feature: remove email requirement from identity provider on env value true

2 months ago · 3addeb132c
2 changed files with 27 additions and 14 deletions
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProvider.java
@ -46,6 +46,7 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
    public static final String PROFILE_URL = "https://discord.com/api/users/@me";
    public static final String GROUP_URL = "https://discord.com/api/users/@me/guilds";
    public static final String DEFAULT_SCOPE = "identify email";
+    public static final String IDENTIFY_ONLY_SCOPE = "identify";
    public static final String GUILDS_SCOPE = "guilds";

    public DiscordIdentityProvider(KeycloakSession session, DiscordIdentityProviderConfig config) {
@ -67,17 +68,19 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc

    @Override
    protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode profile) {
-        BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"), getConfig());
+        final BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"), getConfig());

        String username = getJsonProperty(profile, "username");
-        String discriminator = getJsonProperty(profile, "discriminator");
+        final String discriminator = getJsonProperty(profile, "discriminator");

        if (!"0".equals(discriminator)) {
            username += "#" + discriminator;
        }

        user.setUsername(username);
-        user.setEmail(getJsonProperty(profile, "email"));
+        if (getConfig().getDefaultScope().contains("email")) {
+            user.setEmail(getJsonProperty(profile, "email"));
+        }
        user.setIdp(this);

        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
@ -88,7 +91,7 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc
    @Override
    protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
        log.debug("doGetFederatedIdentity()");
-        JsonNode profile = null;
+        JsonNode profile;
        try {
            profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
        } catch (Exception e) {
@ -105,14 +108,16 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc

    protected boolean isAllowedGuild(String accessToken) {
        try {
-            JsonNode guilds = SimpleHttp.doGet(GROUP_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
-            Set<String> allowedGuilds = getConfig().getAllowedGuildsAsSet();
+            final JsonNode guilds = SimpleHttp.doGet(GROUP_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
+            final Set<String> allowedGuilds = getConfig().getAllowedGuildsAsSet();
+
            for (JsonNode guild : guilds) {
                String guildId = getJsonProperty(guild, "id");
                if (allowedGuilds.contains(guildId)) {
                    return true;
                }
            }
+
            return false;
        } catch (Exception e) {
            throw new IdentityBrokerException("Could not obtain guilds the current user is a member of from discord.", e);
@ -121,10 +126,18 @@ public class DiscordIdentityProvider extends AbstractOAuth2IdentityProvider<Disc

    @Override
    protected String getDefaultScopes() {
-        if (getConfig().hasAllowedGuilds()) {
-            return DEFAULT_SCOPE + " " + GUILDS_SCOPE;
-        } else {
-            return DEFAULT_SCOPE;
-        }
+        final StringBuilder defaultScope = new StringBuilder();
+
+        if ("true".equalsIgnoreCase(System.getenv("KEYCLOAK_DISCORD_AUTH_SKIP_EMAIL")))
+            defaultScope.append(IDENTIFY_ONLY_SCOPE + " ");
+        else
+            defaultScope.append(DEFAULT_SCOPE + " ");
+
+        if (getConfig().hasAllowedGuilds())
+            defaultScope.append(GUILDS_SCOPE + " ");
+
+        //can be expanded with any other conditional scopes in the future
+
+        return defaultScope.toString();
    }
 }
--- a/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
+++ b/src/main/java/org/keycloak/social/discord/DiscordIdentityProviderConfig.java
@ -46,14 +46,14 @@ public class DiscordIdentityProviderConfig extends OAuth2IdentityProviderConfig
    }

    public boolean hasAllowedGuilds() {
-        String guilds = getConfig().get("allowedGuilds");
+        final String guilds = getConfig().get("allowedGuilds");
        return guilds != null && !guilds.trim().isEmpty();
    }

    public Set<String> getAllowedGuildsAsSet() {
        if (hasAllowedGuilds()) {
-            String guilds = getConfig().get("allowedGuilds");
-            return Arrays.stream(guilds.split(",")).map(x -> x.trim()).collect(Collectors.toSet());
+            final String guilds = getConfig().get("allowedGuilds");
+            return Arrays.stream(guilds.split(",")).map(String::trim).collect(Collectors.toSet());
        }
        return Collections.emptySet();
    }