feat: allow postLogoutRedirectsUris to be set (#54)

Closes #51 Signed-off-by: Clément BUCHART <clement@buchart.dev>
2020-06-08 12:09:32 +02:00 · 2020-06-08 12:09:32 +02:00 · c337b2d8f4
commit c337b2d8f4
parent db7513800e
8 changed files with 61 additions and 24 deletions
--- a/api/v1alpha1/oauth2client_types.go
+++ b/api/v1alpha1/oauth2client_types.go
@ -84,6 +84,9 @@ type OAuth2ClientSpec struct {
 	// RedirectURIs is an array of the redirect URIs allowed for the application
 	RedirectURIs []RedirectURI `json:"redirectUris,omitempty"`

+	// PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
+	PostLogoutRedirectURIs []RedirectURI `json:"postLogoutRedirectUris,omitempty"`
+
 	// Audience is a whitelist defining the audiences this client is allowed to request tokens for
 	Audience []string `json:"audience,omitempty"`

@ -105,7 +108,7 @@ type OAuth2ClientSpec struct {
 	// this client
 	HydraAdmin HydraAdmin `json:"hydraAdmin,omitempty"`

-	// +kubebuilder:validation:Enum=;client_secret_basic;client_secret_post;private_key_jwt;none
+	// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
 	//
 	// Indication which authentication method shoud be used for the token endpoint
 	TokenEndpointAuthMethod TokenEndpointAuthMethod `json:"tokenEndpointAuthMethod,omitempty"`
@ -126,7 +129,7 @@ type ResponseType string
 // RedirectURI represents a redirect URI for the client
 type RedirectURI string

-// +kubebuilder:validation:Enum=;client_secret_basic;client_secret_post;private_key_jwt;none
+// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
 // TokenEndpointAuthMethod represents an authentication method for token endpoint
 type TokenEndpointAuthMethod string

@ -176,6 +179,7 @@ func (c *OAuth2Client) ToOAuth2ClientJSON() *hydra.OAuth2ClientJSON {
 		GrantTypes:              grantToStringSlice(c.Spec.GrantTypes),
 		ResponseTypes:           responseToStringSlice(c.Spec.ResponseTypes),
 		RedirectURIs:            redirectToStringSlice(c.Spec.RedirectURIs),
+		PostLogoutRedirectURIs:  redirectToStringSlice(c.Spec.PostLogoutRedirectURIs),
 		Audience:                c.Spec.Audience,
 		Scope:                   c.Spec.Scope,
 		Owner:                   fmt.Sprintf("%s/%s", c.Name, c.Namespace),
--- a/api/v1alpha1/oauth2client_types_test.go
+++ b/api/v1alpha1/oauth2client_types_test.go
@ -106,6 +106,7 @@ func TestCreateAPI(t *testing.T) {
 				"invalid scope":                 func() { created.Spec.Scope = "" },
 				"missing secret name":           func() { created.Spec.SecretName = "" },
 				"invalid redirect URI":          func() { created.Spec.RedirectURIs = []RedirectURI{"invalid"} },
+				"invalid logout redirect URI":   func() { created.Spec.PostLogoutRedirectURIs = []RedirectURI{"invalid"} },
 				"invalid hydra url":             func() { created.Spec.HydraAdmin.URL = "invalid" },
 				"invalid hydra port high":       func() { created.Spec.HydraAdmin.Port = 65536 },
 				"invalid hydra endpoint":        func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@ -20,6 +20,7 @@ limitations under the License.
 package v1alpha1

