e0ecdc004b
This is only a first commit towards making this feature work. - Hook dynamic clients into fosite by returning them from the storage interface (after finding and validating them) - In the auth endpoint, prevent the use of the username and password headers for dynamic clients to force them to use the browser-based login flows for all the upstream types - Add happy path integration tests in supervisor_login_test.go - Add lots of comments (and some small refactors) in supervisor_login_test.go to make it much easier to understand - Add lots of unit tests for the auth endpoint regarding dynamic clients (more unit tests to be added for other endpoints in follow-up commits) - Enhance crud.go to make lifetime=0 mean never garbage collect, since we want client secret storage Secrets to last forever - Move the OIDCClient validation code to a package where it can be shared between the controller and the fosite storage interface - Make shared test helpers for tests that need to create OIDC client secret storage Secrets - Create a public const for "pinniped-cli" now that we are using that string in several places in the production code |
||
---|---|---|
.. | ||
browsertest | ||
access.go | ||
activedirectory.go | ||
assertions.go | ||
cli.go | ||
client.go | ||
env.go | ||
iotest.go | ||
iplookup_go1.14.go | ||
iplookup.go | ||
securetls_preference_fips.go | ||
securetls_preference_nonfips.go | ||
securetls.go | ||
skip.go | ||
spew.go |