ci: bump version to v4.52.0

feat: Implement OAuth session management with Redis caching for OpenID user data
ci: bump version to v4.51.0
2026-01-21 11:51:57 +00:00 · 2026-01-21 12:49:20 +01:00 · 2026-01-21 11:29:52 +00:00 · 2026-01-21 12:26:20 +01:00 · 2026-01-21 11:24:51 +00:00 · 2026-01-21 12:22:19 +01:00
15 changed files with 327 additions and 130 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -388,3 +388,68 @@
 ### Features
 * Add logging for user management operations in HibernateUserManager ([9ca1813](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/9ca1813f06539cffeb573d0e00571e4f2d5144f1))
 ##  (2026-01-20)
 ### Features
 * Integrate UserManager and HibernateUserManager in session management ([e32f4eb](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/e32f4eb8fff9daec46f20284e28e94a59231d033))
 ##  (2026-01-20)
 ### Features
 * Implement transaction management for user addition and removal in HibernateUserManager ([45dec00](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/45dec00b86a1395457226ed62ac319c61e38739a))
 ##  (2026-01-20)
 ### Features
 * Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
 ##  (2026-01-20)
 ### Features
 * Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
 ##  (2026-01-20)
 ### Features
 * Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
 ##  (2026-01-20)
 ### Features
 * Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))
 ##  (2026-01-20)
 ### Features
 * Add error logging for user info retrieval in OpenIDConnectService ([861f2f1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/861f2f1184e860fdd164481167f941c11accfedd))
 ##  (2026-01-20)
 ### Features
 * Add idClaimName parameter to OpenIDConnectService for flexible ID claim mapping ([2f38855](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/2f388554495d8bd44b4c533baa0f2fc27eea22c2))
 ##  (2026-01-21)
 ### Features
 * Change log level to warn for OpenID callback in OpenIDController ([23cdbe9](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/23cdbe9bd127bc26405fd216372bbb2d7e718a77))
 ##  (2026-01-21)
 ### Features
 * Change log level to warn for OpenID callback in OpenIDController ([4a6598f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4a6598f102d8934c7502944a0addd400dd0cbcac))
 ##  (2026-01-21)
 ### Features
 * Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([4b74de1](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4b74de12610120831fc1529f0409db66aafd4d03))
 ##  (2026-01-21)
 ### Features
 * Update ID mapping in OpenIDUserInfo to use hashed value and remove name field ([daa072f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/daa072f2bf260ed62402096b41ce85aa071efaf5))
 ##  (2026-01-21)
 ### Features
 * Implement OAuth session management with Redis caching for OpenID user data ([0430c7f](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/0430c7f4deb37661c697406a714e2693bf0c7307))
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/knockoutwhistweb/app/controllers/OpenIDController.scala
+++ b/knockoutwhistweb/app/controllers/OpenIDController.scala
@@ -1,13 +1,15 @@
 package controllers
 import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
 import logic.user.{SessionManager, UserManager}
 import model.users.User
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.Json
 import play.api.mvc.*
 import play.api.mvc.Cookie.SameSite.Lax
-import services.{OpenIDConnectService, OpenIDUserInfo}
+import services.{OpenIDConnectService, OpenIDUserInfo, OAuthCacheService}
 import java.util.concurrent.TimeUnit
 import javax.inject.*
 import scala.concurrent.{ExecutionContext, Future}
@@ -17,9 +19,12 @@ class OpenIDController @Inject()(
                                  val openIDService: OpenIDConnectService,
                                  val sessionManager: SessionManager,
                                  val userManager: UserManager,
-                                  val config: Configuration
+                                  val config: Configuration,
                                  val oauthCache: OAuthCacheService
                                )(implicit ec: ExecutionContext) extends BaseController {
  private val logger = Logger(this.getClass)
  def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
    val state = openIDService.generateState()
    val nonce = openIDService.generateNonce()
@@ -47,8 +52,11 @@ class OpenIDController @Inject()(
    val code = request.getQueryString("code")
    val error = request.getQueryString("error")
