Set docs for client secret as mandatory, but it can be blank.

2019-03-15 11:10:52 -07:00 · 2019-03-15 11:10:52 -07:00 · 5edbce017f
commit 5edbce017f
parent 2c0c0112c6
2 changed files with 11 additions and 10 deletions
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@ -42,13 +42,12 @@ type openIDPayload struct {

 // OIDC represents an OAuth 2.0 OpenID Connect provider.
 //
-// ClientSecret is optional, and it will be only necessary if an implicit flow
-// is not available, the value will be visible in the provisioners endpoint.
+// ClientSecret is mandatory, but it can be an empty string.
 type OIDC struct {
 	Type                  string   `json:"type"`
 	Name                  string   `json:"name"`
 	ClientID              string   `json:"clientID"`
-	ClientSecret          string   `json:"clientSecret,omitempty"`
+	ClientSecret          string   `json:"clientSecret"`
 	ConfigurationEndpoint string   `json:"configurationEndpoint"`
 	Claims                *Claims  `json:"claims,omitempty"`
 	Admins                []string `json:"admins,omitempty"`
--- a/authority/provisioner/oidc_test.go
+++ b/authority/provisioner/oidc_test.go
@ -68,6 +68,7 @@ func TestOIDC_Init(t *testing.T) {
 		Type                  string
 		Name                  string
 		ClientID              string
+		ClientSecret          string
 		ConfigurationEndpoint string
 		Claims                *Claims
 		Admins                []string
@ -81,13 +82,14 @@ func TestOIDC_Init(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		{"ok", fields{"oidc", "name", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, false},
-		{"ok-admins", fields{"oidc", "name", "client-id", srv.URL + "/openid-configuration", nil, []string{"foo@smallstep.com"}}, args{config}, false},
-		{"no-name", fields{"oidc", "", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
-		{"no-type", fields{"", "name", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
-		{"no-client-id", fields{"oidc", "name", "", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
-		{"no-configuration", fields{"oidc", "name", "client-id", "", nil, nil}, args{config}, true},
-		{"bad-configuration", fields{"oidc", "name", "client-id", srv.URL, nil, nil}, args{config}, true},
+		{"ok", fields{"oidc", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, false},
+		{"ok-admins", fields{"oidc", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, []string{"foo@smallstep.com"}}, args{config}, false},
+		{"ok-no-secret", fields{"oidc", "name", "client-id", "", srv.URL + "/openid-configuration", nil, nil}, args{config}, false},
+		{"no-name", fields{"oidc", "", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
+		{"no-type", fields{"", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
+		{"no-client-id", fields{"oidc", "name", "", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true},
+		{"no-configuration", fields{"oidc", "name", "client-id", "client-secret", "", nil, nil}, args{config}, true},
+		{"bad-configuration", fields{"oidc", "name", "client-id", "client-secret", srv.URL, nil, nil}, args{config}, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {