oidctestutil

package
v0.35.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RequireAuthCodeRegexpMatch

func RequireAuthCodeRegexpMatch(
	t *testing.T,
	actualContent string,
	wantRegexp string,
	kubeClient *fake.Clientset,
	secretsClient v1.SecretInterface,
	oauthStore fositestoragei.AllFositeStorage,
	wantDownstreamGrantedScopes []string,
	wantDownstreamIDTokenSubject string,
	wantDownstreamIDTokenUsername string,
	wantDownstreamIDTokenGroups []string,
	wantDownstreamRequestedScopes []string,
	wantDownstreamPKCEChallenge string,
	wantDownstreamPKCEChallengeMethod string,
	wantDownstreamNonce string,
	wantDownstreamClientID string,
	wantDownstreamRedirectURI string,
)

func VerifyECDSAIDToken

func VerifyECDSAIDToken(
	t *testing.T,
	issuer, clientID string,
	jwtSigningKey *ecdsa.PrivateKey,
	idToken string,
) *coreosoidc.IDToken

VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.

Further validation can be done via callers via the returned coreosoidc.IDToken.

Types

type ExchangeAuthcodeAndValidateTokenArgs

type ExchangeAuthcodeAndValidateTokenArgs struct {
	Ctx                  context.Context
	Authcode             string
	PKCECodeVerifier     pkce.Code
	ExpectedIDTokenNonce nonce.Nonce
	RedirectURI          string
}

ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().

type ExpectedUpstreamStateParamFormat

type ExpectedUpstreamStateParamFormat struct {
	P string `json:"p"`
	U string `json:"u"`
	N string `json:"n"`
	C string `json:"c"`
	K string `json:"k"`
	V string `json:"v"`
}

Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.

type TestUpstreamLDAPIdentityProvider

type TestUpstreamLDAPIdentityProvider struct {
	Name             string
	URL              *url.URL
	AuthenticateFunc func(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
}

func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser

func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)

func (*TestUpstreamLDAPIdentityProvider) GetName

func (*TestUpstreamLDAPIdentityProvider) GetURL

type TestUpstreamOIDCIdentityProvider

type TestUpstreamOIDCIdentityProvider struct {
	Name                                  string
	ClientID                              string
	AuthorizationURL                      url.URL
	UsernameClaim                         string
	GroupsClaim                           string
	Scopes                                []string
	ExchangeAuthcodeAndValidateTokensFunc func(
		ctx context.Context,
		authcode string,
		pkceCodeVerifier pkce.Code,
		expectedIDTokenNonce nonce.Nonce,
	) (*oidctypes.Token, error)
	// contains filtered or unexported fields
}

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(
	ctx context.Context,
	authcode string,
	pkceCodeVerifier pkce.Code,
	expectedIDTokenNonce nonce.Nonce,
	redirectURI string,
) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int

func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL

func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL

func (*TestUpstreamOIDCIdentityProvider) GetClientID

func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string

func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim

func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string

func (*TestUpstreamOIDCIdentityProvider) GetName

func (*TestUpstreamOIDCIdentityProvider) GetScopes

func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string

func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim

func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string

func (*TestUpstreamOIDCIdentityProvider) ValidateToken

type UpstreamIDPListerBuilder

type UpstreamIDPListerBuilder struct {
	// contains filtered or unexported fields
}

func NewUpstreamIDPListerBuilder

func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) Build

func (*UpstreamIDPListerBuilder) WithLDAP

func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) WithOIDC

func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL