When performing an upstream refresh, use the configured http client

Otherwise, the CA and proxy settings will not be used for the call
to the upstream token endpoint while performing the refresh. This
mistake was exposed by the TestSupervisorLogin integration test, so
it has test coverage.
This commit is contained in:
Ryan Richard 2021-10-13 14:05:00 -07:00
parent 79ca1d7fb0
commit a34dae549b

View File

@ -123,9 +123,11 @@ func (p *ProviderConfig) ExchangeAuthcodeAndValidateTokens(ctx context.Context,
} }
func (p *ProviderConfig) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error) { func (p *ProviderConfig) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error) {
// Use the provided HTTP client to benefit from its CA, proxy, and other settings.
httpClientContext := coreosoidc.ClientContext(ctx, p.Client)
// Create a TokenSource without an access token, so it thinks that a refresh is immediately required. // Create a TokenSource without an access token, so it thinks that a refresh is immediately required.
// Then ask it for the tokens to cause it to perform the refresh and return the results. // Then ask it for the tokens to cause it to perform the refresh and return the results.
return p.Config.TokenSource(ctx, &oauth2.Token{RefreshToken: refreshToken}).Token() return p.Config.TokenSource(httpClientContext, &oauth2.Token{RefreshToken: refreshToken}).Token()
} }
// ValidateToken will validate the ID token. It will also merge the claims from the userinfo endpoint response, // ValidateToken will validate the ID token. It will also merge the claims from the userinfo endpoint response,