Add Apple OAuth2 provider.

+{
+  "providerId": "Apple",
+  "additionalInfo": null,
+  "accessTokenUri": "https://appleid.apple.com/auth/token",
+  "authorizationUri": "https://appleid.apple.com/auth/authorize?response_mode=form_post",
+  "scope": ["email","openid","name"],
+  "jwkSetUri": "https://appleid.apple.com/auth/keys",
+  "userInfoUri": null,
+  "clientAuthenticationMethod": "POST",
+  "userNameAttributeName": "email",
+  "mapperConfig": {
+    "type": "APPLE",
+    "basic": {
+      "emailAttributeKey": "email",
+      "firstNameAttributeKey": "firstName",
+      "lastNameAttributeKey": "lastName",
+      "tenantNameStrategy": "DOMAIN"
+    }
+  },
+  "comment": null,
+  "loginButtonIcon": "apple-logo",
+  "loginButtonLabel": "Apple",
+  "helpLink": "https://developer.apple.com/sign-in-with-apple/get-started/"
+}

@@ -92,7 +92,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration (
     created_time bigint NOT NULL,
     created_time bigint NOT NULL,
     additional_info varchar,
     additional_info varchar,
     client_id varchar(255),
     client_id varchar(255),
-    client_secret varchar(255),
+    client_secret varchar(2048),
     authorization_uri varchar(255),
     authorization_uri varchar(255),
     token_uri varchar(255),
     token_uri varchar(255),
     scope varchar(255),
     scope varchar(255),

+/**
+ * Copyright © 2016-2021 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.auth.oauth2;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
+import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+import org.thingsboard.common.util.JacksonUtil;
+import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
+import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
+import org.thingsboard.server.dao.oauth2.OAuth2User;
+import org.thingsboard.server.service.security.model.SecurityUser;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.Map;
+
+@Service(value = "appleOAuth2ClientMapper")
+@Slf4j
+public class AppleOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
+
+    private static final String USER = "user";
+    private static final String NAME = "name";
+    private static final String FIRST_NAME = "firstName";
+    private static final String LAST_NAME = "lastName";
+    private static final String EMAIL = "email";
+
+    @Override
+    public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
+        OAuth2MapperConfig config = registration.getMapperConfig();
+        Map<String, Object> attributes = updateAttributesFromRequestParams(request, token.getPrincipal().getAttributes());
+        String email = BasicMapperUtils.getStringAttributeByKey(attributes, config.getBasic().getEmailAttributeKey());
+        OAuth2User oauth2User = BasicMapperUtils.getOAuth2User(email, attributes, config);
+
+        return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration);
+    }
+
+    private static Map<String, Object> updateAttributesFromRequestParams(HttpServletRequest request, Map<String, Object> attributes) {
+        Map<String, Object> updated = attributes;
+        MultiValueMap<String, String> params = toMultiMap(request.getParameterMap());
+        String userValue = params.getFirst(USER);
+        if (StringUtils.hasText(userValue)) {
+            JsonNode user = null;
+            try {
+                user = JacksonUtil.toJsonNode(userValue);
+            } catch (Exception e) {}
+            if (user != null) {
+                updated = new HashMap<>(attributes);
+                if (user.has(NAME)) {
+                    JsonNode name = user.get(NAME);
+                    if (name.isObject()) {
+                        JsonNode firstName = name.get(FIRST_NAME);
+                        if (firstName != null && firstName.isTextual()) {
+                            updated.put(FIRST_NAME, firstName.asText());
+                        }
+                        JsonNode lastName = name.get(LAST_NAME);
+                        if (lastName != null && lastName.isTextual()) {
+                            updated.put(LAST_NAME, lastName.asText());
+                        }
+                    }
+                }
+                if (user.has(EMAIL)) {
+                    JsonNode email = user.get(EMAIL);
+                    if (email != null && email.isTextual()) {
+                        updated.put(EMAIL, email.asText());
+                    }
+                }
+            }
+        }
+        return updated;
+    }
+
+    private static MultiValueMap<String, String> toMultiMap(Map<String, String[]> map) {
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>(map.size());
+        map.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    params.add(key, value);
+                }
+            }
+        });
+        return params;
+    }
+}

@@ -23,6 +23,7 @@ import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 import java.util.Map;
 
 
 @Service(value = "basicOAuth2ClientMapper")
 @Service(value = "basicOAuth2ClientMapper")
@@ -30,7 +31,7 @@ import java.util.Map;
 public class BasicOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
 public class BasicOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
 
