feat: more extension points (#4272)

This adds more extension points to the Kratos registry.

---------

Co-authored-by: Patrik <[email protected]>

codecov.yml

@@ -10,3 +10,4 @@ ignore:
   - "internal"
   - "docs"
   - "contrib"
+  - "selfservice/strategy/oidc/provider_netid.go" # No way to test this provider automatically

driver/registry.go

@@ -185,6 +185,7 @@ type options struct {
 	extraGoMigrations             popx.Migrations
 	replacementStrategies         []NewStrategy
 	extraHooks                    map[string]func(config.SelfServiceHook) any
+	extraHandlers                 []NewHandlerRegistrar
 	disableMigrationLogging       bool
 	jsonnetPool                   jsonnetsecure.Pool
 }
@@ -236,6 +237,14 @@ func WithExtraHooks(hooks map[string]func(config.SelfServiceHook) any) RegistryO
 	}
 }
 
+type NewHandlerRegistrar func(deps any) x.HandlerRegistrar
+
+func WithExtraHandlers(handlers ...NewHandlerRegistrar) RegistryOption {
+	return func(o *options) {
+		o.extraHandlers = handlers
+	}
+}
+
 func Inspect(f func(reg Registry) error) RegistryOption {
 	return func(o *options) {
 		o.inspect = f

driver/registry_default.go

@@ -78,6 +78,8 @@ type RegistryDefault struct {
 	ctxer contextx.Contextualizer
 
 	injectedSelfserviceHooks map[string]func(config.SelfServiceHook) interface{}
+	extraHandlerFactories    []NewHandlerRegistrar
+	extraHandlers            []x.HandlerRegistrar
 
 	nosurf         nosurf.Handler
 	trc            *otelx.Tracer
@@ -175,6 +177,9 @@ func (m *RegistryDefault) Audit() *logrusx.Logger {
 }
 
 func (m *RegistryDefault) RegisterPublicRoutes(ctx context.Context, router *x.RouterPublic) {
+	for _, h := range m.ExtraHandlers() {
+		h.RegisterPublicRoutes(router)
+	}
 	m.LoginHandler().RegisterPublicRoutes(router)
 	m.RegistrationHandler().RegisterPublicRoutes(router)
 	m.LogoutHandler().RegisterPublicRoutes(router)
@@ -198,6 +203,9 @@ func (m *RegistryDefault) RegisterPublicRoutes(ctx context.Context, router *x.Ro
 }
 
 func (m *RegistryDefault) RegisterAdminRoutes(ctx context.Context, router *x.RouterAdmin) {
+	for _, h := range m.ExtraHandlers() {
+		h.RegisterAdminRoutes(router)
+	}
 	m.RegistrationHandler().RegisterAdminRoutes(router)
 	m.LoginHandler().RegisterAdminRoutes(router)
 	m.LogoutHandler().RegisterAdminRoutes(router)
@@ -640,6 +648,9 @@ func (m *RegistryDefault) Init(ctx context.Context, ctxer contextx.Contextualize
 	if o.extraHooks != nil {
 		m.WithHooks(o.extraHooks)
 	}
+	if o.extraHandlers != nil {
+		m.WithExtraHandlers(o.extraHandlers)
+	}
 
 	if o.replaceIdentitySchemaProvider != nil {
 		m.identitySchemaProvider = o.replaceIdentitySchemaProvider(m)
@@ -904,3 +915,12 @@ func (m *RegistryDefault) SessionTokenizer() *session.Tokenizer {
 	}
 	return m.sessionTokenizer
 }
+
+func (m *RegistryDefault) ExtraHandlers() []x.HandlerRegistrar {
+	if m.extraHandlers == nil {
+		for _, newHandler := range m.extraHandlerFactories {
+			m.extraHandlers = append(m.extraHandlers, newHandler(m))
+		}
+	}
+	return m.extraHandlers
+}

driver/registry_default_hooks.go

@@ -60,6 +60,9 @@ func (m *RegistryDefault) HookTwoStepRegistration() *hook.TwoStepRegistration {
 func (m *RegistryDefault) WithHooks(hooks map[string]func(config.SelfServiceHook) interface{}) {
 	m.injectedSelfserviceHooks = hooks
 }
+func (m *RegistryDefault) WithExtraHandlers(handlers []NewHandlerRegistrar) {
+	m.extraHandlerFactories = handlers
+}
 