    logger.warn(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
    error match {
      case Some(err) =>
        logger.error(s"Authentication failed: $err")
        Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
      case None =>
        (for {
@@ -56,42 +64,68 @@ class OpenIDController @Inject()(
          _ <- Option(sessionProvider.contains(provider))
          authCode <- code
        } yield {
          logger.warn(s"Authentication successful for $provider")
          openIDService.exchangeCodeForTokens(provider, authCode, sessionState.get).flatMap {
            case Some(tokenResponse) =>
-              openIDService.getUserInfo(provider, tokenResponse.accessToken).map {
+              openIDService.getUserInfo(provider, tokenResponse.accessToken).flatMap {
                case Some(userInfo) =>
-                  // Store user info in session for username selection
+                  // Check if user already exists
-                  Redirect(config.get[String]("openid.selectUserRoute"))
+                  userManager.authenticateOpenID(provider, userInfo.id) match {
-                    .withSession(
+                    case Some(user) =>
-                      "oauth_user_info" -> Json.toJson(userInfo).toString(),
+                      logger.warn(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
-                      "oauth_provider" -> provider,
+                      // User already exists, log them in
-                      "oauth_access_token" -> tokenResponse.accessToken
+                      val sessionToken = sessionManager.createSession(user)
-                    )
+                      Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
                        .withCookies(Cookie(
                          name = "accessToken",
                          value = sessionToken,
                          httpOnly = true,
                          secure = false,
                          sameSite = Some(Lax)
                        ))
                        .removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
                    case None =>
                      logger.warn(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
                      // Store OAuth data in cache and get session ID
                      val oauthSessionId = oauthCache.storeOAuthData(userInfo, tokenResponse.accessToken, provider)
                      // New user, redirect to username selection with only session ID
                      Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
                        .withSession("oauth_session_id" -> oauthSessionId))
                  }
                case None =>
-                  Redirect("/login").flashing("error" -> "Failed to retrieve user information")
+                  logger.error("Failed to retrieve user information")
                  Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
              }
            case None =>
              logger.error("Failed to exchange authorization code")
              Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
          }
        }).getOrElse {
          logger.error("Invalid state parameter")
          Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
        }
    }
  }
  def selectUsername(): Action[AnyContent] = Action.async { implicit request =>
-    request.session.get("oauth_user_info") match {
+    request.session.get("oauth_session_id") match {
-      case Some(userInfoJson) =>
+      case Some(sessionId) =>
-        val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
+        oauthCache.getOAuthData(sessionId) match {
-        Future.successful(Ok(Json.obj(
+          case Some((userInfo, _, _)) =>
-          "id" -> userInfo.id,
+            Future.successful(Ok(Json.obj(
-          "email" -> userInfo.email,
+              "id" -> userInfo.id,
-          "name" -> userInfo.name,
+              "email" -> userInfo.email,
-          "picture" -> userInfo.picture,
+              "name" -> userInfo.name,
-          "provider" -> userInfo.provider,
+              "picture" -> userInfo.picture,
-          "providerName" -> userInfo.providerName
+              "provider" -> userInfo.provider,
-        )))
+              "providerName" -> userInfo.providerName
            )))
          case None =>
            logger.error(s"OAuth session data not found for session ID: $sessionId")
            Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
        }
