chore: add tenant logic

smarcet · smarcet · commit 3b4dcd053a2b · 2025-10-29T15:45:56.000-03:00
chore: define custom provider for LFID
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -15,6 +15,7 @@
 use App\libs\Utils\TextUtils;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Facades\Validator;
@@ -127,6 +128,11 @@ public function boot()
 
             return true;
         });
+
+        Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) {
+            // custom tenants for AUTH0 providers
+            $event->extendSocialite('lfid', \SocialiteProviders\Auth0\Provider::class);
+        });
     }
 
     /**
diff --git a/app/libs/Auth/SocialLoginProviders.php b/app/libs/Auth/SocialLoginProviders.php
@@ -1,5 +1,6 @@
 <?php namespace App\libs\Auth;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Request;
 
 /**
  * Copyright 2021 OpenStack Foundation
@@ -25,16 +26,15 @@ final class SocialLoginProviders
     const LinkedIn = "linkedin";
     const Google = "google";
     const OKTA = 'okta';
-
-    const AUTH0 = 'auth0';
+    const LFID = 'lfid';
 
     const ValidProviders = [
         self::Facebook,
         self::LinkedIn,
         self::Apple,
         //self::Google
         self::OKTA,
-        self::AUTH0,
+        self::LFID,
     ];
 
     /**
@@ -59,9 +59,24 @@ public static function isEnabledProvider(string $provider):bool{
      */
     public static function buildSupportedProviders():array{
         $res = [];
+        $tenant = null;
+        $allowed_3rd_party_providers = [];
+        if(Request::has("tenant")){
+            $tenant = trim(Request::get("tenant"));
+            $allowed_3rd_party_providers = explode(',',Config::get("tenants.".$tenant.".allowed_3rd_party_providers",""));
+        }
+
         foreach(self::ValidProviders as $provider){
-            if(self::isEnabledProvider($provider))
+            // check if the 3rd party provider has defined some exclusive tenants ...
+            $tenants = explode(',', Config::get("services.".$provider.".tenants",""));
+            // check first its enabled ...
+            if(self::isEnabledProvider($provider)) {
+                if(count($tenants) > 0){ // check if we have tenants defined at provider level
+                    if(empty($tenant) || !in_array($tenant, $tenants)) continue;
+                } // else check if the tenant has that provider enabled
+                else if(!empty($tenant) && !in_array($tenant, $allowed_3rd_party_providers)) continue;
                 $res[$provider] = ucfirst($provider);
+            }
         }
         return $res;
     }
diff --git a/app/libs/OAuth2/Discovery/DiscoveryDocumentBuilder.php b/app/libs/OAuth2/Discovery/DiscoveryDocumentBuilder.php
@@ -261,9 +261,9 @@ public function addUserInfoEncryptionEncSupported($enc)
      * @return $this
      */
     public function addAvailableThirdPartyIdentityProviders(){
-        foreach(SocialLoginProviders::ValidProviders as $provider)
-            if(SocialLoginProviders::isEnabledProvider($provider))
-                $this->addArrayValue("third_party_identity_providers", $provider);
+        $providers = SocialLoginProviders::buildSupportedProviders();
+        foreach($providers as $provider => $value)
+            $this->addArrayValue("third_party_identity_providers", $provider);
         return $this;
     }
 
diff --git a/composer.json b/composer.json
@@ -50,6 +50,7 @@
     "s-ichikawa/laravel-sendgrid-driver": "^4.0",
     "smarcet/jose4php": "2.0.0",
     "socialiteproviders/apple": "^5.6.1",
+    "socialiteproviders/auth0": "^4.2",
     "socialiteproviders/facebook": "^4.1.0",
     "socialiteproviders/google": "^4.1.0",
     "socialiteproviders/linkedin": "^5.0.0",
diff --git a/composer.lock b/composer.lock
diff --git a/config/services.php b/config/services.php
@@ -1,6 +1,15 @@
 <?php
+$custom_auth0_tenants = [
+    'lfid' => [
+        'client_id' => env('LFID_CLIENT_ID'),
+        'client_secret' => env('LFID_CLIENT_SECRET'),
+        'redirect' => env('LFID_REDIRECT_URI'),
+        'base_url' => env('LFID_BASE_URL'),
+        'tenants' => env('LFID_TENANTS','lf'),
+    ]
+];
 
-return [
+return array_merge([
 
     /*
     |--------------------------------------------------------------------------
@@ -66,10 +75,4 @@
         'base_url' => env("OKTA_BASE_URL"),
         'redirect' => env('OKTA_REDIRECT_URI')
     ],
-    'auth0' => [
-        'client_id' => env('AUTH0_CLIENT_ID'),
-        'client_secret' => env('AUTH0_CLIENT_SECRET'),
-        'redirect' => env('AUTH0_REDIRECT_URI'),
-        'base_url' => env('AUTH0_BASE_URL'),
-    ]
-];
+], $custom_auth0_tenants);
diff --git a/config/tenants.php b/config/tenants.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+    'lf' => [
+        'allowed_3rd_party_providers' =>  env('LFID_ALLOWED_3RD_PARTY_PROVIDERS', '')
+    ],
+];
