feat: allow injecting extra fosite strategies (#3646)

client/manager.go

@@ -31,7 +31,7 @@ type Filter struct {
 type Manager interface {
 	Storage
 
-	Authenticate(ctx context.Context, id string, secret []byte) (*Client, error)
+	AuthenticateClient(ctx context.Context, id string, secret []byte) (*Client, error)
 }
 
 type Storage interface {

client/manager_test_helpers.go

@@ -52,11 +52,11 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) {
 			RedirectURIs: []string{"http://redirect"},
 		}))
 
-		c, err := m.Authenticate(ctx, "1234321", []byte("secret1"))
+		c, err := m.AuthenticateClient(ctx, "1234321", []byte("secret1"))
 		require.Error(t, err)
 		require.Nil(t, c)
 
-		c, err = m.Authenticate(ctx, "1234321", []byte("secret"))
+		c, err = m.AuthenticateClient(ctx, "1234321", []byte("secret"))
 		require.NoError(t, err)
 		assert.Equal(t, "1234321", c.GetID())
 	}

driver/config/provider.go

@@ -86,6 +86,7 @@ const (
 	KeyAdminURL                                  = "urls.self.admin"
 	KeyIssuerURL                                 = "urls.self.issuer"
 	KeyIdentityProviderAdminURL                  = "urls.identity_provider.url"
+	KeyIdentityProviderPublicURL                 = "urls.identity_provider.publicUrl"
 	KeyIdentityProviderHeaders                   = "urls.identity_provider.headers"
 	KeyAccessTokenStrategy                       = "strategies.access_token"
 	KeyJWTScopeClaimStrategy                     = "strategies.jwt.scope_claim"
@@ -415,6 +416,12 @@ func (p *DefaultProvider) KratosAdminURL(ctx context.Context) (*url.URL, bool) {
 
 	return u, u != nil
 }
+func (p *DefaultProvider) KratosPublicURL(ctx context.Context) (*url.URL, bool) {
+	u := p.getProvider(ctx).RequestURIF(KeyIdentityProviderPublicURL, nil)
+
+	return u, u != nil
+}
+
 func (p *DefaultProvider) KratosRequestHeader(ctx context.Context) http.Header {
 	hh := map[string]string{}
 	if err := p.getProvider(ctx).Unmarshal(KeyIdentityProviderHeaders, &hh); err != nil {

driver/factory.go

@@ -8,6 +8,7 @@ import (
 	"io/fs"
 
 	"github.com/ory/hydra/v2/driver/config"
+	"github.com/ory/hydra/v2/fositex"
 	"github.com/ory/x/configx"
 	"github.com/ory/x/logrusx"
 	"github.com/ory/x/otelx"
@@ -22,10 +23,11 @@ type (
 		opts     []configx.OptionModifier
 		config   *config.DefaultProvider
 		// The first default refers to determining the NID at startup; the second default referes to the fact that the Contextualizer may dynamically change the NID.
-		skipNetworkInit bool
-		tracerWrapper   TracerWrapper
-		extraMigrations []fs.FS
-		goMigrations    []popx.Migration
+		skipNetworkInit  bool
+		tracerWrapper    TracerWrapper
+		extraMigrations  []fs.FS
+		goMigrations     []popx.Migration
+		fositexFactories []fositex.Factory
 	}
 	OptionsModifier func(*options)
 
@@ -94,6 +96,12 @@ func WithGoMigrations(m ...popx.Migration) OptionsModifier {
 	}
 }
 
+func WithExtraFositeFactories(f ...fositex.Factory) OptionsModifier {
+	return func(o *options) {
+		o.fositexFactories = append(o.fositexFactories, f...)
+	}
+}
+
 func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifier) (Registry, error) {
 	o := newOptions()
 	for _, f := range opts {
@@ -132,6 +140,8 @@ func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifie
 		r.WithTracerWrapper(o.tracerWrapper)
 	}
 
+	r.WithExtraFositeFactories(o.fositexFactories)
+
 	if err = r.Init(ctx, o.skipNetworkInit, false, ctxter, o.extraMigrations, o.goMigrations); err != nil {
 		l.WithError(err).Error("Unable to initialize service registry.")
 		return nil, err

driver/registry.go

@@ -10,6 +10,7 @@ import (
 
 	"go.opentelemetry.io/otel/trace"
 
+	"github.com/ory/hydra/v2/fositex"
 	"github.com/ory/hydra/v2/internal/kratos"
 	"github.com/ory/x/httprouterx"
 	"github.com/ory/x/popx"
@@ -59,6 +60,9 @@ type Registry interface {
 	x.HTTPClientProvider
 	GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy
 
+	WithExtraFositeFactories(f []fositex.Factory) Registry
+	ExtraFositeFactories() []fositex.Factory
+
 	contextx.Provider
 	config.Provider
 	persistence.Provider

driver/registry_base.go

@@ -90,6 +90,7 @@ type RegistryBase struct {
 	fc              *fositex.Config
 	publicCORS      *cors.Cors
 	kratos          kratos.Client
+	fositeFactories []fositex.Factory
 }
 
 func (m *RegistryBase) GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy {
@@ -417,6 +418,16 @@ func (m *RegistryBase) OAuth2Config() *fositex.Config {
 	return m.fc
 }
 
+func (m *RegistryBase) ExtraFositeFactories() []fositex.Factory {
+	return m.fositeFactories
+}
+
+func (m *RegistryBase) WithExtraFositeFactories(f []fositex.Factory) Registry {
+	m.fositeFactories = f
+
+	return m.r
+}
+
 func (m *RegistryBase) OAuth2ProviderConfig() fosite.Configurator {
 	if m.oc != nil {
 		return m.oc

fositex/config.go

@@ -29,9 +29,10 @@ type configDependencies interface {
 	x.HTTPClientProvider
 	GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy
 	ClientHasher() fosite.Hasher
+	ExtraFositeFactories() []Factory
 }
 
-type factory func(config fosite.Configurator, storage interface{}, strategy interface{}) interface{}
+type Factory func(config fosite.Configurator, storage interface{}, strategy interface{}) interface{}
 
 type Config struct {
 	deps configDependencies
@@ -45,7 +46,7 @@ type Config struct {
 }
 
 var defaultResponseModeHandler = fosite.NewDefaultResponseModeHandler()
-var defaultFactories = []factory{
+var defaultFactories = []Factory{
 	compose.OAuth2AuthorizeExplicitFactory,
 	compose.OAuth2AuthorizeImplicitFactory,
 	compose.OAuth2ClientCredentialsGrantFactory,
@@ -70,7 +71,8 @@ func NewConfig(deps configDependencies) *Config {
 }
 
 func (c *Config) LoadDefaultHandlers(strategy interface{}) {
-	for _, factory := range defaultFactories {
+	factories := append(defaultFactories, c.deps.ExtraFositeFactories()...)
+	for _, factory := range factories {
 		res := factory(c, c.deps.Persister(), strategy)
 		if ah, ok := res.(fosite.AuthorizeEndpointHandler); ok {
 			c.authorizeEndpointHandlers.Append(ah)