 
     @Override
     @Override
-    public SecurityUser getOrCreateUserByClientPrincipal(OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
+    public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
         OAuth2MapperConfig config = registration.getMapperConfig();
         OAuth2MapperConfig config = registration.getMapperConfig();
         Map<String, Object> attributes = token.getPrincipal().getAttributes();
         Map<String, Object> attributes = token.getPrincipal().getAttributes();
         String email = BasicMapperUtils.getStringAttributeByKey(attributes, config.getBasic().getEmailAttributeKey());
         String email = BasicMapperUtils.getStringAttributeByKey(attributes, config.getBasic().getEmailAttributeKey());

@@ -29,6 +29,8 @@ import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 
+import javax.servlet.http.HttpServletRequest;
+
 @Service(value = "customOAuth2ClientMapper")
 @Service(value = "customOAuth2ClientMapper")
 @Slf4j
 @Slf4j
 public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
 public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
@@ -39,7 +41,7 @@ public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper impleme
     private RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder();
     private RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder();
 
 
     @Override
     @Override
-    public SecurityUser getOrCreateUserByClientPrincipal(OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
+    public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
         OAuth2MapperConfig config = registration.getMapperConfig();
         OAuth2MapperConfig config = registration.getMapperConfig();
         OAuth2User oauth2User = getOAuth2User(token, providerAccessToken, config.getCustom());
         OAuth2User oauth2User = getOAuth2User(token, providerAccessToken, config.getCustom());
         return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration);
         return getOrCreateSecurityUserFromOAuth2User(oauth2User, registration);

@@ -29,6 +29,7 @@ import org.thingsboard.server.dao.oauth2.OAuth2Configuration;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.dao.oauth2.OAuth2User;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.ArrayList;
 import java.util.Map;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Optional;
@@ -46,7 +47,7 @@ public class GithubOAuth2ClientMapper extends AbstractOAuth2ClientMapper impleme
     private OAuth2Configuration oAuth2Configuration;
     private OAuth2Configuration oAuth2Configuration;
 
 
     @Override
     @Override
-    public SecurityUser getOrCreateUserByClientPrincipal(OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
+    public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration) {
         OAuth2MapperConfig config = registration.getMapperConfig();
         OAuth2MapperConfig config = registration.getMapperConfig();
         Map<String, String> githubMapperConfig = oAuth2Configuration.getGithubMapper();
         Map<String, String> githubMapperConfig = oAuth2Configuration.getGithubMapper();
         String email = getEmail(githubMapperConfig.get(EMAIL_URL_KEY), providerAccessToken);
         String email = getEmail(githubMapperConfig.get(EMAIL_URL_KEY), providerAccessToken);

@@ -20,6 +20,8 @@ import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
 import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientRegistrationInfo;
 import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientRegistrationInfo;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.SecurityUser;
 
 
+import javax.servlet.http.HttpServletRequest;
+
 public interface OAuth2ClientMapper {
 public interface OAuth2ClientMapper {
-    SecurityUser getOrCreateUserByClientPrincipal(OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration);
+    SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest request, OAuth2AuthenticationToken token, String providerAccessToken, OAuth2Registration registration);
 }
 }

@@ -37,6 +37,10 @@ public class OAuth2ClientMapperProvider {
     @Qualifier("githubOAuth2ClientMapper")
     @Qualifier("githubOAuth2ClientMapper")
     private OAuth2ClientMapper githubOAuth2ClientMapper;
     private OAuth2ClientMapper githubOAuth2ClientMapper;
 
 
+    @Autowired
+    @Qualifier("appleOAuth2ClientMapper")
+    private OAuth2ClientMapper appleOAuth2ClientMapper;
+
     public OAuth2ClientMapper getOAuth2ClientMapperByType(MapperType oauth2MapperType) {
     public OAuth2ClientMapper getOAuth2ClientMapperByType(MapperType oauth2MapperType) {
         switch (oauth2MapperType) {
         switch (oauth2MapperType) {
             case CUSTOM:
             case CUSTOM:
@@ -45,6 +49,8 @@ public class OAuth2ClientMapperProvider {
                 return basicOAuth2ClientMapper;
                 return basicOAuth2ClientMapper;
             case GITHUB:
             case GITHUB:
                 return githubOAuth2ClientMapper;
                 return githubOAuth2ClientMapper;
+            case APPLE:
+                return appleOAuth2ClientMapper;
             default:
             default:
                 throw new RuntimeException("OAuth2ClientRegistrationMapper with type " + oauth2MapperType + " is not supported!");
                 throw new RuntimeException("OAuth2ClientRegistrationMapper with type " + oauth2MapperType + " is not supported!");
         }
         }

@@ -36,7 +36,6 @@ import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.nio.charset.StandardCharsets;
 
 
 @Component(value = "oauth2AuthenticationFailureHandler")
 @Component(value = "oauth2AuthenticationFailureHandler")
-@ConditionalOnProperty(prefix = "security.oauth2", value = "enabled", havingValue = "true")
 public class Oauth2AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 public class Oauth2AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 
 
     private final HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
     private final HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;

@@ -90,7 +90,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
                     token.getAuthorizedClientRegistrationId(),
                     token.getAuthorizedClientRegistrationId(),
                     token.getPrincipal().getName());
                     token.getPrincipal().getName());
             OAuth2ClientMapper mapper = oauth2ClientMapperProvider.getOAuth2ClientMapperByType(registration.getMapperConfig().getType());
             OAuth2ClientMapper mapper = oauth2ClientMapperProvider.getOAuth2ClientMapperByType(registration.getMapperConfig().getType());
-            SecurityUser securityUser = mapper.getOrCreateUserByClientPrincipal(token, oAuth2AuthorizedClient.getAccessToken().getTokenValue(),
+            SecurityUser securityUser = mapper.getOrCreateUserByClientPrincipal(request, token, oAuth2AuthorizedClient.getAccessToken().getTokenValue(),
                     registration);
                     registration);
 
 
             JwtToken accessToken = tokenFactory.createAccessJwtToken(securityUser);
             JwtToken accessToken = tokenFactory.createAccessJwtToken(securityUser);

@@ -16,5 +16,5 @@
 package org.thingsboard.server.common.data.oauth2;
 package org.thingsboard.server.common.data.oauth2;
 
 
 public enum MapperType {
 public enum MapperType {
-    BASIC, CUSTOM, GITHUB;
+    BASIC, CUSTOM, GITHUB, APPLE;
 }
 }

@@ -178,7 +178,7 @@ public class OAuth2RegistrationEntity extends BaseSqlEntity<OAuth2Registration>
                         .activateUser(activateUser)
                         .activateUser(activateUser)
                         .type(type)
                         .type(type)
                         .basic(
                         .basic(
-                                (type == MapperType.BASIC || type == MapperType.GITHUB) ?
+                                (type == MapperType.BASIC || type == MapperType.GITHUB || type == MapperType.APPLE) ?
                                         OAuth2BasicMapperConfig.builder()
                                         OAuth2BasicMapperConfig.builder()
                                                 .emailAttributeKey(emailAttributeKey)
                                                 .emailAttributeKey(emailAttributeKey)
                                                 .firstNameAttributeKey(firstNameAttributeKey)
                                                 .firstNameAttributeKey(firstNameAttributeKey)

@@ -377,9 +377,6 @@ public class OAuth2ServiceImpl extends AbstractEntityService implements OAuth2Se
                 if (StringUtils.isEmpty(clientRegistration.getScope())) {
                 if (StringUtils.isEmpty(clientRegistration.getScope())) {
                     throw new DataValidationException("Scope should be specified!");
                     throw new DataValidationException("Scope should be specified!");
                 }
                 }
-                if (StringUtils.isEmpty(clientRegistration.getUserInfoUri())) {
-                    throw new DataValidationException("User info uri should be specified!");
-                }
                 if (StringUtils.isEmpty(clientRegistration.getUserNameAttributeName())) {
                 if (StringUtils.isEmpty(clientRegistration.getUserNameAttributeName())) {
                     throw new DataValidationException("User name attribute name should be specified!");
                     throw new DataValidationException("User name attribute name should be specified!");
                 }
                 }

@@ -387,7 +387,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration (
     created_time bigint NOT NULL,
     created_time bigint NOT NULL,
     additional_info varchar,
     additional_info varchar,
     client_id varchar(255),
     client_id varchar(255),
-    client_secret varchar(255),
+    client_secret varchar(2048),
     authorization_uri varchar(255),
     authorization_uri varchar(255),
     token_uri varchar(255),
     token_uri varchar(255),
     scope varchar(255),
     scope varchar(255),

@@ -424,7 +424,7 @@ CREATE TABLE IF NOT EXISTS oauth2_registration (
     created_time bigint NOT NULL,
     created_time bigint NOT NULL,
     additional_info varchar,
     additional_info varchar,
     client_id varchar(255),
     client_id varchar(255),
-    client_secret varchar(255),
+    client_secret varchar(2048),
     authorization_uri varchar(255),
     authorization_uri varchar(255),
     token_uri varchar(255),
     token_uri varchar(255),
     scope varchar(255),
     scope varchar(255),

@@ -89,6 +89,13 @@ export class AppComponent implements OnInit {
       )
       )
     );
     );
 