      case None =>
        logger.error("No OAuth session ID found")
        Future.successful(Redirect("/login").flashing("error" -> "No authentication information found"))
    }
  }
@@ -99,48 +133,53 @@ class OpenIDController @Inject()(
  def submitUsername(): Action[AnyContent] = Action.async { implicit request =>
    val username = request.body.asJson.flatMap(json => (json \ "username").asOpt[String])
      .orElse(request.body.asFormUrlEncoded.flatMap(_.get("username").flatMap(_.headOption)))
-    val userInfoJson = request.session.get("oauth_user_info")
+    val sessionId = request.session.get("oauth_session_id")
    val provider = request.session.get("oauth_provider").getOrElse("unknown")
-    (username, userInfoJson) match {
+    (username, sessionId) match {
-      case (Some(uname), Some(userInfoJson)) =>
+      case (Some(uname), Some(sid)) =>
-        val userInfo = Json.parse(userInfoJson).as[OpenIDUserInfo]
+        oauthCache.getOAuthData(sid) match {
-        
+          case Some((userInfo, accessToken, provider)) =>
-        // Check if username already exists
+            // Check if username already exists
-        val trimmedUsername = uname.trim
+            val trimmedUsername = uname.trim
-        userManager.userExists(trimmedUsername) match {
+            userManager.userExists(trimmedUsername) match {
-          case Some(_) =>
+              case Some(_) =>
-            Future.successful(Conflict(Json.obj("error" -> "Username already taken")))
+                Future.successful(Conflict(Json.obj("error" -> "Username already taken")))
-          case None =>
+              case None =>
-            // Create new user with OpenID info (no password needed)
+                // Create new user with OpenID info (no password needed)
-            val success = userManager.addOpenIDUser(trimmedUsername, userInfo)
+                val success = userManager.addOpenIDUser(trimmedUsername, userInfo)
-            if (success) {
+                if (success) {
-              // Get the created user and create session
+                  // Get created user and create session
-              userManager.userExists(trimmedUsername) match {
+                  userManager.userExists(trimmedUsername) match {
-                case Some(user) =>
+                    case Some(user) =>
-                  val sessionToken = sessionManager.createSession(user)
+                      val sessionToken = sessionManager.createSession(user)
-                  Future.successful(Ok(Json.obj(
+                      // Clean up cache after successful user creation
-                    "message" -> "User created successfully",
+                      oauthCache.removeOAuthData(sid)
-                    "user" -> Json.obj(
+                      Future.successful(Ok(Json.obj(
-                      "id" -> user.id,
+                        "message" -> "User created successfully",
-                      "username" -> user.name
+                        "user" -> Json.obj(
-                    )
+                          "id" -> user.id,
-                  )).withCookies(Cookie(
+                          "username" -> user.name
-                    name = "accessToken",
+                        )
-                    value = sessionToken,
+                      )).withCookies(Cookie(
-                    httpOnly = true,
+                        name = "accessToken",
-                    secure = false,
+                        value = sessionToken,
-                    sameSite = Some(Lax)
+                        httpOnly = true,
-                  )).removingFromSession("oauth_user_info", "oauth_provider", "oauth_access_token"))
+                        secure = false,
-                case None =>
+                        sameSite = Some(Lax)
-                  Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user session")))
+                      )).removingFromSession("oauth_session_id"))
-              }
+                    case None =>
-            } else {
+                      Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user session")))
-              Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user")))
+                  }
                } else {
                  Future.successful(InternalServerError(Json.obj("error" -> "Failed to create user")))
                }
            }
          case None =>
            logger.error(s"OAuth session data not found for session ID: $sid")
