diff --git a/hydra/client_test.go b/hydra/client_test.go index 22ccbaf..42415ee 100644 --- a/hydra/client_test.go +++ b/hydra/client_test.go @@ -26,11 +26,11 @@ const ( testID = "test-id" testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}` - testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic"}` + testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic","backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}` testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}` - testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"}}` + testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"},"backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}` statusNotFoundBody = `{"error":"Not Found","error_description":"Unable to locate the requested resource","status_code":404,"request_id":"id"}` statusUnauthorizedBody = `{"error":"The request could not be authorized","error_description":"The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials","status_code":401,"request_id":"id"}` @@ -45,10 +45,14 @@ type server struct { } var testOAuthJSONPost = &hydra.OAuth2ClientJSON{ - Scope: "some,other,scopes", - GrantTypes: []string{"type2"}, - Owner: "test-name-2", - Audience: []string{"audience-a", "audience-b"}, + Scope: "some,other,scopes", + GrantTypes: []string{"type2"}, + Owner: "test-name-2", + Audience: []string{"audience-a", "audience-b"}, + FrontChannelLogoutURI: "https://localhost/frontchannel-logout", + FrontChannelLogoutSessionRequired: false, + BackChannelLogoutURI: "https://localhost/backchannel-logout", + BackChannelLogoutSessionRequired: false, } var testOAuthJSONPut = &hydra.OAuth2ClientJSON{ @@ -182,10 +186,14 @@ func TestCRUD(t *testing.T) { "property2": "2", }) var testOAuthJSONPost2 = &hydra.OAuth2ClientJSON{ - Scope: "some,other,scopes", - GrantTypes: []string{"type2"}, - Owner: "test-name-21", - Metadata: meta, + Scope: "some,other,scopes", + GrantTypes: []string{"type2"}, + Owner: "test-name-21", + Metadata: meta, + FrontChannelLogoutURI: "https://localhost/frontchannel-logout", + FrontChannelLogoutSessionRequired: false, + BackChannelLogoutURI: "https://localhost/backchannel-logout", + BackChannelLogoutSessionRequired: false, } o, err = c.PostOAuth2Client(testOAuthJSONPost2) expected = testOAuthJSONPost2 @@ -211,6 +219,10 @@ func TestCRUD(t *testing.T) { assert.NotNil(o.Secret) assert.NotNil(o.ClientID) assert.NotNil(o.TokenEndpointAuthMethod) + assert.Equal(expected.FrontChannelLogoutURI, o.FrontChannelLogoutURI) + assert.Equal(expected.FrontChannelLogoutSessionRequired, o.FrontChannelLogoutSessionRequired) + assert.Equal(expected.BackChannelLogoutURI, o.BackChannelLogoutURI) + assert.Equal(expected.BackChannelLogoutSessionRequired, o.BackChannelLogoutSessionRequired) if expected.TokenEndpointAuthMethod != "" { assert.Equal(expected.TokenEndpointAuthMethod, o.TokenEndpointAuthMethod) } diff --git a/hydra/types.go b/hydra/types.go index bb8cb4a..dddc3e2 100644 --- a/hydra/types.go +++ b/hydra/types.go @@ -14,21 +14,25 @@ import ( // OAuth2ClientJSON represents an OAuth2 client digestible by ORY Hydra type OAuth2ClientJSON struct { - ClientName string `json:"client_name,omitempty"` - ClientID *string `json:"client_id,omitempty"` - Secret *string `json:"client_secret,omitempty"` - GrantTypes []string `json:"grant_types"` - RedirectURIs []string `json:"redirect_uris,omitempty"` - PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"` - AllowedCorsOrigins []string `json:"allowed_cors_origins,omitempty"` - ResponseTypes []string `json:"response_types,omitempty"` - Audience []string `json:"audience,omitempty"` - Scope string `json:"scope"` - SkipConsent bool `json:"skip_consent,omitempty"` - Owner string `json:"owner"` - TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` - Metadata json.RawMessage `json:"metadata,omitempty"` - JwksUri string `json:"jwks_uri,omitempty"` + ClientName string `json:"client_name,omitempty"` + ClientID *string `json:"client_id,omitempty"` + Secret *string `json:"client_secret,omitempty"` + GrantTypes []string `json:"grant_types"` + RedirectURIs []string `json:"redirect_uris,omitempty"` + PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"` + AllowedCorsOrigins []string `json:"allowed_cors_origins,omitempty"` + ResponseTypes []string `json:"response_types,omitempty"` + Audience []string `json:"audience,omitempty"` + Scope string `json:"scope"` + SkipConsent bool `json:"skip_consent,omitempty"` + Owner string `json:"owner"` + TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` + Metadata json.RawMessage `json:"metadata,omitempty"` + JwksUri string `json:"jwks_uri,omitempty"` + FrontChannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required"` + FrontChannelLogoutURI string `json:"frontchannel_logout_uri"` + BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required"` + BackChannelLogoutURI string `json:"backchannel_logout_uri"` } // Oauth2ClientCredentials represents client ID and password fetched from a @@ -54,18 +58,22 @@ func FromOAuth2Client(c *hydrav1alpha1.OAuth2Client) (*OAuth2ClientJSON, error) } return &OAuth2ClientJSON{ - ClientName: c.Spec.ClientName, - GrantTypes: grantToStringSlice(c.Spec.GrantTypes), - ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes), - RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs), - PostLogoutRedirectURIs: redirectToStringSlice(c.Spec.PostLogoutRedirectURIs), - AllowedCorsOrigins: redirectToStringSlice(c.Spec.AllowedCorsOrigins), - Audience: c.Spec.Audience, - Scope: c.Spec.Scope, - SkipConsent: c.Spec.SkipConsent, - Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace), - TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod), - Metadata: meta, + ClientName: c.Spec.ClientName, + GrantTypes: grantToStringSlice(c.Spec.GrantTypes), + ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes), + RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs), + PostLogoutRedirectURIs: redirectToStringSlice(c.Spec.PostLogoutRedirectURIs), + AllowedCorsOrigins: redirectToStringSlice(c.Spec.AllowedCorsOrigins), + Audience: c.Spec.Audience, + Scope: c.Spec.Scope, + SkipConsent: c.Spec.SkipConsent, + Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace), + TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod), + Metadata: meta, + FrontChannelLogoutURI: c.Spec.BackChannelLogoutURI, + FrontChannelLogoutSessionRequired: c.Spec.BackChannelLogoutSessionRequired, + BackChannelLogoutSessionRequired: c.Spec.BackChannelLogoutSessionRequired, + BackChannelLogoutURI: c.Spec.BackChannelLogoutURI, }, nil }