[DSIP-88][Auth] Enhancing Apache DolphinScheduler with Generalized OIDC Authentication - Integrate OIDC Flow into Login Controller#17341
Closed
tusaryan wants to merge 1 commit intoapache:devfrom
Conversation
Introduces OIDC authentication endpoints and logic to LoginController, including provider listing, OIDC login redirection, and callback handling. Updates AppConfiguration to allow new OIDC-related paths. Adds comprehensive unit tests for OIDC authentication scenarios in LoginControllerOidcTest and extends LoginControllerTest with additional login validation cases.
Member
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request integrates the OIDC authentication flow into the
LoginController, exposing the feature via REST endpoints. It introduces the necessary endpoints to initiate the OIDC login redirect and handle the callback from the identity provider.Upon successful authentication via the
OidcAuthenticator, this PR ensures a user session is created using the existingSessionService, fully enabling OIDC as a valid login method.Closes: #17171 (Part 2)
Purpose of the pull request
Brief change log
/oauth2/authorization/{providerId}endpoint inLoginControllerto initiate the OIDC login flow and redirect users to the Identity Provider./login/oauth2/code/{providerId}endpoint inLoginControllerto handle the callback from the OIDC provider, process the authorization code, and create a user session./oidc-providersendpoint toLoginControllerto expose the list of configured providers to the UI.AppConfiguration.javato exclude the new OIDC endpoints from theLoginHandlerInterceptor, allowing unauthenticated access for the login process.LoginControllerOidcTest.javato provide comprehensive unit tests for the new OIDC endpoints, mocking theOidcAuthenticatorandSessionServiceto verify redirect logic, error handling, and successful session creation.LoginControllerTest.javato ensure existing password-based login functionality remains unaffected.Verify this pull request
This change is covered by new and updated unit tests:
LoginControllerOidcTest.java: Mocks the entire OIDC login flow to test the controller logic, including successful login, error callbacks from the IdP, and internal authentication failures.LoginControllerTest.java: Ensures no regressions in existing login functionalities.Pull Request Notice
Pull Request Notice
If your pull request contains incompatible change, you should also add it to
docs/docs/en/guide/upgrade/incompatible.md