            Future.successful(Redirect("/login").flashing("error" -> "Session expired"))
        }
      case _ =>
-        Future.successful(BadRequest(Json.obj("error" -> "Username is required")))
+        Future.successful(BadRequest(Json.obj("error" -> "Username and valid session required")))
    }
  }
 }
--- a/knockoutwhistweb/app/di/ProductionModule.scala
+++ b/knockoutwhistweb/app/di/ProductionModule.scala
@@ -1,25 +0,0 @@
 package di
 import com.google.inject.AbstractModule
 import com.google.inject.name.Names
 import logic.user.impl.HibernateUserManager
 import play.api.db.DBApi
 import play.api.{Configuration, Environment}
 class ProductionModule(
  environment: Environment,
  configuration: Configuration
 ) extends AbstractModule {
  override def configure(): Unit = {
    // Bind HibernateUserManager for production
    bind(classOf[logic.user.UserManager])
      .to(classOf[logic.user.impl.HibernateUserManager])
      .asEagerSingleton()
    // Bind EntityManager for JPA
    bind(classOf[jakarta.persistence.EntityManager])
      .toProvider(classOf[EntityManagerProvider])
      .asEagerSingleton()
  }
 }
--- a/knockoutwhistweb/app/logic/user/impl/BaseSessionManager.scala
+++ b/knockoutwhistweb/app/logic/user/impl/BaseSessionManager.scala
@@ -4,7 +4,7 @@ import com.auth0.jwt.algorithms.Algorithm
 import com.auth0.jwt.{JWT, JWTVerifier}
 import com.github.benmanes.caffeine.cache.{Cache, Caffeine}
 import com.typesafe.config.Config
-import logic.user.SessionManager
+import logic.user.{SessionManager, UserManager}
 import model.users.User
 import scalafx.util.Duration
 import services.JwtKeyProvider
@@ -16,7 +16,7 @@ import javax.inject.{Inject, Singleton}
 import scala.util.Try
@Singleton
-class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: StubUserManager, val config: Config) extends SessionManager {
+class BaseSessionManager @Inject()(val keyProvider: JwtKeyProvider, val userManager: UserManager, val config: Config) extends SessionManager {
  private val algorithm = Algorithm.RSA512(keyProvider.publicKey, keyProvider.privateKey)
  private val verifier: JWTVerifier = JWT.require(algorithm)
--- a/knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala
+++ b/knockoutwhistweb/app/logic/user/impl/HibernateUserManager.scala
@@ -18,7 +18,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
  private val logger = Logger(getClass.getName)
  override def addUser(name: String, password: String): Boolean = {
    val tx = em.getTransaction
    try {
      tx.begin()
      // Check if user already exists
      val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
@@ -26,6 +28,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
      if (!existing.isEmpty) {
        logger.warn(s"User $name already exists")
        tx.rollback()
        return false
      }
@@ -39,10 +42,12 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
      em.persist(userEntity)
      em.flush()
      tx.commit()
      true
    } catch {
      case e: Exception => {
        if (tx.isActive) tx.rollback()
        logger.error(s"Error adding user $name", e)
        false
      }
@@ -50,7 +55,9 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
  }
  override def addOpenIDUser(name: String, userInfo: OpenIDUserInfo): Boolean = {
    val tx = em.getTransaction
    try {
      tx.begin()
      // Check if user already exists
      val existing = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
@@ -58,6 +65,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
      if (!existing.isEmpty) {
        logger.warn(s"User $name already exists")
        tx.rollback()
        return false
      }
@@ -72,6 +80,7 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
      if (!existingOpenID.isEmpty) {
        logger.warn(s"OpenID user ${userInfo.provider}_${userInfo.id} already exists")
        tx.rollback()
        return false
      }
@@ -80,9 +89,11 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
      em.persist(userEntity)
      em.flush()
      tx.commit()
      true
    } catch {
      case e: Exception => {
        if (tx.isActive) tx.rollback()
        logger.error(s"Error adding OpenID user ${userInfo.provider}_${userInfo.id}", e)
        false
      }
@@ -167,20 +178,27 @@ class HibernateUserManager @Inject()(em: EntityManager, config: Config) extends
  }
  override def removeUser(name: String): Boolean = {
    val tx = em.getTransaction
    try {
      tx.begin()
      val users = em.createQuery("SELECT u FROM UserEntity u WHERE u.username = :username", classOf[UserEntity])
