Merge pull request #428 from magento-performance/cabpi-284-dynamic-co…

…nfig

CABPI-284: Make scope settings dynamic for each AdobeIms client

app/code/Magento/AdminAdobeIms/Model/ImsConnection.php

@@ -148,21 +148,26 @@ private function validateResponse(Curl $curl): void
     /**
      * Verify if access_token is valid
      *
-     * @param string $code
+     * @param string|null $token
      * @param string $tokenType
      * @return bool
      * @throws AuthorizationException
      */
-    public function validateToken(string $code, string $tokenType = 'access_token'): bool
+    public function validateToken(?string $token, string $tokenType = 'access_token'): bool
     {
         $isTokenValid = false;
+
+        if ($token === null) {
+            return false;
+        }
+
         $curl = $this->curlFactory->create();
 
         $curl->addHeader('Content-Type', 'application/x-www-form-urlencoded');
         $curl->addHeader('cache-control', 'no-cache');
 
         $curl->post(
-            $this->imsConfig->getValidateTokenUrl($code, $tokenType),
+            $this->imsConfig->getValidateTokenUrl($token, $tokenType),
             []
         );
 

app/code/Magento/AdminAdobeIms/Model/LogOut.php

@@ -15,7 +15,6 @@
 use Magento\Framework\Exception\AuthorizationException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\HTTP\Client\CurlFactory;
-use Magento\AdminAdobeIms\Model\ImsConnection;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -141,7 +140,6 @@ private function externalLogOut(string $accessToken): void
      *
      * @param string $accessToken
      * @return bool
-     * @throws AuthorizationException
      */
     private function checkUserProfile(string $accessToken): bool
     {

app/code/Magento/AdminAdobeIms/Service/ImsConfig.php

@@ -24,13 +24,15 @@ class ImsConfig extends Config
     public const XML_PATH_ORGANIZATION_ID = 'adobe_ims/integration/organization_id';
     public const XML_PATH_API_KEY = 'adobe_ims/integration/api_key';
     public const XML_PATH_PRIVATE_KEY = 'adobe_ims/integration/private_key';
-    public const XML_PATH_AUTH_URL_PATTERN = 'adobe_ims/integration/auth_url_pattern';
     public const XML_PATH_PROFILE_URL = 'adobe_ims/integration/profile_url';
     public const XML_PATH_NEW_ADMIN_EMAIL_TEMPLATE = 'adobe_ims/email/content_template';
     public const XML_PATH_VALIDATE_TOKEN_URL = 'adobe_ims/integration/validate_token_url';
     public const XML_PATH_LOGOUT_URL = 'adobe_ims/integration/logout_url';
     public const XML_PATH_CERTIFICATE_PATH = 'adobe_ims/integration/certificate_path';
 
+    public const XML_PATH_ADMIN_AUTH_URL_PATTERN = 'adobe_ims/integration/admin/auth_url_pattern';
+    public const XML_PATH_ADMIN_ADOBE_IMS_SCOPES = 'adobe_ims/integration/admin/scopes';
+
     private const OAUTH_CALLBACK_URL = 'adobe_ims_auth/oauth/';
 
     /**
@@ -239,9 +241,27 @@ public function getAdminAdobeImsAuthUrl(?string $clientId): string
         }
 
         return str_replace(
-            ['#{client_id}', '#{redirect_uri}', '#{locale}'],
-            [$clientId, $this->getAdminAdobeImsCallBackUrl(), $this->getLocale()],
-            $this->scopeConfig->getValue(self::XML_PATH_AUTH_URL_PATTERN)
+            ['#{client_id}', '#{redirect_uri}', '#{scope}', '#{locale}'],
+            [
+                $clientId,
+                $this->getAdminAdobeImsCallBackUrl(),
+                $this->getScopes(),
+                $this->getLocale()
+            ],
+            $this->scopeConfig->getValue(self::XML_PATH_ADMIN_AUTH_URL_PATTERN)
+        );
+    }
+
+    /**
+     * Get scopes for AdobeIms
+     *
+     * @return string
+     */
+    public function getScopes(): string
+    {
+        return implode(
+            ',',
+            $this->scopeConfig->getValue(self::XML_PATH_ADMIN_ADOBE_IMS_SCOPES)
         );
     }
 

app/code/Magento/AdminAdobeIms/etc/adminhtml/di.xml

@@ -54,10 +54,6 @@
         <plugin name="revoke_admin_access_token"
                 type="Magento\AdminAdobeIms\Plugin\RevokeAdminAccessTokenPlugin"/>
     </type>
-    <type name="Magento\AdobeImsApi\Api\Data\UserProfileInterface">
-        <plugin name="clear_adobe_user_id"
-                type="Magento\AdminAdobeIms\Plugin\ClearAdobeUserIdPlugin"/>
-    </type>
     <type name="Magento\Security\Model\AdminSessionsManager">
         <plugin name="keep_other_user_sessions"
                 type="Magento\AdminAdobeIms\Plugin\OtherUserSessionPlugin"/>

app/code/Magento/AdminAdobeIms/etc/config.xml

@@ -9,6 +9,14 @@
     <default>
         <adobe_ims>
             <integration>
+                <admin>
+                    <auth_url_pattern><![CDATA[https://ims-na1-stg1.adobelogin.com/ims/authorize/v2?client_id=#{client_id}&redirect_uri=#{redirect_uri}&locale=#{locale}&scope=#{scope}&response_type=code]]></auth_url_pattern>
+                    <scopes>
+                        <openid>openid</openid>
+                        <AdobeID>AdobeID</AdobeID>
+                        <additional_info.roles>additional_info.roles</additional_info.roles>
+                    </scopes>
+                </admin>
                 <enabled>0</enabled>
                 <logging_enabled>0</logging_enabled>
                 <organization_id backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>