From a3f7afaec4a2bd78bc9c38c85670ec6eeff009a7 Mon Sep 17 00:00:00 2001 From: hectorj2f Date: Mon, 18 Apr 2022 01:06:59 +0200 Subject: [PATCH] oidc: add code challenge supported methods Signed-off-by: hectorj2f --- internal/oidc/discovery/discovery_handler.go | 2 ++ internal/oidc/discovery/discovery_handler_test.go | 1 + test/integration/supervisor_discovery_test.go | 1 + 3 files changed, 4 insertions(+) diff --git a/internal/oidc/discovery/discovery_handler.go b/internal/oidc/discovery/discovery_handler.go index ca7fdd2b..8adf2350 100644 --- a/internal/oidc/discovery/discovery_handler.go +++ b/internal/oidc/discovery/discovery_handler.go @@ -37,6 +37,7 @@ type Metadata struct { TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` ScopesSupported []string `json:"scopes_supported"` ClaimsSupported []string `json:"claims_supported"` + CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"` // ^^^ Optional ^^^ @@ -64,6 +65,7 @@ func NewHandler(issuerURL string) http.Handler { SubjectTypesSupported: []string{"public"}, IDTokenSigningAlgValuesSupported: []string{"ES256"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, + CodeChallengeMethodsSupported: []string{"S256"}, ScopesSupported: []string{"openid", "offline"}, ClaimsSupported: []string{"groups"}, } diff --git a/internal/oidc/discovery/discovery_handler_test.go b/internal/oidc/discovery/discovery_handler_test.go index 855f830d..293cdad4 100644 --- a/internal/oidc/discovery/discovery_handler_test.go +++ b/internal/oidc/discovery/discovery_handler_test.go @@ -46,6 +46,7 @@ func TestDiscovery(t *testing.T) { "id_token_signing_alg_values_supported": ["ES256"], "token_endpoint_auth_methods_supported": ["client_secret_basic"], "scopes_supported": ["openid", "offline"], + "code_challenge_methods_supported": ["S256"], "claims_supported": ["groups"], "discovery.supervisor.pinniped.dev/v1alpha1": { "pinniped_identity_providers_endpoint": "https://some-issuer.com/some/path/v1alpha1/pinniped_identity_providers" diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index 9991fa01..2d828e4c 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -505,6 +505,7 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso "scopes_supported": ["openid", "offline"], "response_types_supported": ["code"], "response_modes_supported": ["query", "form_post"], + "code_challenge_methods_supported": ["S256"], "claims_supported": ["groups"], "discovery.supervisor.pinniped.dev/v1alpha1": {"pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers"}, "subject_types_supported": ["public"],