ci: bump version to v4.45.0

CHANGELOG.md

@@ -403,3 +403,18 @@
 ### Features
 
 * Add mainRoute configuration for OpenID in application and environment files ([4f52c1a](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/4f52c1a0f30cf0b917452149a52b53b94d82a7c9))
+##  (2026-01-20)
+
+### Features
+
+* Simplify authorization request creation in OpenIDConnectService and use environment variables for Keycloak configuration ([82a9706](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/82a9706deb97db193015e55a048830d496e76d83))
+##  (2026-01-20)
+
+### Features
+
+* Use environment variables for Keycloak client configuration in staging ([fccd94c](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/fccd94cc11db43f99eded13207cc93fb59d8703e))
+##  (2026-01-20)
+
+### Features
+
+* Add logging for OpenID authentication process in OpenIDController ([b729344](https://git.janis-eccarius.de/KnockOutWhist/KnockOutWhist-Web/commit/b729344d1e79c631146dd988248d033d97e12d93))

knockoutwhistweb/app/controllers/OpenIDController.scala

@@ -2,7 +2,7 @@ package controllers
 
 import logic.user.{SessionManager, UserManager}
 import model.users.User
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json.Json
 import play.api.mvc.*
 import play.api.mvc.Cookie.SameSite.Lax
@@ -20,6 +20,8 @@ class OpenIDController @Inject()(
                                   val config: Configuration
                                 )(implicit ec: ExecutionContext) extends BaseController {
 
+  private val logger = Logger(this.getClass)
+
   def loginWithProvider(provider: String): Action[AnyContent] = Action.async { implicit request =>
     val state = openIDService.generateState()
     val nonce = openIDService.generateNonce()
@@ -47,8 +49,11 @@ class OpenIDController @Inject()(
     val code = request.getQueryString("code")
     val error = request.getQueryString("error")
 
+    logger.info(s"Received callback from $provider with state $sessionState, nonce $sessionNonce, provider $sessionProvider, returned state $returnedState, code $code, error $error")
+
     error match {
       case Some(err) =>
+        logger.error(s"Authentication failed: $err")
         Future.successful(Redirect("/login").flashing("error" -> s"Authentication failed: $err"))
       case None =>
         (for {
@@ -63,6 +68,7 @@ class OpenIDController @Inject()(
                   // Check if user already exists
                   userManager.authenticateOpenID(provider, userInfo.id) match {
                     case Some(user) =>
+                      logger.info(s"User ${userInfo.name} (${userInfo.id}) already exists, logging them in")
                       // User already exists, log them in
                       val sessionToken = sessionManager.createSession(user)
                       Future.successful(Redirect(config.getOptional[String]("openid.mainRoute").getOrElse("/"))
@@ -75,6 +81,7 @@ class OpenIDController @Inject()(
                         ))
                         .removingFromSession("oauth_state", "oauth_nonce", "oauth_provider", "oauth_access_token"))
                     case None =>
+                      logger.info(s"User ${userInfo.name} (${userInfo.id}) not found, creating new user")
                       // New user, redirect to username selection
                       Future.successful(Redirect(config.get[String]("openid.selectUserRoute"))
                         .withSession(
@@ -84,12 +91,15 @@ class OpenIDController @Inject()(
                         ))
                   }
                 case None =>
+                  logger.error("Failed to retrieve user information")
                   Future.successful(Redirect("/login").flashing("error" -> "Failed to retrieve user information"))
               }
             case None =>
+              logger.error("Failed to exchange authorization code")
               Future.successful(Redirect("/login").flashing("error" -> "Failed to exchange authorization code"))
           }
         }).getOrElse {
+          logger.error("Invalid state parameter")
           Future.successful(Redirect("/login").flashing("error" -> "Invalid state parameter"))
         }
     }

knockoutwhistweb/app/services/OpenIDConnectService.scala

@@ -75,21 +75,7 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
 
   def getAuthorizationUrl(providerName: String, state: String, nonce: String): Option[String] = {
     providers.get(providerName).map { provider =>
-      val authRequest = if (provider.scopes.contains("openid")) {
+      val authRequest = new AuthorizationRequest.Builder(
-        // Use OpenID Connect AuthenticationRequest for OpenID providers
-        new AuthenticationRequest.Builder(
-          new ResponseType(ResponseType.Value.CODE),
-          new com.nimbusds.oauth2.sdk.Scope(provider.scopes.mkString(" ")),
-          new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId),
-          URI.create(provider.redirectUri)
-        )
-          .state(new com.nimbusds.oauth2.sdk.id.State(state))
-          .nonce(new Nonce(nonce))
-          .endpointURI(URI.create(provider.authorizationEndpoint))
-          .build()
-      } else {
-        // Use standard OAuth2 AuthorizationRequest for non-OpenID providers (like Discord)
-        new AuthorizationRequest.Builder(
         new ResponseType(ResponseType.Value.CODE),
         new com.nimbusds.oauth2.sdk.id.ClientID(provider.clientId)
       )
@@ -98,7 +84,6 @@ class OpenIDConnectService@Inject(ws: WSClient, config: Configuration)(implicit
         .redirectionURI(URI.create(provider.redirectUri))
         .endpointURI(URI.create(provider.authorizationEndpoint))
         .build()
-      }
 
       authRequest.toURI.toString
     }

knockoutwhistweb/conf/prod.conf

@@ -28,8 +28,8 @@ openid {
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

knockoutwhistweb/conf/staging.conf

@@ -25,8 +25,8 @@ openid {
   }
   
   keycloak {
-    clientId = "your-keycloak-client-id"
+    clientId = ${?KEYCLOAK_CLIENT_ID}
-    clientSecret = "your-keycloak-client-secret"
+    clientSecret = ${?KEYCLOAK_CLIENT_SECRET}
     redirectUri = "https://st.knockout.janis-eccarius.de/api/auth/keycloak/callback"
     authUrl = ${?KEYCLOAK_AUTH_URL}
     authUrl = "https://identity.janis-eccarius.de/realms/master"

versions.env

@@ -1,3 +1,3 @@
 MAJOR=4
-MINOR=42
+MINOR=45
 PATCH=0