feat: allow postLogoutRedirectsUris to be set (#54)
Closes #51 Signed-off-by: Clément BUCHART <clement@buchart.dev>
This commit is contained in:
Clément BUCHART
GitHub
parent
db7513800e
commit
c337b2d8f4
@ -84,6 +84,9 @@ type OAuth2ClientSpec struct {
|
||||
// RedirectURIs is an array of the redirect URIs allowed for the application
|
||||
RedirectURIs []RedirectURI `json:"redirectUris,omitempty"`
|
||||
|
||||
// PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
|
||||
PostLogoutRedirectURIs []RedirectURI `json:"postLogoutRedirectUris,omitempty"`
|
||||
|
||||
// Audience is a whitelist defining the audiences this client is allowed to request tokens for
|
||||
Audience []string `json:"audience,omitempty"`
|
||||
|
||||
@ -105,7 +108,7 @@ type OAuth2ClientSpec struct {
|
||||
// this client
|
||||
HydraAdmin HydraAdmin `json:"hydraAdmin,omitempty"`
|
||||
|
||||
// +kubebuilder:validation:Enum=;client_secret_basic;client_secret_post;private_key_jwt;none
|
||||
// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
|
||||
//
|
||||
// Indication which authentication method shoud be used for the token endpoint
|
||||
TokenEndpointAuthMethod TokenEndpointAuthMethod `json:"tokenEndpointAuthMethod,omitempty"`
|
||||
@ -126,7 +129,7 @@ type ResponseType string
|
||||
// RedirectURI represents a redirect URI for the client
|
||||
type RedirectURI string
|
||||
|
||||
// +kubebuilder:validation:Enum=;client_secret_basic;client_secret_post;private_key_jwt;none
|
||||
// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
|
||||
// TokenEndpointAuthMethod represents an authentication method for token endpoint
|
||||
type TokenEndpointAuthMethod string
|
||||
|
||||
@ -176,6 +179,7 @@ func (c *OAuth2Client) ToOAuth2ClientJSON() *hydra.OAuth2ClientJSON {
|
||||
GrantTypes: grantToStringSlice(c.Spec.GrantTypes),
|
||||
ResponseTypes: responseToStringSlice(c.Spec.ResponseTypes),
|
||||
RedirectURIs: redirectToStringSlice(c.Spec.RedirectURIs),
|
||||
PostLogoutRedirectURIs: redirectToStringSlice(c.Spec.PostLogoutRedirectURIs),
|
||||
Audience: c.Spec.Audience,
|
||||
Scope: c.Spec.Scope,
|
||||
Owner: fmt.Sprintf("%s/%s", c.Name, c.Namespace),
|
||||
|
||||
@ -106,6 +106,7 @@ func TestCreateAPI(t *testing.T) {
|
||||
"invalid scope": func() { created.Spec.Scope = "" },
|
||||
"missing secret name": func() { created.Spec.SecretName = "" },
|
||||
"invalid redirect URI": func() { created.Spec.RedirectURIs = []RedirectURI{"invalid"} },
|
||||
"invalid logout redirect URI": func() { created.Spec.PostLogoutRedirectURIs = []RedirectURI{"invalid"} },
|
||||
"invalid hydra url": func() { created.Spec.HydraAdmin.URL = "invalid" },
|
||||
"invalid hydra port high": func() { created.Spec.HydraAdmin.Port = 65536 },
|
||||
"invalid hydra endpoint": func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
|
||||
|
||||
@ -20,6 +20,7 @@ limitations under the License.
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
@ -115,7 +116,22 @@ func (in *OAuth2ClientSpec) DeepCopyInto(out *OAuth2ClientSpec) {
|
||||
*out = make([]RedirectURI, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.PostLogoutRedirectURIs != nil {
|
||||
in, out := &in.PostLogoutRedirectURIs, &out.PostLogoutRedirectURIs
|
||||
*out = make([]RedirectURI, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.Audience != nil {
|
||||
in, out := &in.Audience, &out.Audience
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
out.HydraAdmin = in.HydraAdmin
|
||||
if in.Metadata != nil {
|
||||
in, out := &in.Metadata, &out.Metadata
|
||||
*out = make(json.RawMessage, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientSpec.
