III-6412 cleanup auth0 code

README.md

@@ -1,12 +1,12 @@
 # JWT Provider
-Application that provides JSON Web Tokens from UiTID v2 (Auth0)
+Application that provides JSON Web Tokens from UiTID v2 (Keycloak)
 
 # Architecture 
 Code is split into Domain and Infrastructure. 
 
 Domain contains actions, domain services (interfaces), value objects, etc... Infrastructure contains technical
 capabilities to support the domain - mostly domain interface concrete implementation. The intention in this 
-division is to decouple from Auth0, at least to some extent so further changes in Auth provider can be 
+division is to decouple from Keycloak, at least to some extent so further changes in Auth provider can be 
 easier to implement.
 
 `web/index.php` is the **entry point** for the application. It will pass the request to the
@@ -16,5 +16,5 @@ with the rest of the Service Providers. Every route is tied to single action cla
 
 
 # Authentication flow
-jwt-provider service serves as a proxy between front end application and Auth0 service. 
+jwt-provider service serves as a proxy between front end application and Keycloak service. 
 ![image](.doc/auth-flow.png)

app/ActionServiceProvider.php

@@ -25,9 +25,9 @@
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractClientInformationFromRequest;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\ExtractLocaleFromRequest;
 use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\IsAllowedRefreshToken;
-use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LoginAuth0Adapter;
-use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LogOutAuth0Adapter;
-use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\RefreshAuth0Adapter;
+use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LoginOAuthAdapter;
+use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\LogOutOAuthAdapter;
+use CultuurNet\UDB3\JwtProvider\Infrastructure\Service\RefreshOAuthAdapter;
 use GuzzleHttp\Client;
 use Slim\Psr7\Factory\UriFactory;
 
@@ -94,20 +94,20 @@ public function register(): void
 
         $this->addShared(
             LogOutServiceInterface::class,
-            fn (): LogOutAuth0Adapter => new LogOutAuth0Adapter(
+            fn (): LogOutOAuthAdapter => new LogOutOAuthAdapter(
                 $this->get(Auth0::class),
                 new Authentication(
                     [
-                        'domain' => $this->parameter($this->getIdentityProvider() . '.domain'),
-                        'clientId' => $this->parameter($this->getIdentityProvider() . '.client_id'),
-                        'clientSecret' => $this->parameter($this->getIdentityProvider() . '.client_secret'),
-                        'cookieSecret' => $this->parameter($this->getIdentityProvider() . '.cookie_secret'),
+                        'domain' => $this->parameter('keycloak.domain'),
+                        'clientId' => $this->parameter('keycloak.client_id'),
+                        'clientSecret' => $this->parameter('keycloak.client_secret'),
+                        'cookieSecret' => $this->parameter('keycloak.cookie_secret'),
                     ]
                 ),
                 $this->get(ResponseFactoryInterface::class),
                 new UriFactory(),
-                $this->parameter($this->getIdentityProvider() . '.log_out_uri'),
-                $this->parameter($this->getIdentityProvider() . '.client_id')
+                $this->parameter('keycloak.log_out_uri'),
+                $this->parameter('keycloak.client_id')
             )
         );
 
@@ -118,34 +118,34 @@ public function register(): void
 
         $this->addShared(
             LoginServiceInterface::class,
-            fn (): LoginAuth0Adapter => new LoginAuth0Adapter(
+            fn (): LoginOAuthAdapter => new LoginOAuthAdapter(
                 $this->get(Auth0::class)
             )
         );
 
         $this->addShared(
             RefreshServiceInterface::class,
-            fn (): RefreshAuth0Adapter => new RefreshAuth0Adapter(
+            fn (): RefreshOAuthAdapter => new RefreshOAuthAdapter(
                 new Client(),
-                $this->parameter($this->getIdentityProvider() . '.client_id'),
-                $this->parameter($this->getIdentityProvider() . '.client_secret'),
-                $this->parameter($this->getIdentityProvider() . '.domain')
+                $this->parameter('keycloak.client_id'),
+                $this->parameter('keycloak.client_secret'),
+                $this->parameter('keycloak.domain')
             )
         );
 
