Add custom parameters to authorize and logout endpoints

docs/configuration/README.md

@@ -21,7 +21,7 @@ which will also help discovering your settings
 
 From 1.5 and onward the well known configuration location may be used to
 populate the configuration simplifying the configuration greatly.
-The switch between modes is controled by the `serverConfiguration` field
+The switch between modes is controlled by the `serverConfiguration` field
 
 | field                | format  | description                                                                                                                                          |
 |----------------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -103,6 +103,16 @@ They are called claims in OpenID Connect terminology.
 | emailFieldName    | jmes path | claim to use for populating user email      |
 | groupsFieldName   | jmes path | groups the user belongs to                  |
 
+## Custom Query Parameters For Login and Logout Endpoints
+
+Optional list of key / value query parameter pairs which will be appended 
+when calling the login resp. the logout endpoint.
+
+| field           | format | description                                                        |
+|-----------------|--------|--------------------------------------------------------------------|
+| queryParamName  | string | Name of the query parameter.                                       |
+| queryParamValue | string | Value of the query parameter. If empty, only the key will be sent. |
+
 
 ## JCasC configuration reference
 
@@ -142,6 +152,12 @@ jenkins:
       rootURLFromRequest: <boolean>
       sendScopesInTokenRequest: <boolean>
       postLogoutRedirectUrl: <url>
+      loginQueryParamNameValuePairs:
+        - queryParamName: <string>
+          queryParamValue: <string>
+      logoutQueryParamNameValuePairs:
+        - queryParamName: <string>
+          queryParamValue: <string>
       # Security
       allowTokenAccessWithoutOicSession: <boolean>
       allowedTokenExpirationClockSkewSeconds: <integer>
@@ -154,7 +170,7 @@ jenkins:
       tokenExpirationCheckDisabled: <boolean>
       # escape hatch
       escapeHatchEnabled: <boolean>
-      escapeHatchUsername: escapeHatchUsername
+      escapeHatchUsername: <string>
       escapeHatchSecret: <string:secret>
       escapeHatchGroup: <string>
 ```

src/main/java/org/jenkinsci/plugins/oic/OicQueryParameterConfiguration.java

@@ -0,0 +1,84 @@
+package org.jenkinsci.plugins.oic;
+
+import hudson.Extension;
+import hudson.Util;
+import hudson.model.AbstractDescribableImpl;
+import hudson.model.Descriptor;
+import hudson.util.FormValidation;
+import java.io.Serializable;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import jenkins.model.Jenkins;
+import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
+import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.verb.POST;
+import org.springframework.lang.NonNull;
+
+public class OicQueryParameterConfiguration extends AbstractDescribableImpl<OicQueryParameterConfiguration>
+        implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private String paramName;
+    private String paramValue;
+
+    @DataBoundConstructor
+    public OicQueryParameterConfiguration() {}
+
+    public OicQueryParameterConfiguration(@NonNull String paramName, @NonNull String paramValue) {
+        if (Util.fixEmptyAndTrim(paramName) == null) {
+            throw new IllegalStateException("Parameter name '" + paramName + "' must not be null or empty.");
+        }
+        setQueryParamName(paramName.trim());
+        setQueryParamValue(paramValue.trim());
+    }
+
+    @DataBoundSetter
+    public void setQueryParamName(String paramName) {
+        this.paramName = paramName;
+    }
+
+    @DataBoundSetter
+    public void setQueryParamValue(String paramValue) {
+        this.paramValue = paramValue;
+    }
+
+    public String getQueryParamName() {
+        return paramName;
+    }
+
+    public String getQueryParamValue() {
+        return paramValue;
+    }
+
+    public String getQueryParamNameDecoded() {
+        return paramName != null
+                ? URLEncoder.encode(paramName, StandardCharsets.UTF_8).trim()
+                : null;
+    }
+
+    public String getQueryParamValueDecoded() {
+        return paramValue != null
+                ? URLEncoder.encode(paramValue, StandardCharsets.UTF_8).trim()
+                : null;
+    }
+
+    @Extension
+    public static final class DescriptorImpl extends Descriptor<OicQueryParameterConfiguration> {
+        @NonNull
+        @Override
+        public String getDisplayName() {
+            return "Query Parameter Configuration";
+        }
+
+        @POST
+        public FormValidation doCheckQueryParamName(@QueryParameter String queryParamName) {
+            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+            if (Util.fixEmptyAndTrim(queryParamName) == null) {
+                return FormValidation.error(Messages.OicQueryParameterConfiguration_QueryParameterNameRequired());
+            }
+            return FormValidation.ok();
+        }
+    }
+}