Ryan Richard
227fbd63aa
Use an interface instead of a concrete type for UpstreamOIDCIdentityProvider
...
Because we want it to implement an AuthcodeExchanger interface and
do it in a way that will be more unit test-friendly than the underlying
library that we intend to use inside its implementation.
2020-11-18 13:38:13 -08:00
Ryan Richard
052cdc40dc
callback_handler.go: add CSRF and version state validations
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-16 14:41:00 -05:00
Andrew Keesler
4138c9244f
callback_handler.go: write 2 invalid cookie tests
...
Also common-ize some more constants shared between the auth and callback
endpoints.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-16 11:47:49 -05:00
Andrew Keesler
3ef1171667
Tiny bit more code for Supervisor's callback_handler.go
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-13 15:59:51 -08:00
Ryan Richard
246471bc91
Also run OIDC validations in supervisor authorize endpoint
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-06 14:44:58 -08:00
Ryan Richard
33ce79f89d
Expose the Supervisor OIDC authorization endpoint to the public
2020-11-04 17:06:47 -08:00
Andrew Keesler
a36f7c6c07
Test that the port of localhost redirect URI is ignored during validation
...
Also move definition of our oauth client and the general fosite
configuration to a helper so we can use the same config to construct
the handler for both test and production code.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-04 15:04:50 -08:00
Ryan Richard
8b7d96f42c
Several small refactors related to OIDC providers
2020-10-08 11:28:21 -07:00
Andrew Keesler
fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 11:16:57 -04:00
