NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitbb4ce87

authored

fix: add support for custom auth header with client secret (#10513)

This fixes OAuth2 with JFrog Artifactory.

1 parent21dc93c commitbb4ce87Copy full SHA for bb4ce87

File tree

4 files changed

+72

-0

lines changed

coderd/externalauth
- externalauth.go
- externalauth_test.go
codersdk
- externalauth.go
site/src/api
- typesGenerated.ts

4 files changed

+72

-0

lines changed

`‎coderd/externalauth/externalauth.go`

Lines changed: 28 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -457,6 +457,9 @@ func ConvertConfig(entries []codersdk.ExternalAuthConfig, accessURL *url.URL) ([`
`457`	`457`	`ifentry.Type==string(codersdk.EnhancedExternalAuthProviderAzureDevops) {`
`458`	`458`	`oauthConfig=&jwtConfig{oc}`
`459`	`459`	`}`
	`460`	`+ifentry.Type==string(codersdk.EnhancedExternalAuthProviderJFrog) {`
	`461`	`+oauthConfig=&exchangeWithClientSecret{oc}`
	`462`	`+}`
`460`	`463`
`461`	`464`	`cfg:=&Config{`
`462`	`465`	`OAuth2Config:oauthConfig,`
`@@ -619,3 +622,28 @@ func (c *jwtConfig) Exchange(ctx context.Context, code string, opts ...oauth2.Au`
`619`	`622`	`)...,`
`620`	`623`	`)`
`621`	`624`	`}`
	`625`	`+`
	`626`	`+// exchangeWithClientSecret wraps an OAuth config and adds the client secret`
	`627`	`+// to the Exchange request as a Bearer header. This is used by JFrog Artifactory.`
	`628`	`+typeexchangeWithClientSecretstruct {`
	`629`	`+*oauth2.Config`
	`630`	`+}`
	`631`	`+`
	`632`	`+func (eexchangeWithClientSecret)Exchange(ctx context.Context,codestring,opts...oauth2.AuthCodeOption) (oauth2.Token,error) {`
	`633`	`+httpClient,ok:=ctx.Value(oauth2.HTTPClient).(*http.Client)`
	`634`	`+ifhttpClient==nil\|\|!ok {`
	`635`	`+httpClient=http.DefaultClient`
	`636`	`+}`
	`637`	`+oldTransport:=httpClient.Transport`
	`638`	`+httpClient.Transport=roundTripper(func(reqhttp.Request) (http.Response,error) {`
	`639`	`+req.Header.Set("Authorization","Bearer "+e.ClientSecret)`
	`640`	`+returnoldTransport.RoundTrip(req)`
	`641`	`+})`
	`642`	`+returne.Config.Exchange(context.WithValue(ctx,oauth2.HTTPClient,httpClient),code,opts...)`
	`643`	`+}`
	`644`	`+`
	`645`	`+typeroundTripperfunc(reqhttp.Request) (http.Response,error)`
	`646`	`+`
	`647`	`+func (rroundTripper)RoundTrip(reqhttp.Request) (http.Response,error) {`
	`648`	`+returnr(req)`
	`649`	`+}`

`‎coderd/externalauth/externalauth_test.go`

Lines changed: 41 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"net/http"`
	`7`	`+"net/http/httptest"`
`7`	`8`	`"net/url"`
`8`	`9`	`"testing"`
`9`	`10`	`"time"`
`@@ -298,6 +299,40 @@ func TestRefreshToken(t *testing.T) {`
`298`	`299`	`})`
`299`	`300`	`}`
`300`	`301`
	`302`	`+funcTestExchangeWithClientSecret(t*testing.T) {`
	`303`	`+t.Parallel()`
	`304`	`+// This ensures a provider that requires the custom`
	`305`	`+// client secret exchange works.`
	`306`	`+configs,err:=externalauth.ConvertConfig([]codersdk.ExternalAuthConfig{{`
	`307`	`+// JFrog just happens to require this custom type.`
	`308`	`+`
	`309`	`+Type:codersdk.EnhancedExternalAuthProviderJFrog.String(),`
	`310`	`+ClientID:"id",`
	`311`	`+ClientSecret:"secret",`
	`312`	`+}},&url.URL{})`
	`313`	`+require.NoError(t,err)`
	`314`	`+config:=configs[0]`
	`315`	`+`
	`316`	`+client:=&http.Client{`
	`317`	`+Transport:roundTripper(func(reqhttp.Request) (http.Response,error) {`
	`318`	`+require.Equal(t,"Bearer secret",req.Header.Get("Authorization"))`
	`319`	`+rec:=httptest.NewRecorder()`
	`320`	`+rec.WriteHeader(http.StatusOK)`
	`321`	`+body,err:=json.Marshal(&oauth2.Token{`
	`322`	`+AccessToken:"bananas",`
	`323`	`+})`
	`324`	`+iferr!=nil {`
	`325`	`+returnnil,err`
	`326`	`+}`
	`327`	`+_,err=rec.Write(body)`
	`328`	`+returnrec.Result(),err`
	`329`	`+}),`
	`330`	`+}`
	`331`	`+`
	`332`	`+_,err=config.Exchange(context.WithValue(context.Background(),oauth2.HTTPClient,client),"code")`
	`333`	`+require.NoError(t,err)`
	`334`	`+}`
	`335`	`+`
`301`	`336`	`funcTestConvertYAML(t*testing.T) {`
`302`	`337`	`t.Parallel()`
`303`	`338`	`for_,tc:=range []struct {`
`@@ -438,3 +473,9 @@ func setupOauth2Test(t testing.T, settings testConfig) (oidctest.FakeIDP, *ext`
`438`	`473`
`439`	`474`	`returnfake,config,link`
`440`	`475`	`}`
	`476`	`+`
	`477`	`+typeroundTripperfunc(reqhttp.Request) (http.Response,error)`
	`478`	`+`
	`479`	`+func (rroundTripper)RoundTrip(reqhttp.Request) (http.Response,error) {`
	`480`	`+returnr(req)`
	`481`	`+}`

`‎codersdk/externalauth.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ const (`
`35`	`35`	`EnhancedExternalAuthProviderGitLabEnhancedExternalAuthProvider="gitlab"`
`36`	`36`	`EnhancedExternalAuthProviderBitBucketEnhancedExternalAuthProvider="bitbucket"`
`37`	`37`	`EnhancedExternalAuthProviderSlackEnhancedExternalAuthProvider="slack"`
	`38`	`+EnhancedExternalAuthProviderJFrogEnhancedExternalAuthProvider="jfrog"`
`38`	`39`	`)`
`39`	`40`
`40`	`41`	`typeExternalAuthstruct {`

`‎site/src/api/typesGenerated.ts`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbb4ce87

File tree

4 files changed

4 files changed

`‎coderd/externalauth/externalauth.go`

`‎coderd/externalauth/externalauth_test.go`

`‎codersdk/externalauth.go`

`‎site/src/api/typesGenerated.ts`

0 commit comments