         $this->addShared(
             Auth0::class,
             fn (): Auth0 => new Auth0(
                 [
-                    'domain' => $this->parameter($this->getIdentityProvider() . '.domain'),
-                    'clientId' => $this->parameter($this->getIdentityProvider() . '.client_id'),
-                    'clientSecret' => $this->parameter($this->getIdentityProvider() . '.client_secret'),
-                    'redirectUri' => $this->parameter($this->getIdentityProvider() . '.redirect_uri'),
+                    'domain' => $this->parameter('keycloak.domain'),
+                    'clientId' => $this->parameter('keycloak.client_id'),
+                    'clientSecret' => $this->parameter('keycloak.client_secret'),
+                    'redirectUri' => $this->parameter('keycloak.redirect_uri'),
                     'scope' => ['openid','email','profile','offline_access'],
                     'persistIdToken' => true,
                     'persistRefreshToken' => true,
-                    'tokenLeeway' => $this->parameter($this->getIdentityProvider() . '.id_token_leeway'),
-                    'cookieSecret' => $this->parameter($this->getIdentityProvider() . '.cookie_secret'),
+                    'tokenLeeway' => $this->parameter('keycloak.id_token_leeway'),
+                    'cookieSecret' => $this->parameter('keycloak.cookie_secret'),
                 ]
             )
         );
@@ -154,7 +154,7 @@ public function register(): void
             IsAllowedRefreshToken::class,
             fn (): IsAllowedRefreshToken => new IsAllowedRefreshToken(
                 $this->get(ConsumerReadRepositoryInterface::class),
-                (string)$this->parameter($this->getIdentityProvider() . '.allowed_refresh_permission')
+                (string)$this->parameter('keycloak.allowed_refresh_permission')
             )
         );
 
@@ -178,12 +178,4 @@ function (): SessionClientInformation {
             )
         );
     }
-
-    private function getIdentityProvider(): string
-    {
-        if ($this->parameter('keycloak.enabled')) {
-            return 'keycloak';
-        }
-        return 'auth0';
-    }
 }

config.dist.yml

@@ -13,7 +13,7 @@ jwt:
   keys:
     public:
       file: public.pem
-auth0:
+keycloak:
   domain:
   client_id:
   client_secret:

src/Infrastructure/Service/LogOutAuth0Adapter.php → src/Infrastructure/Service/LogOutOAuthAdapter.php

@@ -12,7 +12,7 @@
 use Psr\Http\Message\UriFactoryInterface;
 use Psr\Http\Message\UriInterface;
 
-final class LogOutAuth0Adapter implements LogOutServiceInterface
+final class LogOutOAuthAdapter implements LogOutServiceInterface
 {
     private ResponseFactoryInterface $responseFactory;
 

src/Infrastructure/Service/LoginAuth0Adapter.php → src/Infrastructure/Service/LoginOAuthAdapter.php

@@ -14,7 +14,7 @@
 use Psr\Http\Message\ResponseInterface;
 use Slim\Psr7\Response;
 
-final class LoginAuth0Adapter implements LoginServiceInterface
+final class LoginOAuthAdapter implements LoginServiceInterface
 {
     private Auth0Interface $auth0;
 

src/Infrastructure/Service/RefreshAuth0Adapter.php → src/Infrastructure/Service/RefreshOAuthAdapter.php

@@ -10,7 +10,7 @@
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\GuzzleException;
 
-final class RefreshAuth0Adapter implements RefreshServiceInterface
+final class RefreshOAuthAdapter implements RefreshServiceInterface
 {
     private Client $httpClient;
 

tests/Infrastructure/Service/LogOutAuth0AdapterTest.php → tests/Infrastructure/Service/LogOutOAuthAdapterTest.php

@@ -12,7 +12,7 @@
 use Prophecy\PhpUnit\ProphecyTrait;
 use Slim\Psr7\Factory\UriFactory;
 
