From d9740427eb4bfa3fa04f35ea33f9a078ec6f88ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcell=20F=C3=BCl=C3=B6p?= <marekful@protonmail.com>
Date: Thu, 9 Feb 2023 12:47:10 +0000
Subject: [PATCH] :adhesive_bandage: Allow Keycloak authentication to pass 'IdP
 Hint'

* add App Config option for 'IdP Hint' under Keycloak Authentication
* refactor the authentication trigger mechanism to allow direct call
  to keyjclaok-js adapter login() function
* remove `onLoad` from construction options (as it belongs to init())
---
 src/utils/ConfigSchema.json |  5 +++++
 src/utils/KeycloakAuth.js   | 12 ++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/utils/ConfigSchema.json b/src/utils/ConfigSchema.json
index bce7ddfe..a0994ae2 100644
--- a/src/utils/ConfigSchema.json
+++ b/src/utils/ConfigSchema.json
@@ -481,6 +481,11 @@
                   "type": "string",
                   "description": "The Client ID of the client you created for use with Dashy"
                 },
+                "idpHint": {
+                  "title" : "IdP hint",
+                  "type": "string",
+                  "description": "Set to the 'Alias' of an existing Identity Provider in the specified realm to skip the Keycloak login page and redirect straight to the external IdP for authentication"
+                },
                 "legacySupport": {
                   "title": "Legacy Support",
                   "type": "boolean",
diff --git a/src/utils/KeycloakAuth.js b/src/utils/KeycloakAuth.js
index 3903c780..05b6f7a6 100644
--- a/src/utils/KeycloakAuth.js
+++ b/src/utils/KeycloakAuth.js
@@ -13,25 +13,25 @@ class KeycloakAuth {
   constructor() {
     const { auth } = getAppConfig();
     const {
-      serverUrl, realm, clientId, legacySupport,
+      serverUrl, realm, clientId, idpHint, legacySupport,
     } = auth.keycloak;
     const url = legacySupport ? `${serverUrl}/auth` : serverUrl;
-    const initOptions = {
-      url, realm, clientId, onLoad: 'login-required',
-    };
+    const initOptions = { url, realm, clientId };
+    const loginOptions = idpHint ? { idpHint } : {};
 
+    this.loginOptions = loginOptions;
     this.keycloakClient = Keycloak(initOptions);
   }
 
   login() {
     return new Promise((resolve, reject) => {
-      this.keycloakClient.init({ onLoad: 'login-required' })
+      this.keycloakClient.init({ onLoad: 'check-sso' })
         .then((auth) => {
           if (auth) {
             this.storeKeycloakInfo();
             return resolve();
           } else {
-            return reject(new Error('Not authenticated'));
+            return this.keycloakClient.login(this.loginOptions);
           }
         })
         .catch((reason) => reject(reason));