Movatterモバイル変換

[0]ホーム
URL:

oidctest

package
v2.24.2Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Jul 15, 2025 License:AGPL-3.0Imports:45Imported by:0

Details

Repository

github.com/coder/coder

Links

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

funcFakeIDPKeyadded inv2.20.0

func FakeIDPKey() (*rsa.PrivateKey,error)

funcOAuth2GetCodeadded inv2.9.0

func OAuth2GetCode(rawAuthURLstring, doRequest func(req *http.Request) (*http.Response,error)) (string,error)

OAuth2GetCode emulates a user clicking "allow" on the IDP page. When doingunit tests, it's easier to skip this step sometimes. It does make an actualrequest to the IDP, so it should be equivalent to doing this "manually" withactual requests.

funcStatusErroradded inv2.1.5

func StatusError(codeint, errerror)error

funcWith429added inv2.9.0

func With429(paramsWith429Arguments) func(*FakeIDP)

With429 will emulate a 429 response for the selected paths.

funcWithAccessTokenJWTHookadded inv2.20.0

func WithAccessTokenJWTHook(hook func(emailstring, exptime.Time) jwt.MapClaims) func(*FakeIDP)

funcWithAuthorizedRedirectURL

func WithAuthorizedRedirectURL(hook func(redirectURLstring)error) func(*FakeIDP)

funcWithCallbackPathadded inv2.8.0

func WithCallbackPath(pathstring) func(*FakeIDP)

funcWithCustomClientAuth

func WithCustomClientAuth(hook func(ttesting.TB, req *http.Request) (url.Values,error)) func(*FakeIDP)

funcWithDefaultExpireadded inv2.7.0

func WithDefaultExpire(dtime.Duration) func(*FakeIDP)

funcWithDefaultIDClaimsadded inv2.7.0

func WithDefaultIDClaims(claims jwt.MapClaims) func(*FakeIDP)

funcWithDynamicUserInfo

func WithDynamicUserInfo(userInfoFunc func(emailstring) (jwt.MapClaims,error)) func(*FakeIDP)

funcWithHookWellKnownadded inv2.14.0

func WithHookWellKnown(hook func(r *http.Request, j *ProviderJSON)error) func(*FakeIDP)

funcWithIssuer

func WithIssuer(issuerstring) func(*FakeIDP)

funcWithLoggeradded inv2.7.0

func WithLogger(loggerslog.Logger) func(*FakeIDP)

funcWithLogging

func WithLogging(ttesting.TB, options *slogtest.Options) func(*FakeIDP)

WithLogging is optional, but will log some HTTP calls made to the IDP.

funcWithMiddlewaresadded inv2.7.0

func WithMiddlewares(mws ...func(http.Handler)http.Handler) func(*FakeIDP)

funcWithMutateTokenadded inv2.3.0

func WithMutateToken(mutateToken func(token map[string]interface{})) func(*FakeIDP)

WithExtra returns extra fields that be accessed on the returned Oauth Token.These extra fields can override the default fields (id_token, access_token, etc).

funcWithRefreshadded inv2.1.5

func WithRefresh(hook func(emailstring)error) func(*FakeIDP)

WithRefresh is called when a refresh token is used. The email isthe email of the user that is being refreshed assuming the claims are correct.

funcWithServing

func WithServing() func(*FakeIDP)

WithServing makes the IDP run an actual http server.

funcWithStaticCredentialsadded inv2.7.0

func WithStaticCredentials(id, secretstring) func(*FakeIDP)

funcWithStaticUserInfo

func WithStaticUserInfo(info jwt.MapClaims) func(*FakeIDP)

WithStaticUserInfo is optional, but will return the same user info forevery user on the /userinfo endpoint.

