feat: Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration

2026-01-20 20:39:48 +01:00
parent 6479f68b6c
commit 82a9706deb
2 changed files with 11 additions and 26 deletions
--- a/knockoutwhistweb/app/services/OpenIDConnectService.scala
+++ b/knockoutwhistweb/app/services/OpenIDConnectService.scala
@@ -75,30 +75,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit

  def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
    providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
-        new AuthenticationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
-          URI.create(provider.redirectUri)
-        )
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .nonce(new Nonce(nonce))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      } else {
-        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
-        new AuthorizationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
-        )
-          .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .redirectionURI(URI.create(provider.redirectUri))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      }
+      val authRequest = new AuthorizationRequest.Builder(
+        new ResponseType(ResponseType.Value.CODE),
+        new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
+      )
+        .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
+        .state(new com.nimbusds.oauth2.sdk.id.State(state))
+        .redirectionURI(URI.create(provider.redirectUri))
+        .endpointURI(URI.create(provider.authorizationEndpoint))
+        .build()

      authRequest.toURI.toString
    }
--- a/knockoutwhistweb/conf/prod.conf
+++ b/knockoutwhistweb/conf/prod.conf
@@ -28,8 +28,8 @@ openid {
  }
  
  keycloak {
-    clientId = "your-keycloak-client-id"
-    clientSecret = "your-keycloak-client-secret"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
    redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
    authUrl = ${?KEYCLOAK_AUTH_URL}
    authUrl = "https://identity.janis-eccarius.de/realms/master"