djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

oidc: add code challenge supported methods

Browse Source 
Signed-off-by: hectorj2f <hectorf@vmware.com>
This commit is contained in:
hectorj2f 2022-04-18 01:06:59 +02:00
parent f5cf3276d5
commit a3f7afaec4
3 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/oidc/discovery/discovery_handler.go
View File

@ -37,6 +37,7 @@ type Metadata struct {
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
ScopesSupported []string `json:"scopes_supported"` ScopesSupported []string `json:"scopes_supported"`
ClaimsSupported []string `json:"claims_supported"` ClaimsSupported []string `json:"claims_supported"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
// ^^^ Optional ^^^ // ^^^ Optional ^^^
@ -64,6 +65,7 @@ func NewHandler(issuerURL string) http.Handler {
SubjectTypesSupported: []string{"public"}, SubjectTypesSupported: []string{"public"},
IDTokenSigningAlgValuesSupported: []string{"ES256"}, IDTokenSigningAlgValuesSupported: []string{"ES256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
CodeChallengeMethodsSupported: []string{"S256"},
ScopesSupported: []string{"openid", "offline"}, ScopesSupported: []string{"openid", "offline"},
ClaimsSupported: []string{"groups"}, ClaimsSupported: []string{"groups"},
} }

1
internal/oidc/discovery/discovery_handler_test.go
View File

@ -46,6 +46,7 @@ func TestDiscovery(t *testing.T) {
"id_token_signing_alg_values_supported": ["ES256"], "id_token_signing_alg_values_supported": ["ES256"],
"token_endpoint_auth_methods_supported": ["client_secret_basic"], "token_endpoint_auth_methods_supported": ["client_secret_basic"],
"scopes_supported": ["openid", "offline"], "scopes_supported": ["openid", "offline"],
"code_challenge_methods_supported": ["S256"],
"claims_supported": ["groups"], "claims_supported": ["groups"],
"discovery.supervisor.pinniped.dev/v1alpha1": { "discovery.supervisor.pinniped.dev/v1alpha1": {
"pinniped_identity_providers_endpoint": "https://some-issuer.com/some/path/v1alpha1/pinniped_identity_providers" "pinniped_identity_providers_endpoint": "https://some-issuer.com/some/path/v1alpha1/pinniped_identity_providers"

1
test/integration/supervisor_discovery_test.go
View File

@ -505,6 +505,7 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
"scopes_supported": ["openid", "offline"], "scopes_supported": ["openid", "offline"],
"response_types_supported": ["code"], "response_types_supported": ["code"],
"response_modes_supported": ["query", "form_post"], "response_modes_supported": ["query", "form_post"],
"code_challenge_methods_supported": ["S256"],
"claims_supported": ["groups"], "claims_supported": ["groups"],
"discovery.supervisor.pinniped.dev/v1alpha1": {"pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers"}, "discovery.supervisor.pinniped.dev/v1alpha1": {"pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers"},
"subject_types_supported": ["public"], "subject_types_supported": ["public"],