 
+    this.matIconRegistry.addSvgIconLiteral(
+      'apple-logo',
+      this.domSanitizer.bypassSecurityTrustHtml(
+        '<svg viewBox="0 0 256 315"><path d="M213.803394,167.030943 C214.2452,214.609646 255.542482,230.442639 256,230.644727 C255.650812,231.761357 249.401383,253.208293 234.24263,275.361446 C221.138555,294.513969 207.538253,313.596333 186.113759,313.991545 C165.062051,314.379442 158.292752,301.507828 134.22469,301.507828 C110.163898,301.507828 102.642899,313.596301 82.7151126,314.379442 C62.0350407,315.16201 46.2873831,293.668525 33.0744079,274.586162 C6.07529317,235.552544 -14.5576169,164.286328 13.147166,116.18047 C26.9103111,92.2909053 51.5060917,77.1630356 78.2026125,76.7751096 C98.5099145,76.3877456 117.677594,90.4371851 130.091705,90.4371851 C142.497945,90.4371851 165.790755,73.5415029 190.277627,76.0228474 C200.528668,76.4495055 229.303509,80.1636878 247.780625,107.209389 C246.291825,108.132333 213.44635,127.253405 213.803394,167.030988 M174.239142,50.1987033 C185.218331,36.9088319 192.607958,18.4081019 190.591988,0 C174.766312,0.636050225 155.629514,10.5457909 144.278109,23.8283506 C134.10507,35.5906758 125.195775,54.4170275 127.599657,72.4607932 C145.239231,73.8255433 163.259413,63.4970262 174.239142,50.1987249" fill="#000000"></path></svg>'
+      )
+    );
+
     this.storageService.testLocalStorage();
     this.storageService.testLocalStorage();
 
 
     this.setupTranslate();
     this.setupTranslate();

@@ -321,16 +321,13 @@
 
 
                                             <mat-form-field fxFlex class="mat-block">
                                             <mat-form-field fxFlex class="mat-block">
                                               <mat-label translate>admin.oauth2.user-info-uri</mat-label>
                                               <mat-label translate>admin.oauth2.user-info-uri</mat-label>
-                                              <input matInput formControlName="userInfoUri" required>
+                                              <input matInput formControlName="userInfoUri">
                                               <button mat-icon-button matSuffix
                                               <button mat-icon-button matSuffix
                                                       type="button"
                                                       type="button"
                                                       (click)="toggleEditMode(registration, 'userInfoUri')"
                                                       (click)="toggleEditMode(registration, 'userInfoUri')"
                                                       *ngIf="!isCustomProvider(registration)">
                                                       *ngIf="!isCustomProvider(registration)">
                                                 <mat-icon class="material-icons">create</mat-icon>
                                                 <mat-icon class="material-icons">create</mat-icon>
                                               </button>
                                               </button>
-                                              <mat-error *ngIf="registration.get('userInfoUri').hasError('required')">
-                                                {{ 'admin.oauth2.user-info-uri-required' | translate }}
-                                              </mat-error>
                                               <mat-error *ngIf="registration.get('userInfoUri').hasError('pattern')">
                                               <mat-error *ngIf="registration.get('userInfoUri').hasError('pattern')">
                                                 {{ 'admin.oauth2.uri-pattern-error' | translate }}
                                                 {{ 'admin.oauth2.uri-pattern-error' | translate }}
                                               </mat-error>
                                               </mat-error>

@@ -311,8 +311,7 @@ export class OAuth2SettingsComponent extends PageComponent implements OnInit, Ha
       scope: this.fb.array(registration?.scope ? registration.scope : [], OAuth2SettingsComponent.validateScope),
       scope: this.fb.array(registration?.scope ? registration.scope : [], OAuth2SettingsComponent.validateScope),
       jwkSetUri: [registration?.jwkSetUri ? registration.jwkSetUri : '', Validators.pattern(this.URL_REGEXP)],
       jwkSetUri: [registration?.jwkSetUri ? registration.jwkSetUri : '', Validators.pattern(this.URL_REGEXP)],
       userInfoUri: [registration?.userInfoUri ? registration.userInfoUri : '',
       userInfoUri: [registration?.userInfoUri ? registration.userInfoUri : '',
-        [Validators.required,
-          Validators.pattern(this.URL_REGEXP)]],
+        [Validators.pattern(this.URL_REGEXP)]],
       clientAuthenticationMethod: [
       clientAuthenticationMethod: [
         registration?.clientAuthenticationMethod ? registration.clientAuthenticationMethod : ClientAuthenticationMethod.POST,
         registration?.clientAuthenticationMethod ? registration.clientAuthenticationMethod : ClientAuthenticationMethod.POST,
         Validators.required],
         Validators.required],

@@ -54,7 +54,8 @@ export const domainSchemaTranslations = new Map<DomainSchema, string>(
 export enum MapperConfigType{
 export enum MapperConfigType{
   BASIC = 'BASIC',
   BASIC = 'BASIC',
   CUSTOM = 'CUSTOM',
   CUSTOM = 'CUSTOM',
-  GITHUB = 'GITHUB'
+  GITHUB = 'GITHUB',
+  APPLE = 'APPLE'
 }
 }
 
 
 export enum TenantNameStrategy{
 export enum TenantNameStrategy{