|
||||
|
||||
@ -387,6 +387,12 @@ spec:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
audience:
|
||||
description: Audience is a whitelist defining the audiences this client
|
||||
is allowed to request tokens for
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
grantTypes:
|
||||
description: GrantTypes is an array of grant types the client is allowed
|
||||
to use.
|
||||
@ -430,6 +436,17 @@ spec:
|
||||
pattern: (^$|^https?://.*)
|
||||
type: string
|
||||
type: object
|
||||
metadata:
|
||||
description: Metadata is abritrary data
|
||||
format: byte
|
||||
type: string
|
||||
postLogoutRedirectUris:
|
||||
description: PostLogoutRedirectURIs is an array of the post logout redirect
|
||||
URIs allowed for the application
|
||||
items:
|
||||
pattern: \w+:/?/?[^\s]+
|
||||
type: string
|
||||
type: array
|
||||
redirectUris:
|
||||
description: RedirectURIs is an array of the redirect URIs allowed for
|
||||
the application
|
||||
@ -437,11 +454,6 @@ spec:
|
||||
pattern: \w+:/?/?[^\s]+
|
||||
type: string
|
||||
type: array
|
||||
audience:
|
||||
description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
responseTypes:
|
||||
description: ResponseTypes is an array of the OAuth 2.0 response type
|
||||
strings that the client can use at the authorization endpoint.
|
||||
@ -454,17 +466,6 @@ spec:
|
||||
maxItems: 3
|
||||
minItems: 1
|
||||
type: array
|
||||
tokenEndpointAuthMethod:
|
||||
description: Indication which authentication method shoud be used for the token endpoint.
|
||||
type: string
|
||||
enum:
|
||||
- client_secret_basic
|
||||
- client_secret_post
|
||||
- private_key_jwt
|
||||
- none
|
||||
metadata:
|
||||
description: Metadata is arbitrary data. This JSON will be stored into client and can be used to hold custom properties
|
||||
type: object
|
||||
scope:
|
||||
description: Scope is a string containing a space-separated list of
|
||||
scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
|
||||
@ -478,6 +479,15 @@ spec:
|
||||
minLength: 1
|
||||
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
|
||||
type: string
|
||||
tokenEndpointAuthMethod:
|
||||
description: Indication which authentication method shoud be used for
|
||||
the token endpoint
|
||||
enum:
|
||||
- client_secret_basic
|
||||
- client_secret_post
|
||||
- private_key_jwt
|
||||
- none
|
||||
type: string
|
||||
required:
|
||||
- grantTypes
|
||||
- scope
|
||||
|
||||
@ -19,6 +19,8 @@ spec:
|
||||
redirectUris:
|
||||
- https://client/account
|
||||
- http://localhost:8080
|
||||
postLogoutRedirectUris:
|
||||
- https://client/logout
|
||||
audience:
|
||||
- audience-a
|
||||
- audience-b
|
||||
|
||||
@ -29,6 +29,8 @@ spec:
|
||||
redirectUris:
|
||||
- https://client/account
|
||||
- http://localhost:8080
|
||||
postLogoutRedirectUris:
|
||||
- https://client/logout
|
||||
audience:
|
||||
- audience-a
|
||||
- audience-b
|
||||
|
||||
@ -488,6 +488,7 @@ func testInstance(name, secretName string) *hydrav1alpha1.OAuth2Client {
|
||||
ResponseTypes: []hydrav1alpha1.ResponseType{"token"},
|
||||
Scope: "a b c",
|
||||
RedirectURIs: []hydrav1alpha1.RedirectURI{"https://example.com"},
|
||||
PostLogoutRedirectURIs: []hydrav1alpha1.RedirectURI{"https://example.com/logout"},
|
||||
Audience: []string{"audience-a"},
|
||||
SecretName: secretName,
|
||||
HydraAdmin: hydrav1alpha1.HydraAdmin{
|
||||
|
||||
@ -12,6 +12,7 @@ type OAuth2ClientJSON struct {
|
||||
Secret *string `json:"client_secret,omitempty"`
|
||||
GrantTypes []string `json:"grant_types"`
|
||||
RedirectURIs []string `json:"redirect_uris,omitempty"`
|
||||
PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris,omitempty"`
|
||||
ResponseTypes []string `json:"response_types,omitempty"`
|
||||
Audience []string `json:"audience,omitempty"`
|
||||
Scope string `json:"scope"`
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user