        .setParameter("username", name)
        .getResultList
      if (users.isEmpty) {
        tx.rollback()
        false
      } else {
        em.remove(users.get(0))
        em.flush()
        tx.commit()
        true
      }
    } catch {
-      case _: Exception => false
+      case _: Exception => {
        if (tx.isActive) tx.rollback()
        false
      }
    }
  }
 }
--- a/knockoutwhistweb/app/modules/GatewayModule.scala
+++ b/knockoutwhistweb/app/modules/GatewayModule.scala
@@ -1,10 +1,24 @@
 package modules
 import com.google.inject.AbstractModule
 import di.EntityManagerProvider
 import jakarta.persistence.EntityManager
 import logic.Gateway
 import logic.user.UserManager
 import logic.user.impl.HibernateUserManager
 class GatewayModule extends AbstractModule {
  override def configure(): Unit = {
    bind(classOf[Gateway]).asEagerSingleton()
    // Bind HibernateUserManager for production (when GatewayModule is used)
    bind(classOf[UserManager])
      .to(classOf[HibernateUserManager])
      .asEagerSingleton()
    // Bind EntityManager for JPA
    bind(classOf[EntityManager])
      .toProvider(classOf[EntityManagerProvider])
      .asEagerSingleton()
  }
 }
--- a/knockoutwhistweb/app/services/OAuthCacheService.scala
+++ b/knockoutwhistweb/app/services/OAuthCacheService.scala
@@ -0,0 +1,89 @@
 package services
 import org.redisson.Redisson
 import org.redisson.api.RMapCache
 import org.redisson.config.Config
 import play.api.Logger
 import play.api.libs.json.Json
 import java.util.concurrent.TimeUnit
 import javax.inject.*
@Singleton
 class OAuthCacheService @Inject()() {
  private val logger = Logger(this.getClass)
  // Initialize Redis connection similar to Gateway
  private val redis = {
    val config: Config = Config()
    val url = "redis://" + sys.env.getOrElse("REDIS_HOST", "localhost") + ":" + sys.env.getOrElse("REDIS_PORT", "6379")
    logger.info(s"OAuthCacheService connecting to Redis at $url")
    config.useSingleServer.setAddress(url)
    Redisson.create(config)
  }
  // Cache for OAuth data with 30 minute TTL
  private val oauthCache: RMapCache[String, String] = redis.getMapCache("oauth_cache")
  /**
   * Store OAuth data with random ID and return the ID
   */
  def storeOAuthData(userInfo: OpenIDUserInfo, accessToken: String, provider: String): String = {
    val sessionId = java.util.UUID.randomUUID().toString
    val oauthData = Json.obj(
      "userInfo" -> Json.toJson(userInfo),
      "accessToken" -> accessToken,
      "provider" -> provider,
      "timestamp" -> System.currentTimeMillis()
    ).toString()
    // Store with 30 minute TTL
    oauthCache.put(sessionId, oauthData, 30, TimeUnit.MINUTES)
    logger.info(s"Stored OAuth data for session $sessionId")
    sessionId
  }
  /**
   * Retrieve OAuth data by session ID
   */
  def getOAuthData(sessionId: String): Option[(OpenIDUserInfo, String, String)] = {
    Option(oauthCache.get(sessionId)) match {
      case Some(dataJson) =>
        try {
          val json = Json.parse(dataJson)
          val userInfo = (json \ "userInfo").as[OpenIDUserInfo]
          val accessToken = (json \ "accessToken").as[String]
          val provider = (json \ "provider").as[String]
          logger.info(s"Retrieved OAuth data for session $sessionId")
          Some((userInfo, accessToken, provider))
        } catch {
          case e: Exception =>
            logger.error(s"Failed to parse OAuth data for session $sessionId: ${e.getMessage}")
            None
        }
      case None =>
        logger.warn(s"No OAuth data found for session $sessionId")
        None
    }
  }
  /**
   * Remove OAuth data after use
   */
  def removeOAuthData(sessionId: String): Unit = {
    oauthCache.remove(sessionId)
    logger.info(s"Removed OAuth data for session $sessionId")
  }
  /**
   * Clean up expired sessions (optional maintenance)
   */
  def cleanupExpiredSessions(): Unit = {
    oauthCache.clear()
    logger.info("Cleaned up expired OAuth sessions")
  }
 }
--- a/knockoutwhistweb/app/services/OpenIDConnectService.scala
+++ b/knockoutwhistweb/app/services/OpenIDConnectService.scala
@@ -2,7 +2,7 @@ package services
 import com.typesafe.config.Config
 import play.api.libs.ws.WSClient
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.*
 import java.net.URI
@@ -11,7 +11,6 @@ import scala.concurrent.{ExecutionContext, Future}
 import com.nimbusds.oauth2.sdk.*
 import com.nimbusds.oauth2.sdk.id.*
