From 0495286f9727fa39b362d3497f89466829fffb36 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Thu, 21 Jul 2022 13:50:33 -0700 Subject: [PATCH] Fix lint error and remove accidental direct dep on ory/x Fixing some mistakes from previous commit on feature branch. --- internal/oidc/token_exchange.go | 5 ++--- test/integration/supervisor_login_test.go | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/internal/oidc/token_exchange.go b/internal/oidc/token_exchange.go index 5ed83b5e..9cbf566d 100644 --- a/internal/oidc/token_exchange.go +++ b/internal/oidc/token_exchange.go @@ -13,7 +13,6 @@ import ( "github.com/ory/fosite/compose" "github.com/ory/fosite/handler/oauth2" "github.com/ory/fosite/handler/openid" - "github.com/ory/x/errorsx" "github.com/pkg/errors" "go.pinniped.dev/internal/oidc/clientregistry" @@ -75,13 +74,13 @@ func (t *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context // Check that the currently authenticated client and the client which was originally used to get the access token are the same. if originalRequester.GetClient().GetID() != requester.GetClient().GetID() { // This error message is copied from the similar check in fosite's flow_authorize_code_token.go. - return errorsx.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request.")) + return errors.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request.")) } // Check that the client is allowed to perform this grant type. if !requester.GetClient().GetGrantTypes().Has(tokenExchangeGrantType) { // This error message is trying to be similar to the analogous one in fosite's flow_authorize_code_token.go. - return errorsx.WithStack(fosite.ErrUnauthorizedClient.WithHintf("The OAuth 2.0 Client is not allowed to use token exchange grant \"%s\".", tokenExchangeGrantType)) + return errors.WithStack(fosite.ErrUnauthorizedClient.WithHintf(`The OAuth 2.0 Client is not allowed to use token exchange grant "%s".`, tokenExchangeGrantType)) } // Require that the incoming access token has the pinniped:request-audience and OpenID scopes. diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 981d3343..b465a17d 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -1748,9 +1748,8 @@ func testSupervisorLogin( require.EqualError(t, err, wantAuthcodeExchangeError) // The authcode exchange has failed, so can't continue the login flow, making this the end of the test case. return - } else { - require.NoError(t, err) } + require.NoError(t, err) expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat", "username"} if slices.Contains(downstreamScopes, "groups") { expectedIDTokenClaims = append(expectedIDTokenClaims, "groups")