auth_handler.go: only inject oauth store into handler

Previously we were injecting the whole oauth handler chain into this function,
which meant we were essentially writing unit tests to test our tests. Let's push
some of this logic into the source code.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

internal/oidc/auth/auth_handler.go

@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/ory/fosite"
+	"github.com/ory/fosite/compose"
 	"golang.org/x/oauth2"
 	"k8s.io/klog/v2"
 
@@ -26,11 +26,23 @@ type IDPListGetter interface {
 func NewHandler(
 	issuer string,
 	idpListGetter IDPListGetter,
-	oauthHelper fosite.OAuth2Provider,
+	oauthStore interface{},
 	generateState func() (state.State, error),
 	generatePKCE func() (pkce.Code, error),
 	generateNonce func() (nonce.Nonce, error),
 ) http.Handler {
+	oauthHelper := compose.Compose(
+		&compose.Config{},
+		oauthStore,
+		&compose.CommonStrategy{
+			// Shouldn't need any of this - we aren't doing auth code stuff, issuing ID tokens, or signing
+			// anything yet.
+		},
+		nil, // hasher, shouldn't need this - we aren't doing any client auth...yet?
+		compose.OAuth2AuthorizeExplicitFactory,
+		compose.OpenIDConnectExplicitFactory,
+		compose.OAuth2PKCEFactory,
+	)
 	return httperr.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
 		if r.Method != http.MethodPost && r.Method != http.MethodGet {
 			// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

internal/oidc/auth/auth_handler_test.go

@@ -13,7 +13,6 @@ import (
 	"testing"
 
 	"github.com/ory/fosite"
-	"github.com/ory/fosite/compose"
 	"github.com/ory/fosite/storage"
 	"github.com/stretchr/testify/require"
 
@@ -77,18 +76,6 @@ func TestAuthorizationEndpoint(t *testing.T) {
 			},
 		},
 	}
-	oauthHelper := compose.Compose(
-		&compose.Config{},
-		oauthStore,
-		&compose.CommonStrategy{
-			// Shouldn't need any of this - we aren't doing auth code stuff, issuing ID tokens, or signing
-			// anything yet.
-		},
-		nil,                                    // hasher, shouldn't need this - we aren't doing any client auth
-		compose.OAuth2AuthorizeExplicitFactory, // need this to validate generic OAuth2 stuff
-		compose.OpenIDConnectExplicitFactory,   // need this to validate OIDC stuff
-		compose.OAuth2PKCEFactory,              // need this to validate PKCE stuff
-	)
 
 	happyStateGenerator := func() (state.State, error) { return "test-state", nil }
 	happyPKCEGenerator := func() (pkce.Code, error) { return "test-pkce", nil }
@@ -340,7 +327,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			subject := NewHandler(test.issuer, test.idpListGetter, oauthHelper, test.generateState, test.generatePKCE, test.generateNonce)
+			subject := NewHandler(test.issuer, test.idpListGetter, oauthStore, test.generateState, test.generatePKCE, test.generateNonce)
 			runOneTestCase(t, test, subject)
 		})
 	}
@@ -349,7 +336,7 @@ func TestAuthorizationEndpoint(t *testing.T) {
 		test := tests[0]
 		require.Equal(t, "happy path using GET", test.name) // re-use the happy path test case
 
-		subject := NewHandler(test.issuer, test.idpListGetter, oauthHelper, test.generateState, test.generatePKCE, test.generateNonce)
+		subject := NewHandler(test.issuer, test.idpListGetter, oauthStore, test.generateState, test.generatePKCE, test.generateNonce)
 
 		runOneTestCase(t, test, subject)