CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: Add audience field to OAuth2 Clients (#44)

Browse Source
This commit is contained in:
Ante Mihalj 2020-02-01 14:26:22 +01:00 committed by GitHub
parent 728d02b8fc
commit 71f17149c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/v1alpha1/oauth2client_types.go
View File

@ -83,6 +83,9 @@ type OAuth2ClientSpec struct {
// RedirectURIs is an array of the redirect URIs allowed for the application // RedirectURIs is an array of the redirect URIs allowed for the application
RedirectURIs []RedirectURI `json:"redirectUris,omitempty"` RedirectURIs []RedirectURI `json:"redirectUris,omitempty"`
// Audience is a whitelist defining the audiences this client is allowed to request tokens for
Audience []string `json:"audience,omitempty"`
// +kubebuilder:validation:Pattern=([a-zA-Z0-9\.\*]+\s?)+ // +kubebuilder:validation:Pattern=([a-zA-Z0-9\.\*]+\s?)+
// //
// Scope is a string containing a space-separated list of scope values (as // Scope is a string containing a space-separated list of scope values (as
@ -169,6 +172,7 @@ func (c *OAuth2Client) ToOAuth2ClientJSON() *hydra.OAuth2ClientJSON {
GrantTypes: grantToStringSlice(c.Spec.GrantTypes), GrantTypes: grantToStringSlice(c.Spec.GrantTypes),
ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes), ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes),
RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs), RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs),
Audience: c.Spec.Audience,
Scope: c.Spec.Scope, Scope: c.Spec.Scope,
Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace), Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace),
TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod), TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod),

5
config/crd/bases/hydra.ory.sh_oauth2clients.yaml
View File

@ -437,6 +437,11 @@ spec:
pattern: \w+:/?/?[^\s]+ pattern: \w+:/?/?[^\s]+
type: string type: string
type: array type: array
audience:
description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
items:
type: string
type: array
responseTypes: responseTypes:
description: ResponseTypes is an array of the OAuth 2.0 response type description: ResponseTypes is an array of the OAuth 2.0 response type
strings that the client can use at the authorization endpoint. strings that the client can use at the authorization endpoint.

3
config/samples/hydra_v1alpha1_oauth2client.yaml
View File

@ -19,6 +19,9 @@ spec:
redirectUris: redirectUris:
- https://client/account - https://client/account
- http://localhost:8080 - http://localhost:8080
audience:
- audience-a
- audience-b
hydraAdmin: hydraAdmin:
# if hydraAdmin is specified, all of these fields are requried, # if hydraAdmin is specified, all of these fields are requried,
# but they can be empty/0 # but they can be empty/0

3
config/samples/hydra_v1alpha1_oauth2client_user_credentials.yaml
View File

@ -29,6 +29,9 @@ spec:
redirectUris: redirectUris:
- https://client/account - https://client/account
- http://localhost:8080 - http://localhost:8080
audience:
- audience-a
- audience-b
hydraAdmin: hydraAdmin:
# if hydraAdmin is specified, all of these fields are requried, # if hydraAdmin is specified, all of these fields are requried,
# but they can be empty/0 # but they can be empty/0

3
controllers/oauth2client_controller_integration_test.go
View File

@ -70,6 +70,7 @@ var _ = Describe("OAuth2Client Controller", func() {
ResponseTypes: o.ResponseTypes, ResponseTypes: o.ResponseTypes,
RedirectURIs: o.RedirectURIs, RedirectURIs: o.RedirectURIs,
Scope: o.Scope, Scope: o.Scope,
Audience: o.Audience,
Owner: o.Owner, Owner: o.Owner,
} }
}, func(o *hydra.OAuth2ClientJSON) error { }, func(o *hydra.OAuth2ClientJSON) error {
@ -214,6 +215,7 @@ var _ = Describe("OAuth2Client Controller", func() {
GrantTypes: o.GrantTypes, GrantTypes: o.GrantTypes,
ResponseTypes: o.ResponseTypes, ResponseTypes: o.ResponseTypes,
RedirectURIs: o.RedirectURIs, RedirectURIs: o.RedirectURIs,
Audience: o.Audience,
Scope: o.Scope, Scope: o.Scope,
Owner: o.Owner, Owner: o.Owner,
} }
@ -402,6 +404,7 @@ func testInstance(name, secretName string) *hydrav1alpha1.OAuth2Client {
ResponseTypes: []hydrav1alpha1.ResponseType{"token"}, ResponseTypes: []hydrav1alpha1.ResponseType{"token"},
Scope: "a b c", Scope: "a b c",
RedirectURIs: []hydrav1alpha1.RedirectURI{"https://example.com"}, RedirectURIs: []hydrav1alpha1.RedirectURI{"https://example.com"},
Audience: []string{"audience-a"},
SecretName: secretName, SecretName: secretName,
HydraAdmin: hydrav1alpha1.HydraAdmin{ HydraAdmin: hydrav1alpha1.HydraAdmin{
URL: "http://hydra-admin", URL: "http://hydra-admin",

