Ryan Richard
f38c150f6a
Finished tests for pkce storage and added it to kubestorage
...
- Also fixed some lint errors with v1.33.0 of the linter
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-01 14:53:22 -08:00
Ryan Richard
e6b6c0e3ab
Merge branch 'main' into callback-endpoint
2020-11-20 15:50:26 -08:00
Ryan Richard
ccddeb4cda
Merge branch 'main' into callback-endpoint
2020-11-20 15:13:25 -08:00
Monis Khan
d39cc08b66
Set defaults for fosite config
...
Signed-off-by: Monis Khan <mok@vmware.com>
2020-11-20 17:18:52 -05:00
Ryan Richard
72321fc106
Use /callback (without IDP name) path for callback endpoint (part 1)
...
This is much nicer UX for an administrator installing a UpstreamOIDCProvider
CRD. They don't have to guess as hard at what the callback endpoint path should
be for their UpstreamOIDCProvider.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-20 16:14:45 -05:00
Andrew Keesler
541019eb98
callback_handler.go: simplify stored ID token claims
...
Fosite is gonna set these fields for us.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-20 15:36:51 -05:00
Andrew Keesler
488d1b663a
internal/oidc/provider/manager: route to callback endpoint
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-20 10:44:56 -05:00
Ryan Richard
227fbd63aa
Use an interface instead of a concrete type for UpstreamOIDCIdentityProvider
...
Because we want it to implement an AuthcodeExchanger interface and
do it in a way that will be more unit test-friendly than the underlying
library that we intend to use inside its implementation.
2020-11-18 13:38:13 -08:00
Ryan Richard
052cdc40dc
callback_handler.go: add CSRF and version state validations
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-16 14:41:00 -05:00
Andrew Keesler
4138c9244f
callback_handler.go: write 2 invalid cookie tests
...
Also common-ize some more constants shared between the auth and callback
endpoints.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-16 11:47:49 -05:00
Andrew Keesler
3ef1171667
Tiny bit more code for Supervisor's callback_handler.go
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-13 15:59:51 -08:00
Ryan Richard
246471bc91
Also run OIDC validations in supervisor authorize endpoint
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-06 14:44:58 -08:00
Ryan Richard
33ce79f89d
Expose the Supervisor OIDC authorization endpoint to the public
2020-11-04 17:06:47 -08:00
Andrew Keesler
a36f7c6c07
Test that the port of localhost redirect URI is ignored during validation
...
Also move definition of our oauth client and the general fosite
configuration to a helper so we can use the same config to construct
the handler for both test and production code.
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-11-04 15:04:50 -08:00
Ryan Richard
8b7d96f42c
Several small refactors related to OIDC providers
2020-10-08 11:28:21 -07:00
Andrew Keesler
fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 11:16:57 -04:00