 import (
+	"encoding/json"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

@ -115,7 +116,22 @@ func (in *OAuth2ClientSpec) DeepCopyInto(out *OAuth2ClientSpec) {
 		*out = make([]RedirectURI, len(*in))
 		copy(*out, *in)
 	}
+	if in.PostLogoutRedirectURIs != nil {
+		in, out := &in.PostLogoutRedirectURIs, &out.PostLogoutRedirectURIs
+		*out = make([]RedirectURI, len(*in))
+		copy(*out, *in)
+	}
+	if in.Audience != nil {
+		in, out := &in.Audience, &out.Audience
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	out.HydraAdmin = in.HydraAdmin
+	if in.Metadata != nil {
+		in, out := &in.Metadata, &out.Metadata
+		*out = make(json.RawMessage, len(*in))
+		copy(*out, *in)
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientSpec.
--- a/config/crd/bases/hydra.ory.sh_oauth2clients.yaml
+++ b/config/crd/bases/hydra.ory.sh_oauth2clients.yaml
@ -387,6 +387,12 @@ spec:
          type: object
        spec:
          properties:
+            audience:
+              description: Audience is a whitelist defining the audiences this client
+                is allowed to request tokens for
+              items:
+                type: string
+              type: array
            grantTypes:
              description: GrantTypes is an array of grant types the client is allowed
                to use.
@ -430,6 +436,17 @@ spec:
                  pattern: (^$|^https?://.*)
                  type: string
              type: object
+            metadata:
+              description: Metadata is abritrary data
+              format: byte
+              type: string
+            postLogoutRedirectUris:
+              description: PostLogoutRedirectURIs is an array of the post logout redirect
+                URIs allowed for the application
+              items:
+                pattern: \w+:/?/?[^\s]+
+                type: string
+              type: array
            redirectUris:
              description: RedirectURIs is an array of the redirect URIs allowed for
                the application
@ -437,11 +454,6 @@ spec:
                pattern: \w+:/?/?[^\s]+
                type: string
              type: array
-            audience:
-              description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
-              items:
-                type: string
-              type: array
            responseTypes:
              description: ResponseTypes is an array of the OAuth 2.0 response type
                strings that the client can use at the authorization endpoint.
@ -454,17 +466,6 @@ spec:
              maxItems: 3
              minItems: 1
              type: array
-            tokenEndpointAuthMethod:
-              description: Indication which authentication method shoud be used for the token endpoint.
-              type: string
-              enum:
-              - client_secret_basic
-              - client_secret_post
-              - private_key_jwt
-              - none
-            metadata:
-              description: Metadata is arbitrary data. This JSON will be stored into client and can be used to hold custom properties
-              type: object
            scope:
              description: Scope is a string containing a space-separated list of
                scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
@ -478,6 +479,15 @@ spec:
              minLength: 1
              pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
              type: string
+            tokenEndpointAuthMethod:
+              description: Indication which authentication method shoud be used for
+                the token endpoint
+              enum:
+              - client_secret_basic
+              - client_secret_post
+              - private_key_jwt
+              - none
+              type: string
          required:
          - grantTypes
          - scope
--- a/config/samples/hydra_v1alpha1_oauth2client.yaml
+++ b/config/samples/hydra_v1alpha1_oauth2client.yaml
@ -19,6 +19,8 @@ spec:
  redirectUris:
    - https://client/account
    - http://localhost:8080
+  postLogoutRedirectUris:
+    - https://client/logout
  audience:
    - audience-a
    - audience-b
--- a/config/samples/hydra_v1alpha1_oauth2client_user_credentials.yaml
+++ b/config/samples/hydra_v1alpha1_oauth2client_user_credentials.yaml
@ -29,6 +29,8 @@ spec:
  redirectUris:
    - https://client/account
    - http://localhost:8080
+  postLogoutRedirectUris:
+    - https://client/logout
  audience:
    - audience-a
    - audience-b
--- a/controllers/oauth2client_controller_integration_test.go
+++ b/controllers/oauth2client_controller_integration_test.go
@ -484,12 +484,13 @@ func testInstance(name, secretName string) *hydrav1alpha1.OAuth2Client {
 			Namespace: tstNamespace,
 		},
 		Spec: hydrav1alpha1.OAuth2ClientSpec{
-			GrantTypes:    []hydrav1alpha1.GrantType{"client_credentials"},
-			ResponseTypes: []hydrav1alpha1.ResponseType{"token"},
-			Scope:         "a b c",
-			RedirectURIs:  []hydrav1alpha1.RedirectURI{"https://example.com"},
-			Audience:      []string{"audience-a"},
-			SecretName:    secretName,
+			GrantTypes:             []hydrav1alpha1.GrantType{"client_credentials"},
+			ResponseTypes:          []hydrav1alpha1.ResponseType{"token"},
+			Scope:                  "a b c",
+			RedirectURIs:           []hydrav1alpha1.RedirectURI{"https://example.com"},
+			PostLogoutRedirectURIs: []hydrav1alpha1.RedirectURI{"https://example.com/logout"},
+			Audience:               []string{"audience-a"},
+			SecretName:             secretName,
 			HydraAdmin: hydrav1alpha1.HydraAdmin{
 				URL:            "http://hydra-admin",
 				Port:           4445,
--- a/hydra/types.go
+++ b/hydra/types.go
@ -12,6 +12,7 @@ type OAuth2ClientJSON struct {
 	Secret                  *string         `json:"client_secret,omitempty"`
 	GrantTypes              []string        `json:"grant_types"`
 	RedirectURIs            []string        `json:"redirect_uris,omitempty"`
+	PostLogoutRedirectURIs  []string        `json:"post_logout_redirect_uris,omitempty"`
 	ResponseTypes           []string        `json:"response_types,omitempty"`
 	Audience                []string        `json:"audience,omitempty"`
 	Scope                   string          `json:"scope"`