 func (m *RegistryDefault) getHooks(credentialsType string, configs []config.SelfServiceHook) (i []interface{}) {
 	var addSessionIssuer bool

embedx/config.schema.json

@@ -460,7 +460,8 @@
             "linkedin",
             "linkedin_v2",
             "lark",
-            "x"
+            "x",
+            "fedcm-test"
           ],
           "examples": ["google"]
         },
@@ -578,6 +579,19 @@
           "type": "string",
           "enum": ["auto", "never", "force"],
           "default": "auto"
+        },
+        "fedcm_config_url": {
+          "title": "Federation Configuration URL",
+          "description": "The URL where the FedCM IdP configuration is located for the provider. This is only effective in the Ory Network.",
+          "type": "string",
+          "format": "uri",
+          "examples": ["https://example.com/config.json"]
+        },
+        "net_id_token_origin_header": {
+          "title": "NetID Token Origin Header",
+          "description": "Contains the orgin header to be used when exchanging a NetID FedCM token for an ID token",
+          "type": "string",
+          "examples": ["https://example.com"]
         }
       },
       "additionalProperties": false,

internal/client-go/.openapi-generator/FILES

@@ -24,6 +24,7 @@ docs/ContinueWithVerificationUiFlow.md
 docs/CourierAPI.md
 docs/CourierMessageStatus.md
 docs/CourierMessageType.md
+docs/CreateFedcmFlowResponse.md
 docs/CreateIdentityBody.md
 docs/CreateRecoveryCodeForIdentityBody.md
 docs/CreateRecoveryLinkForIdentityBody.md
@@ -70,6 +71,7 @@ docs/OAuth2ConsentRequestOpenIDConnectContext.md
 docs/OAuth2LoginRequest.md
 docs/PatchIdentitiesBody.md
 docs/PerformNativeLogoutBody.md
+docs/Provider.md
 docs/RecoveryCodeForIdentity.md
 docs/RecoveryFlow.md
 docs/RecoveryFlowState.md
@@ -98,6 +100,7 @@ docs/UiNodeMeta.md
 docs/UiNodeScriptAttributes.md
 docs/UiNodeTextAttributes.md
 docs/UiText.md
+docs/UpdateFedcmFlowBody.md
 docs/UpdateIdentityBody.md
 docs/UpdateLoginFlowBody.md
 docs/UpdateLoginFlowWithCodeMethod.md
@@ -150,6 +153,7 @@ model_continue_with_verification_ui.go
 model_continue_with_verification_ui_flow.go
 model_courier_message_status.go
 model_courier_message_type.go
+model_create_fedcm_flow_response.go
 model_create_identity_body.go
 model_create_recovery_code_for_identity_body.go
 model_create_recovery_link_for_identity_body.go
@@ -193,6 +197,7 @@ model_o_auth2_consent_request_open_id_connect_context.go
 model_o_auth2_login_request.go
 model_patch_identities_body.go
 model_perform_native_logout_body.go
+model_provider.go
 model_recovery_code_for_identity.go
 model_recovery_flow.go
 model_recovery_flow_state.go
@@ -221,6 +226,7 @@ model_ui_node_meta.go
 model_ui_node_script_attributes.go
 model_ui_node_text_attributes.go
 model_ui_text.go
+model_update_fedcm_flow_body.go
 model_update_identity_body.go
 model_update_login_flow_body.go
 model_update_login_flow_with_code_method.go

