chore: add tenant logic

smarcet · smarcet · commit d86009afe257 · 2025-10-29T16:00:18.000-03:00
chore: define custom provider for LFID
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -15,6 +15,7 @@
 use App\libs\Utils\TextUtils;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Facades\Validator;
@@ -127,6 +128,11 @@ public function boot()
 
             return true;
         });
+
+        Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) {
+            // custom tenants for AUTH0 providers
+            $event->extendSocialite('lfid', \SocialiteProviders\Auth0\Provider::class);
+        });
     }
 
     /**
diff --git a/app/libs/Auth/SocialLoginProviders.php b/app/libs/Auth/SocialLoginProviders.php
@@ -1,6 +1,4 @@
 <?php namespace App\libs\Auth;
-use Illuminate\Support\Facades\Config;
-
 /**
  * Copyright 2021 OpenStack Foundation
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,7 +11,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Request;
 /**
  * Class SocialLoginProviders
  * @package App\libs\Auth
@@ -25,16 +25,15 @@ final class SocialLoginProviders
     const LinkedIn = "linkedin";
     const Google = "google";
     const OKTA = 'okta';
-
-    const AUTH0 = 'auth0';
+    const LFID = 'lfid';
 
     const ValidProviders = [
         self::Facebook,
         self::LinkedIn,
         self::Apple,
         //self::Google
         self::OKTA,
-        self::AUTH0,
+        self::LFID,
     ];
 
     /**
@@ -59,9 +58,53 @@ public static function isEnabledProvider(string $provider):bool{
      */
     public static function buildSupportedProviders():array{
         $res = [];
+        $tenant = null;
+        $allowed_3rd_party_providers = [];
+
+        if(Request::has("tenant")){
+            $tenant = trim(Request::get("tenant"));
+            $allowed_3rd_party_providers = explode(',',Config::get("tenants.".$tenant.".allowed_3rd_party_providers",""));
+        }
+
+        Log::debug("SocialLoginProviders::buildSupportedProviders", ["tenant" => $tenant, "allowed_3rd_party_providers" => $allowed_3rd_party_providers]);
         foreach(self::ValidProviders as $provider){
-            if(self::isEnabledProvider($provider))
+            Log::debug("SocialLoginProviders::buildSupportedProviders",  ["tenant" => $tenant, "provider" => $provider]);
+            // check if the 3rd party provider has defined some exclusive tenants ...
+            $tenants = explode(',', Config::get("services.".$provider.".tenants",""));
+            // check first its enabled ...
+            if(self::isEnabledProvider($provider)) {
+                Log::debug(sprintf( "SocialLoginProviders::buildSupportedProviders provider %s is enabled", $provider));
+                if(!empty($tenant)){
+                    if(count($tenants) > 0 && !in_array($tenant, $tenants)){ // check if we have tenants defined at provider level
+                        Log::warning
+                        (
+                            sprintf
+                            (
+                                "SocialLoginProviders::buildSupportedProviders provider %s is not enabled for tenant %s",
+                                $provider,
+                                $tenant
+                            ),
+                            ["tenants" => $tenants]
+                        );
+                        continue;
+                    } // else check if the tenant has that provider enabled
+                    else if(!in_array($provider, $allowed_3rd_party_providers)) {
+                        Log::warning
+                        (
+                            sprintf
+                            (
+                                "SocialLoginProviders::buildSupportedProviders provider %s is not enabled for tenant %s",
+                                $provider,
+                                $tenant
+                            ),
+                            ["allowed_3rd_party_providers" => $allowed_3rd_party_providers]
+                        );
+                        continue;
+                    }
+                }
+                Log::debug(sprintf("SocialLoginProviders::buildSupportedProviders provider %s is enabled", $provider));
                 $res[$provider] = ucfirst($provider);
+            }
         }
         return $res;
     }
diff --git a/app/libs/OAuth2/Discovery/DiscoveryDocumentBuilder.php b/app/libs/OAuth2/Discovery/DiscoveryDocumentBuilder.php
@@ -261,9 +261,9 @@ public function addUserInfoEncryptionEncSupported($enc)
      * @return $this
      */
     public function addAvailableThirdPartyIdentityProviders(){
-        foreach(SocialLoginProviders::ValidProviders as $provider)
-            if(SocialLoginProviders::isEnabledProvider($provider))
-                $this->addArrayValue("third_party_identity_providers", $provider);
+        $providers = SocialLoginProviders::buildSupportedProviders();
+        foreach($providers as $provider => $value)
+            $this->addArrayValue("third_party_identity_providers", $provider);
         return $this;
     }
 
diff --git a/composer.json b/composer.json
@@ -50,6 +50,7 @@
     "s-ichikawa/laravel-sendgrid-driver": "^4.0",
     "smarcet/jose4php": "2.0.0",
     "socialiteproviders/apple": "^5.6.1",
+    "socialiteproviders/auth0": "^4.2",
     "socialiteproviders/facebook": "^4.1.0",
     "socialiteproviders/google": "^4.1.0",
     "socialiteproviders/linkedin": "^5.0.0",
diff --git a/composer.lock b/composer.lock
diff --git a/config/services.php b/config/services.php
@@ -1,6 +1,15 @@
 <?php
+$custom_auth0_tenants = [
+    'lfid' => [
+        'client_id' => env('LFID_CLIENT_ID'),
+        'client_secret' => env('LFID_CLIENT_SECRET'),
+        'redirect' => env('LFID_REDIRECT_URI'),
+        'base_url' => env('LFID_BASE_URL'),
+        'tenants' => env('LFID_TENANTS','lf'),
+    ]
+];
 
-return [
+return array_merge([
 
     /*
     |--------------------------------------------------------------------------
@@ -66,10 +75,4 @@
         'base_url' => env("OKTA_BASE_URL"),
         'redirect' => env('OKTA_REDIRECT_URI')
     ],
-    'auth0' => [
-        'client_id' => env('AUTH0_CLIENT_ID'),
-        'client_secret' => env('AUTH0_CLIENT_SECRET'),
-        'redirect' => env('AUTH0_REDIRECT_URI'),
-        'base_url' => env('AUTH0_BASE_URL'),
-    ]
-];
+], $custom_auth0_tenants);
diff --git a/config/tenants.php b/config/tenants.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+    'lf' => [
+        'allowed_3rd_party_providers' =>  env('LFID_ALLOWED_3RD_PARTY_PROVIDERS', '')
+    ],
+];
