djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix lint error and remove accidental direct dep on ory/x 

Fixing some mistakes from previous commit on feature branch.
This commit is contained in:
Ryan Richard 2022-07-21 13:50:33 -07:00
parent c12ffad29e
commit 0495286f97
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/oidc/token_exchange.go
View File

@ -13,7 +13,6 @@ import (
"github.com/ory/fosite/compose"
"github.com/ory/fosite/handler/oauth2"
"github.com/ory/fosite/handler/openid"
"github.com/ory/x/errorsx"
"github.com/pkg/errors"
"go.pinniped.dev/internal/oidc/clientregistry"
@ -75,13 +74,13 @@ func (t *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context
// Check that the currently authenticated client and the client which was originally used to get the access token are the same.
if originalRequester.GetClient().GetID() != requester.GetClient().GetID() {
// This error message is copied from the similar check in fosite's flow_authorize_code_token.go.
return errorsx.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request."))
return errors.WithStack(fosite.ErrInvalidGrant.WithHint("The OAuth 2.0 Client ID from this request does not match the one from the authorize request."))
}
// Check that the client is allowed to perform this grant type.
if !requester.GetClient().GetGrantTypes().Has(tokenExchangeGrantType) {
// This error message is trying to be similar to the analogous one in fosite's flow_authorize_code_token.go.
return errorsx.WithStack(fosite.ErrUnauthorizedClient.WithHintf("The OAuth 2.0 Client is not allowed to use token exchange grant \"%s\".", tokenExchangeGrantType))
return errors.WithStack(fosite.ErrUnauthorizedClient.WithHintf(`The OAuth 2.0 Client is not allowed to use token exchange grant "%s".`, tokenExchangeGrantType))
}
// Require that the incoming access token has the pinniped:request-audience and OpenID scopes.

3
test/integration/supervisor_login_test.go
View File

@ -1748,9 +1748,8 @@ func testSupervisorLogin(
require.EqualError(t, err, wantAuthcodeExchangeError)
// The authcode exchange has failed, so can't continue the login flow, making this the end of the test case.
return
} else {
require.NoError(t, err)
}
require.NoError(t, err)
expectedIDTokenClaims := []string{"iss", "exp", "sub", "aud", "auth_time", "iat", "jti", "nonce", "rat", "username"}
if slices.Contains(downstreamScopes, "groups") {
expectedIDTokenClaims = append(expectedIDTokenClaims, "groups")