CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Implement creating clients with backchannel or frontchannel logout uris (#139)

Browse Source
This commit is contained in:
Tim Siebels 2024-01-22 09:12:12 +01:00 committed by GitHub
parent 91b139e6f2
commit ad03786403
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 57 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hydra/client_test.go
View File

@ -26,11 +26,11 @@ const (
testID = "test-id" testID = "test-id"
testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}` testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic"}` testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic","backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`
testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}` testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}` testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}`
testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"}}` testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"},"backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`
statusNotFoundBody = `{"error":"Not Found","error_description":"Unable to locate the requested resource","status_code":404,"request_id":"id"}` statusNotFoundBody = `{"error":"Not Found","error_description":"Unable to locate the requested resource","status_code":404,"request_id":"id"}`
statusUnauthorizedBody = `{"error":"The request could not be authorized","error_description":"The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials","status_code":401,"request_id":"id"}` statusUnauthorizedBody = `{"error":"The request could not be authorized","error_description":"The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials","status_code":401,"request_id":"id"}`
@ -49,6 +49,10 @@ var testOAuthJSONPost = &hydra.OAuth2ClientJSON{
GrantTypes: []string{"type2"}, GrantTypes: []string{"type2"},
Owner: "test-name-2", Owner: "test-name-2",
Audience: []string{"audience-a", "audience-b"}, Audience: []string{"audience-a", "audience-b"},
FrontChannelLogoutURI: "https://localhost/frontchannel-logout",
FrontChannelLogoutSessionRequired: false,
BackChannelLogoutURI: "https://localhost/backchannel-logout",
BackChannelLogoutSessionRequired: false,
} }
var testOAuthJSONPut = &hydra.OAuth2ClientJSON{ var testOAuthJSONPut = &hydra.OAuth2ClientJSON{
@ -186,6 +190,10 @@ func TestCRUD(t *testing.T) {
GrantTypes: []string{"type2"}, GrantTypes: []string{"type2"},
Owner: "test-name-21", Owner: "test-name-21",
Metadata: meta, Metadata: meta,
FrontChannelLogoutURI: "https://localhost/frontchannel-logout",
FrontChannelLogoutSessionRequired: false,
BackChannelLogoutURI: "https://localhost/backchannel-logout",
BackChannelLogoutSessionRequired: false,
} }
o, err = c.PostOAuth2Client(testOAuthJSONPost2) o, err = c.PostOAuth2Client(testOAuthJSONPost2)
expected = testOAuthJSONPost2 expected = testOAuthJSONPost2
@ -211,6 +219,10 @@ func TestCRUD(t *testing.T) {
assert.NotNil(o.Secret) assert.NotNil(o.Secret)
assert.NotNil(o.ClientID) assert.NotNil(o.ClientID)
assert.NotNil(o.TokenEndpointAuthMethod) assert.NotNil(o.TokenEndpointAuthMethod)
assert.Equal(expected.FrontChannelLogoutURI, o.FrontChannelLogoutURI)
assert.Equal(expected.FrontChannelLogoutSessionRequired, o.FrontChannelLogoutSessionRequired)
assert.Equal(expected.BackChannelLogoutURI, o.BackChannelLogoutURI)
assert.Equal(expected.BackChannelLogoutSessionRequired, o.BackChannelLogoutSessionRequired)
if expected.TokenEndpointAuthMethod != "" { if expected.TokenEndpointAuthMethod != "" {
assert.Equal(expected.TokenEndpointAuthMethod, o.TokenEndpointAuthMethod) assert.Equal(expected.TokenEndpointAuthMethod, o.TokenEndpointAuthMethod)
} }

8
hydra/types.go
View File

@ -29,6 +29,10 @@ type OAuth2ClientJSON struct {
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"` TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"` Metadata json.RawMessage `json:"metadata,omitempty"`
JwksUri string `json:"jwks_uri,omitempty"` JwksUri string `json:"jwks_uri,omitempty"`
FrontChannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required"`
FrontChannelLogoutURI string `json:"frontchannel_logout_uri"`
BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required"`
BackChannelLogoutURI string `json:"backchannel_logout_uri"`
} }
// Oauth2ClientCredentials represents client ID and password fetched from a // Oauth2ClientCredentials represents client ID and password fetched from a
@ -66,6 +70,10 @@ func FromOAuth2Client(c *hydrav1alpha1.OAuth2Client) (*OAuth2ClientJSON, error)
Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace), Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace),
TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod), TokenEndpointAuthMethod: string(c.Spec.TokenEndpointAuthMethod),
Metadata: meta, Metadata: meta,
FrontChannelLogoutURI: c.Spec.BackChannelLogoutURI,
FrontChannelLogoutSessionRequired: c.Spec.BackChannelLogoutSessionRequired,
BackChannelLogoutSessionRequired: c.Spec.BackChannelLogoutSessionRequired,
BackChannelLogoutURI: c.Spec.BackChannelLogoutURI,
}, nil }, nil
} }