djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,069 Commits 30 Branches 34 Tags 22 MiB
8527c363bb
Commit Graph

34 Commits

Author SHA1 Message Date
Matt Moyer
8527c363bb
Rename the "pinniped.sts.unrestricted" scope to "pinniped:request-audience". 
This is a bit more clear. We're changing this now because it is a non-backwards-compatible change that we can make now since none of this RFC8693 token exchange stuff has been released yet.

There is also a small typo fix in some flag usages (s/RF8693/RFC8693/)

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-16 14:24:13 -06:00
Ryan Richard
7cda6628a6
Merge branch 'main' into fosite-settings 2020-12-11 18:19:37 -08:00
Ryan Richard
020fbcf190 Adjust some expectations about the state and nonce lengths 2020-12-11 17:39:58 -08:00
Ryan Richard
afd216308b KubeStorage annotates every Secret with garbage-collect-after timestamp 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-10 14:47:58 -08:00
Margo Crawford
b0c354637d WIP passing lifetime through to storage, unit tests are failing 
Signed-off-by: Ryan Richard <rrichard@vmware.com>
 2020-12-10 12:15:40 -08:00
Ryan Richard
a561fd21d9 Consolidate the supervisor's timeout settings into a single struct 
- This struct represents the configuration of all timeouts. These
  timeouts are all interrelated to declare them all in one place.
  This should also make it easier to allow the user to override
  our defaults if we would like to implement such a feature in the
  future.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-10 10:14:54 -08:00
Ryan Richard
5b7c510577 Fixed error handling for token exchange when openid scope missing 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 15:15:50 -08:00
Ryan Richard
0abadddb1a token_handler_test.go: modify a test about refresh request scopes param 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 15:03:52 -08:00
Margo Crawford
5f6e7de785 Merge branch 'token-refresh' into token-exchange-endpoint 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-09 14:56:41 -08:00
Ryan Richard
64631d5780 token_handler_test.go: add even more test cases for refresh grant 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 14:53:39 -08:00
Ryan Richard
0386658d26 token_handler_test.go: add more test cases for refresh grant 2020-12-09 14:12:00 -08:00
Matt Moyer
3e6ebab389
Clean up TestTokenExchange a bit. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 14:49:44 -06:00
Matt Moyer
f90b5d48de
Merge branch 'token-refresh' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint 2020-12-09 14:46:57 -06:00
Matt Moyer
016b0e9a8e
Satisfy the pedantic linter config 🙃. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 14:41:27 -06:00
Ryan Richard
51c828382f Supervisor token endpoint supports refresh grant type 
- This commit does not include the sad path tests for the refresh
  grant type, which will come in a future commit.
 2020-12-09 12:12:59 -08:00
Matt Moyer
02d96d731f
Finish TestTokenExchange unit tests and add missing scope check. 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 13:56:53 -06:00
Ryan Richard
6420caca94 Bring back the test that was skipped by the previous commit 
- This test is still a work in progress. Some TODO comments
  have been added to give hints for next steps.
 2020-12-08 18:25:01 -08:00
Ryan Richard
f84dda937b Merge branch 'token-refresh' into token-exchange-endpoint 2020-12-08 18:12:12 -08:00
Ryan Richard
ef4ef583dc token_handler_test.go: Refactor how we specify the expected results 
- This is to make it easier for the token exchange branch to also edit
  this test without causing a lot of merge conflicts with the
  refresh token branch, to enable parallel development of closely
  related stories.
 2020-12-08 18:10:55 -08:00
Margo Crawford
f103c02408 Add check for grant type in tokenexchangehandler, 
- also started writing a test for the tokenexchangehandler, skipping for
now

Signed-off-by: Ryan Richard <rrichard@vmware.com>
 2020-12-08 17:33:08 -08:00
Ryan Richard
170982a688 refactor token_handler_test.go: easier to make more requests after initial authcode exchange 
- This refactor will allow us to add new test tables for the
  refresh and token exchange requests, which both must come after
  an initial successful authcode exchange has already happened

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-08 16:54:58 -08:00
Ryan Richard
18d90a727e token_handler_test.go: refresh token gets deleted when authcode reused 2020-12-08 12:12:55 -08:00
Ryan Richard
c090eb6a62 Supervisor token endpoint returns refresh tokens when requested 2020-12-08 11:47:39 -08:00
Aram Price
648fa4b9ba Backfill test for token endpoint error when JWK is not yet available 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-07 11:53:24 -08:00
Ryan Richard
858356610c Make assertions about how many secrets were stored by fosite in tests 
In both callback_handler_test.go and token_handler_test.go

Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-04 15:40:17 -08:00
Ryan Richard
ac83633888 Add fosite kube storage for access and refresh tokens 
Also switched the token_handler_test.go to use kube storage.

Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-04 14:31:06 -08:00
Andrew Keesler
03806629b8
Cleanup code via TODOs accumulated during token endpoint work 
We opened https://github.com/vmware-tanzu/pinniped/issues/254 for the TODO in
dynamicOpenIDConnectECDSAStrategy.GenerateToken().

This commit also ensures that linting and unit tests are passing again.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-04 10:09:42 -05:00
Andrew Keesler
58237d0e7d
WIP: start to wire signing key into token handler 
This commit includes a failing test (amongst other compiler failures) for the
dynamic signing key fetcher that we will inject into fosite. We are checking it
in so that we can pass the WIP off.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-03 15:37:25 -05:00
aram price
05085d8e23 Use anonymous interface in test for Storage 2020-12-03 11:26:36 -08:00
Ryan Richard
67bf54a9f9 Use an interface for storage in token_handler_test.go 
Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-03 11:05:47 -08:00
Margo Crawford
1dd7c82af6 Added id token verification 2020-12-02 16:55:48 -08:00
Margo Crawford
9419b7392d
WIP: start to validate ID token returned from token endpoint 
This won't compile, but we are passing this between two teammates.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-02 16:26:47 -05:00
Andrew Keesler
09e6c86c46
token_handler.go: complete some TODOs and strengthen double auth code test 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-02 15:33:57 -05:00
Andrew Keesler
970be58847
token_handler.go: first draft of token handler, with a bunch of TODOs 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-02 11:14:45 -05:00