8
hydra/client_test.go
View File

@ -23,8 +23,8 @@ const (
testID = "test-id" testID = "test-id"
testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}` testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic"}` testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"token_endpoint_auth_method":"client_secret_basic"}` testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}`
@ -43,6 +43,7 @@ var testOAuthJSONPost = &hydra.OAuth2ClientJSON{
Scope: "some,other,scopes", Scope: "some,other,scopes",
GrantTypes: []string{"type2"}, GrantTypes: []string{"type2"},
Owner: "test-name-2", Owner: "test-name-2",
Audience: []string{"audience-a", "audience-b"},
} }
var testOAuthJSONPut = &hydra.OAuth2ClientJSON{ var testOAuthJSONPut = &hydra.OAuth2ClientJSON{
@ -50,6 +51,7 @@ var testOAuthJSONPut = &hydra.OAuth2ClientJSON{
Scope: "yet,another,scope", Scope: "yet,another,scope",
GrantTypes: []string{"type3"}, GrantTypes: []string{"type3"},
Owner: "test-name-3", Owner: "test-name-3",
Audience: []string{"audience-c"},
} }
func TestCRUD(t *testing.T) { func TestCRUD(t *testing.T) {
@ -170,6 +172,7 @@ func TestCRUD(t *testing.T) {
assert.Equal(testOAuthJSONPost.Scope, o.Scope) assert.Equal(testOAuthJSONPost.Scope, o.Scope)
assert.Equal(testOAuthJSONPost.GrantTypes, o.GrantTypes) assert.Equal(testOAuthJSONPost.GrantTypes, o.GrantTypes)
assert.Equal(testOAuthJSONPost.Owner, o.Owner) assert.Equal(testOAuthJSONPost.Owner, o.Owner)
assert.Equal(testOAuthJSONPost.Audience, o.Audience)
assert.NotNil(o.Secret) assert.NotNil(o.Secret)
assert.NotNil(o.ClientID) assert.NotNil(o.ClientID)
assert.NotNil(o.TokenEndpointAuthMethod) assert.NotNil(o.TokenEndpointAuthMethod)
@ -228,6 +231,7 @@ func TestCRUD(t *testing.T) {
assert.Equal(testOAuthJSONPut.GrantTypes, o.GrantTypes) assert.Equal(testOAuthJSONPut.GrantTypes, o.GrantTypes)
assert.Equal(testOAuthJSONPut.ClientID, o.ClientID) assert.Equal(testOAuthJSONPut.ClientID, o.ClientID)
assert.Equal(testOAuthJSONPut.Owner, o.Owner) assert.Equal(testOAuthJSONPut.Owner, o.Owner)
assert.Equal(testOAuthJSONPut.Audience, o.Audience)
assert.NotNil(o.Secret) assert.NotNil(o.Secret)
} }
}) })

1
hydra/types.go
View File

@ -9,6 +9,7 @@ type OAuth2ClientJSON struct {
GrantTypes []string `json:"grant_types"` GrantTypes []string `json:"grant_types"`
RedirectURIs []string `json:"redirect_uris,omitempty"` RedirectURIs []string `json:"redirect_uris,omitempty"`
ResponseTypes []string `json:"response_types,omitempty"` ResponseTypes []string `json:"response_types,omitempty"`
Audience []string `json:"audience,omitempty"`
Scope string `json:"scope"` Scope string `json:"scope"`
Owner string `json:"owner"` Owner string `json:"owner"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`