Types

typeExternalAuthConfigOptionsadded inv2.5.0

type ExternalAuthConfigOptions struct {// ValidatePayload is the payload that is used when the user calls the// equivalent of "userinfo" for oauth2. This is not standardized, so is// different for each provider type.//// The int,error payload can control the response if set.ValidatePayload func(emailstring) (interface{},int,error)UseDeviceAuthbool// contains filtered or unexported fields}

ExternalAuthConfigOptions exists to provide additional functionality ontopof the standard "validate" url. Some providers like github we actually parsethe response from the validate URL to gain additional information.

func (*ExternalAuthConfigOptions)AddRouteadded inv2.5.0

typeFakeIDP

type FakeIDP struct {// contains filtered or unexported fields}

FakeIDP is a functional OIDC provider.It only supports 1 OIDC client.

funcNewFakeIDP

func NewFakeIDP(ttesting.TB, opts ...FakeIDPOpt) *FakeIDP

func (*FakeIDP)AppCredentialsadded inv2.7.0

func (f *FakeIDP) AppCredentials() (clientIDstring, clientSecretstring)

func (*FakeIDP)AttemptLogin

func (f *FakeIDP) AttemptLogin(ttesting.TB, client *codersdk.Client, idTokenClaims jwt.MapClaims, opts ...func(r *http.Request)) (*codersdk.Client, *http.Response)

func (*FakeIDP)CreateAuthCodeadded inv2.7.0

func (f *FakeIDP) CreateAuthCode(ttesting.TB, statestring)string

CreateAuthCode emulates a user clicking "allow" on the IDP page. When doingunit tests, it's easier to skip this step sometimes. It does make an actualrequest to the IDP, so it should be equivalent to doing this "manually" withactual requests.

func (*FakeIDP)DeviceLoginadded inv2.8.0

func (*FakeIDP) DeviceLogin(ttesting.TB, client *codersdk.Client, externalAuthIDstring)

DeviceLogin does the oauth2 device flow for external auth providers.

func (*FakeIDP)ExternalAuthConfigadded inv2.5.0

func (f *FakeIDP) ExternalAuthConfig(ttesting.TB, idstring, custom *ExternalAuthConfigOptions, opts ...func(cfg *externalauth.Config)) *externalauth.Config

ExternalAuthConfig is the config for external auth providers.

func (*FakeIDP)ExternalLoginadded inv2.5.0

func (f *FakeIDP) ExternalLogin(ttesting.TB, client *codersdk.Client, opts ...func(r *http.Request))

ExternalLogin does the oauth2 flow for external auth providers. This requiresan authenticated coder client.

func (*FakeIDP)GenerateAuthenticatedTokenadded inv2.1.5

func (f *FakeIDP) GenerateAuthenticatedToken(claims jwt.MapClaims) (*oauth2.Token,error)

GenerateAuthenticatedToken skips all oauth2 flows, and just generates avalid token for some given claims.

func (*FakeIDP)HTTPClient

func (f *FakeIDP) HTTPClient(rest *http.Client) *http.Client

HTTPClient does nothing if IsServing is used.

If IsServing is not used, then it will return a client that will make requeststo the IDP all in memory. If a request is not to the IDP, then the passed inclient will be used. If no client is passed in, then any regular networkrequests will fail.

func (*FakeIDP)IssuerURLadded inv2.7.0

func (f *FakeIDP) IssuerURL() *url.URL

func (*FakeIDP)Login

func (f *FakeIDP) Login(ttesting.TB, client *codersdk.Client, idTokenClaims jwt.MapClaims, opts ...func(r *http.Request)) (*codersdk.Client, *http.Response)

Login does the full OIDC flow starting at the "LoginButton".The client argument is just to get the URL of the Coder instance.

The client passed in is just to get the url of the Coder instance.The actual client that is used is 100% unauthenticated and fresh.

func (*FakeIDP)LoginWithClient

func (f *FakeIDP) LoginWithClient(ttesting.TB, client *codersdk.Client, idTokenClaims jwt.MapClaims, opts ...func(r *http.Request)) (*codersdk.Client, *http.Response)

LoginWithClient reuses the context of the passed in client. This means the samecookies will be used. This should be an unauthenticated client in most cases.

This is a niche case, but it is needed for testing ConvertLoginType.

func (*FakeIDP)OIDCCallback

func (f *FakeIDP) OIDCCallback(ttesting.TB, statestring, idTokenClaims jwt.MapClaims) *http.Response

OIDCCallback will emulate the IDP redirecting back to the Coder callback.This is helpful if no Coderd exists because the IDP needs to redirect tosomething.Essentially this is used to fake the Coderd side of the exchange.The flow starts at the user hitting the OIDC login page.