internal/client-go/README.md

@@ -87,6 +87,7 @@ Class | Method | HTTP request | Description
 *FrontendAPI* | [**CreateBrowserRegistrationFlow**](docs/FrontendAPI.md#createbrowserregistrationflow) | **Get** /self-service/registration/browser | Create Registration Flow for Browsers
 *FrontendAPI* | [**CreateBrowserSettingsFlow**](docs/FrontendAPI.md#createbrowsersettingsflow) | **Get** /self-service/settings/browser | Create Settings Flow for Browsers
 *FrontendAPI* | [**CreateBrowserVerificationFlow**](docs/FrontendAPI.md#createbrowserverificationflow) | **Get** /self-service/verification/browser | Create Verification Flow for Browser Clients
+*FrontendAPI* | [**CreateFedcmFlow**](docs/FrontendAPI.md#createfedcmflow) | **Get** /self-service/fed-cm/parameters | Get FedCM Parameters
 *FrontendAPI* | [**CreateNativeLoginFlow**](docs/FrontendAPI.md#createnativeloginflow) | **Get** /self-service/login/api | Create Login Flow for Native Apps
 *FrontendAPI* | [**CreateNativeRecoveryFlow**](docs/FrontendAPI.md#createnativerecoveryflow) | **Get** /self-service/recovery/api | Create Recovery Flow for Native Apps
 *FrontendAPI* | [**CreateNativeRegistrationFlow**](docs/FrontendAPI.md#createnativeregistrationflow) | **Get** /self-service/registration/api | Create Registration Flow for Native Apps
@@ -105,6 +106,7 @@ Class | Method | HTTP request | Description
 *FrontendAPI* | [**ListMySessions**](docs/FrontendAPI.md#listmysessions) | **Get** /sessions | Get My Active Sessions
 *FrontendAPI* | [**PerformNativeLogout**](docs/FrontendAPI.md#performnativelogout) | **Delete** /self-service/logout/api | Perform Logout for Native Apps
 *FrontendAPI* | [**ToSession**](docs/FrontendAPI.md#tosession) | **Get** /sessions/whoami | Check Who the Current HTTP Session Belongs To
+*FrontendAPI* | [**UpdateFedcmFlow**](docs/FrontendAPI.md#updatefedcmflow) | **Post** /self-service/fed-cm/token | Submit a FedCM token
 *FrontendAPI* | [**UpdateLoginFlow**](docs/FrontendAPI.md#updateloginflow) | **Post** /self-service/login | Submit a Login Flow
 *FrontendAPI* | [**UpdateLogoutFlow**](docs/FrontendAPI.md#updatelogoutflow) | **Get** /self-service/logout | Update Logout Flow
 *FrontendAPI* | [**UpdateRecoveryFlow**](docs/FrontendAPI.md#updaterecoveryflow) | **Post** /self-service/recovery | Update Recovery Flow
@@ -150,6 +152,7 @@ Class | Method | HTTP request | Description
  - [ContinueWithVerificationUiFlow](docs/ContinueWithVerificationUiFlow.md)
  - [CourierMessageStatus](docs/CourierMessageStatus.md)
  - [CourierMessageType](docs/CourierMessageType.md)
+ - [CreateFedcmFlowResponse](docs/CreateFedcmFlowResponse.md)
  - [CreateIdentityBody](docs/CreateIdentityBody.md)
  - [CreateRecoveryCodeForIdentityBody](docs/CreateRecoveryCodeForIdentityBody.md)
  - [CreateRecoveryLinkForIdentityBody](docs/CreateRecoveryLinkForIdentityBody.md)
@@ -193,6 +196,7 @@ Class | Method | HTTP request | Description
  - [OAuth2LoginRequest](docs/OAuth2LoginRequest.md)
  - [PatchIdentitiesBody](docs/PatchIdentitiesBody.md)
  - [PerformNativeLogoutBody](docs/PerformNativeLogoutBody.md)
+ - [Provider](docs/Provider.md)
  - [RecoveryCodeForIdentity](docs/RecoveryCodeForIdentity.md)
  - [RecoveryFlow](docs/RecoveryFlow.md)
  - [RecoveryFlowState](docs/RecoveryFlowState.md)
@@ -221,6 +225,7 @@ Class | Method | HTTP request | Description
  - [UiNodeScriptAttributes](docs/UiNodeScriptAttributes.md)
  - [UiNodeTextAttributes](docs/UiNodeTextAttributes.md)
  - [UiText](docs/UiText.md)
+ - [UpdateFedcmFlowBody](docs/UpdateFedcmFlowBody.md)
  - [UpdateIdentityBody](docs/UpdateIdentityBody.md)
  - [UpdateLoginFlowBody](docs/UpdateLoginFlowBody.md)
  - [UpdateLoginFlowWithCodeMethod](docs/UpdateLoginFlowWithCodeMethod.md)