From bedf63722d526017e54d6f06e1bc8b3f0a6ef198 Mon Sep 17 00:00:00 2001
From: Matthieu Lamalle <mlamalle@cadoles.com>
Date: Mon, 27 Mar 2023 10:06:35 +0200
Subject: [PATCH] ajout webhook dispatcher

---
 defaults/main.yml                      | 19 ++++++++++++++++++-
 templates/hydra-client.json.j2         |  4 ++--
 templates/hydra-dispatcher-apps.yml.j2 | 10 ++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 893d9b4..4324a05 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -75,6 +75,23 @@ hydra_dispatcher_sentry_dsn:
 hydra_dispatcher_sentry_environment:
 hydra_dispatcher_mounts: []
 hydra_dispatcher_disable_app_auto_select: true
+enable_hydra_dispatcher_webhook: no
+hydra_dispatcher_webhook_api_url:
+hydra_dispatcher_webhook_api_key: YouNeedToChangeMe
+hydra_dispatcher_webhook_rules:
+    email:
+      required: false
+      pattern:
+    family_name:
+      required: false
+    given_name:
+      required: false
+    birthdate:
+      required: false
+    birthplace:
+      required: false
+    birthcountry:
+      required: false
 
 # Hydra Passwordless configuration
 
@@ -203,7 +220,7 @@ hydra_oidc_token_endpoint:
 hydra_oidc_userinfo_endpoint:
 hydra_oidc_logout_endpoint:
 hydra_oidc_post_logout_redirect_url:
-hydra_oidc_scope: openid email
+hydra_oidc_scope: openid email webhook
 hydra_oidc_client_id:
 hydra_oidc_client_secret:
 hydra_oidc_additionnal_env: {}
diff --git a/templates/hydra-client.json.j2 b/templates/hydra-client.json.j2
index b9978ca..a051f51 100644
--- a/templates/hydra-client.json.j2
+++ b/templates/hydra-client.json.j2
@@ -9,6 +9,6 @@
 	"redirect_uris": {{ item.redirect_uris | default([]) | to_json }},
 	"response_types": {{ item.response_types | default(["code"]) | to_json }},
 	"logo_uri": {{ item.logo_uri | default("") | to_json }},
-	"scope": {{ item.scope | default("openid profile email roles") | to_json }},
+	"scope": {{ item.scope | default("openid profile email") | to_json }},
 	"token_endpoint_auth_method": {{ item.token_endpoint_auth_method | default("client_secret_post") | to_json }}
-}
\ No newline at end of file
+}
diff --git a/templates/hydra-dispatcher-apps.yml.j2 b/templates/hydra-dispatcher-apps.yml.j2
index 8beef0c..a391651 100644
--- a/templates/hydra-dispatcher-apps.yml.j2
+++ b/templates/hydra-dispatcher-apps.yml.j2
@@ -61,3 +61,13 @@ hydra:
       attributes_rewrite_rules: {{ hydra_ldap_attributes_rewrite_rules | to_json }}
       icon_url: "{{ hydra_ldap_app_icon_url }}"
 {% endif %}
+{% if enable_hydra_dispatcher_webhook %}
+  webhook:
+    enabled: true
+    api_url: {{hydra_dispatcher_webhook_api_url}}
+    api_key: {{hydra_dispatcher_webhook_api_key}}
+    api_method: POST
+  firewall:
+    additional_properties: true
+    rules: {{ hydra_dispatcher_webhook_rules | to_json }}
+{% endif %}