 import com.nimbusds.openid.connect.sdk.*
 import play.api.libs.ws.DefaultBodyWritables.*
 case class OpenIDUserInfo(
@@ -36,7 +35,8 @@ case class OpenIDProvider(
  authorizationEndpoint: String,
  tokenEndpoint: String,
  userInfoEndpoint: String,
-  scopes: Set[String] = Set("openid", "profile", "email")
+  scopes: Set[String] = Set("openid", "profile", "email"),
  idClaimName: String = "id"
 )
 case class TokenResponse(
@@ -50,6 +50,8 @@ case class TokenResponse(
@Singleton
 class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit ec: ExecutionContext) {
  private val logger = Logger(this.getClass)
  private val providers = Map(
    "discord" -> OpenIDProvider(
      name = "Discord",
@@ -69,36 +71,22 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
      authorizationEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/auth",
      tokenEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/token",
      userInfoEndpoint = config.get[String]("openid.keycloak.authUrl") + "/protocol/openid-connect/userinfo",
-      scopes = Set("openid", "profile", "email")
+      scopes = Set("openid", "profile", "email"),
      idClaimName = "sub"
    )
  )
  def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
    providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
+      val authRequest = new AuthorizationRequest.Builder(
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
+        new ResponseType(ResponseType.Value.CODE),
-        new AuthenticationRequest.Builder(
+        new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
-          new ResponseType(ResponseType.Value.CODE),
+      )
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
+        .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
+        .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          URI.create(provider.redirectUri)
+        .redirectionURI(URI.create(provider.redirectUri))
-        )
+        .endpointURI(URI.create(provider.authorizationEndpoint))
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
+        .build()
          .nonce(new Nonce(nonce))
          .endpointURI(URI.create(provider.authorizationEndpoint))
          .build()
      } else {
        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
        new AuthorizationRequest.Builder(
          new ResponseType(ResponseType.Value.CODE),
          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
        )
          .scope(new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")))
          .state(new com.nimbusds.oauth2.sdk.id.State(state))
          .redirectionURI(URI.create(provider.redirectUri))
          .endpointURI(URI.create(provider.authorizationEndpoint))
          .build()
      }
      authRequest.toURI.toString
    }
@@ -150,7 +138,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
            if (response.status == 200) {
              val json = response.json
              Some(OpenIDUserInfo(
-                id = (json \ "id").as[String],
+                id = (json \ provider.idClaimName).as[String],
                email = (json \ "email").asOpt[String],
                name = (json \ "name").asOpt[String].orElse((json \ "login").asOpt[String]),
                picture = (json \ "picture").asOpt[String].orElse((json \ "avatar_url").asOpt[String]),
@@ -158,10 +146,15 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
                providerName = provider.name
              ))
            } else {
              logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}, status code ${response.status}")
              None
            }
          }
-          .recover { case _ => None }
+          .recover { case e => {
            logger.error(s"Failed to retrieve user info from ${provider.userInfoEndpoint}", e)
            None
          }
          }
      case None => Future.successful(None)
    }
  }
--- a/knockoutwhistweb/conf/META-INF/persistence.xml
+++ b/knockoutwhistweb/conf/META-INF/persistence.xml
@@ -8,9 +8,10 @@
    <persistence-unit name="defaultPersistenceUnit">
        <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
        <class>model.users.UserEntity</class>
        <properties>
            <!-- Hibernate specific settings -->
            <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>
            <property name="hibernate.hbm2ddl.auto" value="update"/>
            <property name="hibernate.archive.autodetection" value="class"/>
            <property name="hibernate.show_sql" value="false"/>