func (*FakeIDP)OIDCConfig

func (f *FakeIDP) OIDCConfig(ttesting.TB, scopes []string, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig

func (*FakeIDP)OIDCConfigSkipIssuerChecksadded inv2.14.0

func (f *FakeIDP) OIDCConfigSkipIssuerChecks(ttesting.TB, scopes []string, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig

func (*FakeIDP)OauthConfigadded inv2.14.0

func (f *FakeIDP) OauthConfig(ttesting.TB, scopes []string) *oauth2.Config

func (*FakeIDP)PublicKeyadded inv2.14.0

func (f *FakeIDP) PublicKey()crypto.PublicKey

func (*FakeIDP)RefreshUsed

func (f *FakeIDP) RefreshUsed(refreshTokenstring)bool

RefreshUsed returns if the refresh token has been used. All refresh tokenscan only be used once, then they are deleted.

func (*FakeIDP)SetCoderdCallback

func (f *FakeIDP) SetCoderdCallback(callback func(req *http.Request) (*http.Response,error))

SetCoderdCallback is optional and only works if not using the IsServing.It will setup a fake "Coderd" for the IDP to call when the IDP redirectsback after authenticating.

func (*FakeIDP)SetCoderdCallbackHandler

func (f *FakeIDP) SetCoderdCallbackHandler(handlerhttp.HandlerFunc)

func (*FakeIDP)SetRedirect

func (f *FakeIDP) SetRedirect(ttesting.TB, ustring)

SetRedirect is required for the IDP to know where to redirect and callCoderd.

func (*FakeIDP)UpdateRefreshClaims

func (f *FakeIDP) UpdateRefreshClaims(refreshTokenstring, claims jwt.MapClaims)

UpdateRefreshClaims allows the caller to change what claims are returnedfor a given refresh token. By default, all refreshes use the same claims asthe original IDToken issuance.

func (*FakeIDP)WellknownConfigadded inv2.1.5

func (f *FakeIDP) WellknownConfig()ProviderJSON

typeFakeIDPOpt

type FakeIDPOpt func(idp *FakeIDP)

typeLoginHelper

type LoginHelper struct {// contains filtered or unexported fields}

LoginHelper helps with logging in a user and refreshing their oauth tokens.It is mainly because refreshing oauth tokens is a bit tricky and requiressome database manipulation.

funcNewLoginHelper

func NewLoginHelper(client *codersdk.Client, fake *FakeIDP) *LoginHelper

func (*LoginHelper)AttemptLoginadded inv2.5.0

func (h *LoginHelper) AttemptLogin(t *testing.T, idTokenClaims jwt.MapClaims) (*codersdk.Client, *http.Response)

AttemptLogin does not assert a successful login.

func (*LoginHelper)ExpireOauthToken

func (*LoginHelper) ExpireOauthToken(t *testing.T, dbdatabase.Store, user *codersdk.Client)database.UserLink

ExpireOauthToken expires the oauth token for the given user.

func (*LoginHelper)ForceRefresh

func (h *LoginHelper) ForceRefresh(t *testing.T, dbdatabase.Store, user *codersdk.Client, idToken jwt.MapClaims)

ForceRefresh forces the client to refresh its oauth token. It does this byexpiring the oauth token, then doing an authenticated call. This will forcethe API Key middleware to refresh the oauth token.

A unit test assertion makes sure the refresh token is used.

func (*LoginHelper)Login

func (h *LoginHelper) Login(t *testing.T, idTokenClaims jwt.MapClaims) (*codersdk.Client, *http.Response)

Login just helps by making an unauthenticated client and logging in withthe given claims. All Logins should be unauthenticated, so this is aconvenience method.

typeProviderJSONadded inv2.1.5

type ProviderJSON struct {Issuerstring   `json:"issuer"`AuthURLstring   `json:"authorization_endpoint"`TokenURLstring   `json:"token_endpoint"`JWKSURLstring   `json:"jwks_uri"`UserInfoURLstring   `json:"userinfo_endpoint"`DeviceCodeURLstring   `json:"device_authorization_endpoint"`Algorithms    []string `json:"id_token_signing_alg_values_supported"`// This is customExternalAuthURLstring `json:"external_auth_url"`}

ProviderJSON is the .well-known/configuration JSON

typeWith429Argumentsadded inv2.9.0

type With429Arguments struct {AllPathsboolTokenPathboolAuthorizePathboolKeysPathboolUserInfoPathboolDeviceAuthboolDeviceVerifybool}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp