oidctestutil

package

v0.8.0 Latest Latest Go to latest Published: May 10, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/pinniped

Links

Open Source Insights

Documentation ¶

Index ¶

func NewIDPListGetter(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) provider.DynamicUpstreamIDPProvider
func VerifyECDSAIDToken(t *testing.T, issuer, clientID string, jwtSigningKey *ecdsa.PrivateKey, ...) *coreosoidc.IDToken
type ExchangeAuthcodeAndValidateTokenArgs
type ExpectedUpstreamStateParamFormat
type TestUpstreamOIDCIdentityProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewIDPListGetter ¶

func NewIDPListGetter(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) provider.DynamicUpstreamIDPProvider

func VerifyECDSAIDToken ¶

func VerifyECDSAIDToken(
	t *testing.T,
	issuer, clientID string,
	jwtSigningKey *ecdsa.PrivateKey,
	idToken string,
) *coreosoidc.IDToken

VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.

Further validation can be done via callers via the returned coreosoidc.IDToken.

Types ¶

type ExchangeAuthcodeAndValidateTokenArgs ¶

type ExchangeAuthcodeAndValidateTokenArgs struct {
	Ctx                  context.Context
	Authcode             string
	PKCECodeVerifier     pkce.Code
	ExpectedIDTokenNonce nonce.Nonce
	RedirectURI          string
}

ExchangeAuthcodeAndValidateTokenArgs is a POGO (plain old go object?) used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().

type ExpectedUpstreamStateParamFormat ¶

type ExpectedUpstreamStateParamFormat struct {
	P string `json:"p"`
	U string `json:"u"`
	N string `json:"n"`
	C string `json:"c"`
	K string `json:"k"`
	V string `json:"v"`
}

Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.

type TestUpstreamOIDCIdentityProvider ¶

type TestUpstreamOIDCIdentityProvider struct {
	Name                                  string
	ClientID                              string
	AuthorizationURL                      url.URL
	UsernameClaim                         string
	GroupsClaim                           string
	Scopes                                []string
	ExchangeAuthcodeAndValidateTokensFunc func(
		ctx context.Context,
		authcode string,
		pkceCodeVerifier pkce.Code,
		expectedIDTokenNonce nonce.Nonce,
	) (*oidctypes.Token, error)
	// contains filtered or unexported fields
}

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens ¶

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(
	ctx context.Context,
	authcode string,
	pkceCodeVerifier pkce.Code,
	expectedIDTokenNonce nonce.Nonce,
	redirectURI string,
) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs ¶

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount ¶

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int

func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL ¶

func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL

func (*TestUpstreamOIDCIdentityProvider) GetClientID ¶

func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string

func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim ¶

func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string

func (*TestUpstreamOIDCIdentityProvider) GetName ¶

func (u *TestUpstreamOIDCIdentityProvider) GetName() string

func (*TestUpstreamOIDCIdentityProvider) GetScopes ¶

func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string

func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim ¶

func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string

func (*TestUpstreamOIDCIdentityProvider) ValidateToken ¶

func (u *TestUpstreamOIDCIdentityProvider) ValidateToken(_ context.Context, _ *oauth2.Token, _ nonce.Nonce) (*oidctypes.Token, error)

Source Files ¶

View all Source files

oidc.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL