localhost/wiremock");
+        tenant.credentials.clientSecret.setMethod(Method.BASIC);
+        tenant.authentication.setForceRedirectHttpsScheme(false);
+
+        OidcTenantConfig config = OidcUtils.mergeTenantConfig(tenant, KnownOidcProviders.provider(Provider.LINKEDIN));
+
+        assertEquals(OidcUtils.DEFAULT_TENANT_ID, config.getTenantId().get());
+        assertEquals(ApplicationType.HYBRID, config.getApplicationType().get());
+        assertEquals("http://localhost/wiremock", config.getAuthServerUrl().get());
+        assertFalse(config.getAuthentication().isForceRedirectHttpsScheme().get());
+        assertEquals(Method.BASIC, config.credentials.clientSecret.method.get());
+    }
+
     @Test
     public void testCorrectTokenType() throws Exception {
         OidcTenantConfig.Token tokenClaims = new OidcTenantConfig.Token();