Documentation
¶
Index ¶
- func RequireAuthcodeRedirectLocation(t *testing.T, actualRedirectLocation string, wantRedirectLocationRegexp string, ...)
- func VerifyECDSAIDToken(t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, ...) *coreosoidc.IDToken
- type ExchangeAuthcodeAndValidateTokenArgs
- type ExpectedUpstreamStateParamFormat
- type TestUpstreamLDAPIdentityProvider
- type TestUpstreamOIDCIdentityProvider
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, ...) (*oidctypes.Token, error)
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
- func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
- func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
- func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
- func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) GetName() string
- func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
- func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
- func (u *TestUpstreamOIDCIdentityProvider) ValidateToken(_ context.Context, _ *oauth2.Token, _ nonce.Nonce) (*oidctypes.Token, error)
- type UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
- func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
- func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RequireAuthcodeRedirectLocation ¶
func RequireAuthcodeRedirectLocation( t *testing.T, actualRedirectLocation string, wantRedirectLocationRegexp string, kubeClient *fake.Clientset, secretsClient v1.SecretInterface, oauthStore fositestoragei.AllFositeStorage, wantDownstreamGrantedScopes []string, wantDownstreamIDTokenSubject string, wantDownstreamIDTokenUsername string, wantDownstreamIDTokenGroups []string, wantDownstreamRequestedScopes []string, wantDownstreamPKCEChallenge string, wantDownstreamPKCEChallengeMethod string, wantDownstreamNonce string, wantDownstreamClientID string, wantDownstreamRedirectURI string, )
func VerifyECDSAIDToken ¶
func VerifyECDSAIDToken( t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, idToken string, ) *coreosoidc.IDToken
VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.
Further validation can be done via callers via the returned coreosoidc.IDToken.
Types ¶
type ExchangeAuthcodeAndValidateTokenArgs ¶
type ExchangeAuthcodeAndValidateTokenArgs struct {
Ctx context.Context
Authcode string
PKCECodeVerifier pkce.Code
ExpectedIDTokenNonce nonce.Nonce
RedirectURI string
}
ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().
type ExpectedUpstreamStateParamFormat ¶
type ExpectedUpstreamStateParamFormat struct {
P string `json:"p"`
U string `json:"u"`
N string `json:"n"`
C string `json:"c"`
K string `json:"k"`
V string `json:"v"`
}
Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.
type TestUpstreamLDAPIdentityProvider ¶
type TestUpstreamLDAPIdentityProvider struct {
Name string
URL *url.URL
AuthenticateFunc func(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
}
func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser ¶
func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
func (*TestUpstreamLDAPIdentityProvider) GetName ¶
func (u *TestUpstreamLDAPIdentityProvider) GetName() string
func (*TestUpstreamLDAPIdentityProvider) GetURL ¶
func (u *TestUpstreamLDAPIdentityProvider) GetURL() *url.URL
type TestUpstreamOIDCIdentityProvider ¶
type TestUpstreamOIDCIdentityProvider struct {
Name string
ClientID string
AuthorizationURL url.URL
UsernameClaim string
GroupsClaim string
Scopes []string
ExchangeAuthcodeAndValidateTokensFunc func(
ctx context.Context,
authcode string,
pkceCodeVerifier pkce.Code,
expectedIDTokenNonce nonce.Nonce,
) (*oidctypes.Token, error)
// contains filtered or unexported fields
}
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens ¶
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs
func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount ¶
func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int
func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL ¶
func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL
func (*TestUpstreamOIDCIdentityProvider) GetClientID ¶
func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string
func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string
func (*TestUpstreamOIDCIdentityProvider) GetName ¶
func (u *TestUpstreamOIDCIdentityProvider) GetName() string
func (*TestUpstreamOIDCIdentityProvider) GetScopes ¶
func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string
func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim ¶
func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string
type UpstreamIDPListerBuilder ¶
type UpstreamIDPListerBuilder struct {
// contains filtered or unexported fields
}
func NewUpstreamIDPListerBuilder ¶
func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) Build ¶
func (b *UpstreamIDPListerBuilder) Build() provider.DynamicUpstreamIDPProvider
func (*UpstreamIDPListerBuilder) WithLDAP ¶
func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder
func (*UpstreamIDPListerBuilder) WithOIDC ¶
func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder
Source Files
Click to show internal directories.
Click to hide internal directories.