From 0d215566d81aa9733870c32c03ec2f49c5dc1daf Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 26 Sep 2022 16:41:52 -0700 Subject: [PATCH] Yet another integration test fix for dynamic clients feature with Okta --- test/integration/supervisor_login_test.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 79f0a46f..63a9e562 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -1300,7 +1300,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { spec.AuthorizationConfig = idpv1alpha1.OIDCAuthorizationConfig{ AdditionalScopes: env.SupervisorUpstreamOIDC.AdditionalScopes, } - return testlib.CreateTestOIDCIdentityProvider(t, basicOIDCIdentityProviderSpec(), idpv1alpha1.PhaseReady).Name + return testlib.CreateTestOIDCIdentityProvider(t, spec, idpv1alpha1.PhaseReady).Name }, createOIDCClient: func(t *testing.T, callbackURL string) (string, string) { return testlib.CreateOIDCClient(t, configv1alpha1.OIDCClientSpec{ @@ -1311,9 +1311,8 @@ func TestSupervisorLogin_Browser(t *testing.T) { }, requestAuthorization: requestAuthorizationUsingBrowserAuthcodeFlowOIDC, // the ID token Subject should include the upstream user ID after the upstream issuer name - wantDownstreamIDTokenSubjectToMatch: "^" + regexp.QuoteMeta(env.SupervisorUpstreamOIDC.Issuer+"?sub=") + ".+", - // the ID token Username should include the upstream user ID after the upstream issuer name - wantDownstreamIDTokenUsernameToMatch: func(_ string) string { return "^" + regexp.QuoteMeta(env.SupervisorUpstreamOIDC.Issuer+"?sub=") + ".+" }, + wantDownstreamIDTokenSubjectToMatch: "^" + regexp.QuoteMeta(env.SupervisorUpstreamOIDC.Issuer+"?sub=") + ".+", + wantDownstreamIDTokenUsernameToMatch: func(_ string) string { return "^" + regexp.QuoteMeta(env.SupervisorUpstreamOIDC.Username) + "$" }, wantDownstreamIDTokenGroups: env.SupervisorUpstreamOIDC.ExpectedGroups, }, { @@ -1919,7 +1918,7 @@ func testSupervisorLogin( }, 30*time.Second, 200*time.Millisecond) if downstreamScopes == nil { - // By default, tests will request all the relevant groups. + // By default, tests will request all the relevant scopes. downstreamScopes = []string{"openid", "pinniped:request-audience", "offline_access", "username", "groups"} } if wantDownstreamScopes == nil {