-final class LogOutAuth0AdapterTest extends TestCase
+final class LogOutOAuthAdapterTest extends TestCase
 {
     use ProphecyTrait;
 
@@ -28,7 +28,7 @@ public function it_logs_out_user(): void
 
         $authentication->getLogoutLink('http://foo-bar.com', ['clientId' => 'client-id'])->willReturn($auth0LogOutUri);
 
-        $auth0adapter = new LogOutAuth0Adapter(
+        $logOutOAuthAdapter = new LogOutOAuthAdapter(
             $auth0->reveal(),
             $authentication->reveal(),
             new SlimResponseFactory(),
@@ -37,7 +37,7 @@ public function it_logs_out_user(): void
             'client-id'
         );
 
-        $response = $auth0adapter->logout();
+        $response = $logOutOAuthAdapter->logout();
 
         $this->assertEquals(StatusCodeInterface::STATUS_MOVED_PERMANENTLY, $response->getStatusCode());
         $this->assertEquals($auth0LogOutUri, $response->getHeaderLine('Location'));

tests/Infrastructure/Service/LoginAuth0AdapterTest.php → tests/Infrastructure/Service/LoginOAuthAdapterTest.php

@@ -14,7 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Prophecy\PhpUnit\ProphecyTrait;
 
-final class LoginAuth0AdapterTest extends TestCase
+final class LoginOAuthAdapterTest extends TestCase
 {
     use ProphecyTrait;
 
@@ -25,7 +25,7 @@ public function it_redirects_to_login_page(): void
     {
         $auth0 = $this->prophesize(Auth0Interface::class);
 
-        $auth0adapter = new LoginAuth0Adapter(
+        $loginOAuthAdapter = new LoginOAuthAdapter(
             $auth0->reveal()
         );
 
@@ -39,7 +39,7 @@ public function it_redirects_to_login_page(): void
             ]
         )->shouldBeCalled();
 
-        $auth0adapter->redirectToLogin();
+        $loginOAuthAdapter->redirectToLogin();
     }
 
     /**
@@ -49,14 +49,14 @@ public function it_returns_token(): void
     {
         $auth0 = $this->prophesize(Auth0Interface::class);
 
-        $auth0adapter = new LoginAuth0Adapter(
+        $loginOAuthAdapter = new LoginOAuthAdapter(
             $auth0->reveal()
         );
 
         $auth0->getIdToken()->willReturn('token');
         $auth0->exchange()->willReturn(true);
 
-        $this->assertEquals('token', $auth0adapter->token());
+        $this->assertEquals('token', $loginOAuthAdapter->token());
     }
 
     /**
@@ -66,13 +66,13 @@ public function it_returns_refresh_token(): void
     {
         $auth0 = $this->prophesize(Auth0Interface::class);
 
-        $auth0adapter = new LoginAuth0Adapter(
+        $loginOAuthAdapter = new LoginOAuthAdapter(
             $auth0->reveal()
         );
 
         $auth0->getRefreshToken()->willReturn('refresh-token');
 
-        $this->assertEquals('refresh-token', $auth0adapter->refreshToken());
+        $this->assertEquals('refresh-token', $loginOAuthAdapter->refreshToken());
     }
 
     /**
@@ -84,7 +84,7 @@ public function it_wraps_auth0_exceptions_to_unsuccessful_auth_exception(Excepti
     {
         $auth0 = $this->prophesize(Auth0Interface::class);
 
-        $auth0adapter = new LoginAuth0Adapter(
+        $loginOAuthAdapter = new LoginOAuthAdapter(
             $auth0->reveal()
         );
 
@@ -93,7 +93,7 @@ public function it_wraps_auth0_exceptions_to_unsuccessful_auth_exception(Excepti
 
         $this->expectException(UnSuccessfulAuthException::class);
 
-        $auth0adapter->token();
+        $loginOAuthAdapter->token();
     }
 
     /**