--- a/knockoutwhistweb/conf/application.conf
+++ b/knockoutwhistweb/conf/application.conf
@@ -29,6 +29,7 @@ play.filters.cors {
 # Local Development OpenID Connect Configuration
 openid {
  selectUserRoute="http://localhost:5173/select-username"
  mainRoute="http://localhost:5173/"
  discord {
    clientId = ${?DISCORD_CLIENT_ID}
--- a/knockoutwhistweb/conf/prod.conf
+++ b/knockoutwhistweb/conf/prod.conf
@@ -18,17 +18,18 @@ play.filters.cors {
 openid {
  selectUserRoute="https://knockout.janis-eccarius.de/select-username"
  mainRoute="https://knockout.janis-eccarius.de/"
  discord {
    clientId = ${?DISCORD_CLIENT_ID}
    clientSecret = ${?DISCORD_CLIENT_SECRET}
    redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://knockout.janis-eccarius.de/api/auth/discord/callback"
  }
  keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
    redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
    authUrl = ${?KEYCLOAK_AUTH_URL}
    authUrl = "https://identity.janis-eccarius.de/realms/master"
--- a/knockoutwhistweb/conf/staging.conf
+++ b/knockoutwhistweb/conf/staging.conf
@@ -15,17 +15,18 @@ play.filters.cors {
 openid {
  selectUserRoute="https://st.knockout.janis-eccarius.de/select-username"
  mainRoute="https://st.knockout.janis-eccarius.de/"
  discord {
    clientId = ${?DISCORD_CLIENT_ID}
    clientSecret = ${?DISCORD_CLIENT_SECRET}
    redirectUri = ${?DISCORD_REDIRECT_URI}
-    redirectUri = "https://st.knockout.janis-eccarius.de/auth/discord/callback"
+    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/discord/callback"
  }
  keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
    redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
    authUrl = ${?KEYCLOAK_AUTH_URL}
    authUrl = "https://identity.janis-eccarius.de/realms/master"
--- a/versions.env
+++ b/versions.env
@@ -1,3 +1,3 @@
 MAJOR=4
-MINOR=39
+MINOR=52
 PATCH=0
Author	SHA1	Message	Date
TeamCity	50145c914b	ci: bump version to v4.52.0	2026-01-21 11:51:57 +00:00
Janis	0430c7f4de	feat: Implement OAuth session management with Redis caching for OpenID user data	2026-01-21 12:49:20 +01:00
TeamCity	1317fd40f5	ci: bump version to v4.51.0	2026-01-21 11:29:52 +00:00
Janis	daa072f2bf	feat: Update ID mapping in OpenIDUserInfo to use hashed value and remove name field	2026-01-21 12:26:20 +01:00
TeamCity	c36720e548	ci: bump version to v4.50.0	2026-01-21 11:24:51 +00:00
Janis	4b74de1261	feat: Update ID mapping in OpenIDUserInfo to use hashed value and remove name field	2026-01-21 12:22:19 +01:00
TeamCity	60ec7de366	ci: bump version to v4.49.0	2026-01-21 10:47:44 +00:00
Janis	4a6598f102	feat: Change log level to warn for OpenID callback in OpenIDController	2026-01-21 11:45:12 +01:00
TeamCity	b278f755b4	ci: bump version to v4.48.0	2026-01-21 10:32:39 +00:00
Janis	23cdbe9bd1	feat: Change log level to warn for OpenID callback in OpenIDController	2026-01-21 11:30:25 +01:00
TeamCity	416baebab5	ci: bump version to v4.47.0	2026-01-20 20:40:24 +00:00
Janis	2f38855449	feat: Add idClaimName parameter to OpenIDConnectService for flexible ID claim mapping	2026-01-20 21:37:50 +01:00
TeamCity	1a3cb5044f	ci: bump version to v4.46.0	2026-01-20 20:14:38 +00:00
Janis	861f2f1184	feat: Add error logging for user info retrieval in OpenIDConnectService	2026-01-20 21:12:20 +01:00
TeamCity	773b760bc1	ci: bump version to v4.45.0	2026-01-20 20:06:17 +00:00
Janis	b729344d1e	feat: Add logging for OpenID authentication process in OpenIDController	2026-01-20 21:03:47 +01:00
TeamCity	9a194a9fd7	ci: bump version to v4.44.0	2026-01-20 19:50:33 +00:00
Janis	fccd94cc11	feat: Use environment variables for Keycloak client configuration in staging	2026-01-20 20:48:18 +01:00
TeamCity	27da1327c1	ci: bump version to v4.43.0	2026-01-20 19:42:30 +00:00
Janis	82a9706deb	feat: Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration	2026-01-20 20:39:56 +01:00
TeamCity	6479f68b6c	ci: bump version to v4.42.0	2026-01-20 18:43:58 +00:00
Janis	4f52c1a0f3	feat: Add mainRoute configuration for OpenID in application and environment files	2026-01-20 19:41:29 +01:00
TeamCity	3787e0f3ed	ci: bump version to v4.41.0	2026-01-20 15:16:55 +00:00
Janis	45dec00b86	feat: Implement transaction management for user addition and removal in HibernateUserManager	2026-01-20 16:14:38 +01:00
TeamCity	fbb3f48b6d	ci: bump version to v4.40.0	2026-01-20 15:03:32 +00:00
Janis	e32f4eb8ff	feat: Integrate UserManager and HibernateUserManager in session management	2026-01-20 16:00:59 +01:00