Merge pull request #2522 from keboola/hosan/AJDA-2273

Add JumpCloud authentication provider support

Author: hosekpeter

internal/pkg/service/appsproxy/dataapps/auth/provider/jumpcloud.go

@@ -0,0 +1,25 @@
+package provider
+
+import proxyOptions "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
+
+type JumpCloud struct {
+	OIDC
+}
+
+func (v JumpCloud) ProxyProviderOptions() (proxyOptions.Provider, error) {
+	p, err := v.OIDC.ProxyProviderOptions()
+	if err != nil {
+		return proxyOptions.Provider{}, err
+	}
+
+	p.LoginURLParameters = []proxyOptions.LoginURLParameter{
+		{
+			// JumpCloud doesn't support "select_account" prompt
+			// Returns: "Used unknown value '[select_account]' for prompt parameter"
+			Name:    "prompt",
+			Default: []string{"login"},
+		},
+	}
+
+	return p, nil
+}

internal/pkg/service/appsproxy/dataapps/auth/provider/jumpcloud_test.go

@@ -0,0 +1,81 @@
+package provider
+
+import (
+	"encoding/json"
+	"testing"
+
+	proxyOptions "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestJumpCloud(t *testing.T) {
+	t.Parallel()
+
+	// Mock part of the API response
+	providerJSON := `
+{
+  "id": "my-id",
+  "name": "My Name",
+  "type": "jumpcloud",
+  "clientId": "6779ef20e75817b79602",
+  "clientSecret": "f2a1ed52710d4533bde25be6da03b6e3",
+  "issuerUrl": "https://www.linkedin.com",
+  "logoutUrl": "https://www.linkedin.com/oidc/logout",
+  "allowedRoles": ["admin"]
+}
+`
+
+	// Unmarshal, detect the target struct
+	var providers Providers
+	require.NoError(t, json.Unmarshal([]byte("["+providerJSON+"]"), &providers))
+	require.Len(t, providers, 1)
+
+	// Decoded content
+	provider := providers[0]
+	assert.Equal(t, JumpCloud{
+		OIDC: OIDC{
+			Base: Base{
+				Info: Info{
+					ID:   "my-id",
+					Name: "My Name",
+					Type: TypeJumpCloud,
+				},
+			},
+			ClientID:     "6779ef20e75817b79602",
+			ClientSecret: "f2a1ed52710d4533bde25be6da03b6e3",
+			IssuerURL:    "https://www.linkedin.com",
+			LogoutURL:    "https://www.linkedin.com/oidc/logout",
+			AllowedRoles: &[]string{"admin"},
+		},
+	}, provider)
+
+	// OAuth2Proxy configuration
+	oAuth2ProxyProvider, ok := provider.(JumpCloud)
+	require.True(t, ok)
+	proxyOpts, err := oAuth2ProxyProvider.ProxyProviderOptions()
+	require.NoError(t, err)
+	assert.Equal(t, proxyOptions.Provider{
+		ID:                  "my-id",
+		Type:                "oidc",
+		Name:                "My Name",
+		CodeChallengeMethod: "S256",
+		ClientID:            "6779ef20e75817b79602",
+		ClientSecret:        "f2a1ed52710d4533bde25be6da03b6e3",
+		BackendLogoutURL:    "https://www.linkedin.com/oidc/logout",
+		AllowedGroups:       []string{"admin"},
+		OIDCConfig: proxyOptions.OIDCOptions{
+			IssuerURL:      "https://www.linkedin.com",
+			EmailClaim:     "email",
+			GroupsClaim:    "groups",
+			AudienceClaims: []string{"aud"},
+			UserIDClaim:    "email",
+		},
+		LoginURLParameters: []proxyOptions.LoginURLParameter{
+			{
+				Name:    "prompt",
+				Default: []string{"login"},
+			},
+		},
+	}, proxyOpts)
+}

internal/pkg/service/appsproxy/dataapps/auth/provider/provider.go

@@ -11,10 +11,11 @@ import (
 )
 
 const (
-	TypeOIDC   Type = "oidc"
-	TypeGitLab Type = "gitlab"
-	TypeGitHub Type = "github"
-	TypeBasic  Type = "password"
+	TypeOIDC      Type = "oidc"
+	TypeGitLab    Type = "gitlab"
+	TypeGitHub    Type = "github"
+	TypeBasic     Type = "password"
+	TypeJumpCloud Type = "jumpcloud"
 )
 
 // ID is unique identifier of the authentication provider inside a data app.
@@ -53,6 +54,8 @@ func (t Type) new() (Provider, error) {
 		return GitHub{}, nil
 	case TypeBasic:
 		return Basic{}, nil
+	case TypeJumpCloud:
+		return JumpCloud{}, nil
 	default:
 		return nil, errors.Errorf(`unexpected type of data app auth provider "%v"`, t)
 	}