From 5edbce017ff743695ba6f7cbaa0a44704e5882fa Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 15 Mar 2019 11:10:52 -0700 Subject: [PATCH] Set docs for client secret as mandatory, but it can be blank. --- authority/provisioner/oidc.go | 5 ++--- authority/provisioner/oidc_test.go | 16 +++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go index ba684763..e58f0294 100644 --- a/authority/provisioner/oidc.go +++ b/authority/provisioner/oidc.go @@ -42,13 +42,12 @@ type openIDPayload struct { // OIDC represents an OAuth 2.0 OpenID Connect provider. // -// ClientSecret is optional, and it will be only necessary if an implicit flow -// is not available, the value will be visible in the provisioners endpoint. +// ClientSecret is mandatory, but it can be an empty string. type OIDC struct { Type string `json:"type"` Name string `json:"name"` ClientID string `json:"clientID"` - ClientSecret string `json:"clientSecret,omitempty"` + ClientSecret string `json:"clientSecret"` ConfigurationEndpoint string `json:"configurationEndpoint"` Claims *Claims `json:"claims,omitempty"` Admins []string `json:"admins,omitempty"` diff --git a/authority/provisioner/oidc_test.go b/authority/provisioner/oidc_test.go index 5a1dbb21..2af64e15 100644 --- a/authority/provisioner/oidc_test.go +++ b/authority/provisioner/oidc_test.go @@ -68,6 +68,7 @@ func TestOIDC_Init(t *testing.T) { Type string Name string ClientID string + ClientSecret string ConfigurationEndpoint string Claims *Claims Admins []string @@ -81,13 +82,14 @@ func TestOIDC_Init(t *testing.T) { args args wantErr bool }{ - {"ok", fields{"oidc", "name", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, false}, - {"ok-admins", fields{"oidc", "name", "client-id", srv.URL + "/openid-configuration", nil, []string{"foo@smallstep.com"}}, args{config}, false}, - {"no-name", fields{"oidc", "", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, - {"no-type", fields{"", "name", "client-id", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, - {"no-client-id", fields{"oidc", "name", "", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, - {"no-configuration", fields{"oidc", "name", "client-id", "", nil, nil}, args{config}, true}, - {"bad-configuration", fields{"oidc", "name", "client-id", srv.URL, nil, nil}, args{config}, true}, + {"ok", fields{"oidc", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, false}, + {"ok-admins", fields{"oidc", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, []string{"foo@smallstep.com"}}, args{config}, false}, + {"ok-no-secret", fields{"oidc", "name", "client-id", "", srv.URL + "/openid-configuration", nil, nil}, args{config}, false}, + {"no-name", fields{"oidc", "", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, + {"no-type", fields{"", "name", "client-id", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, + {"no-client-id", fields{"oidc", "name", "", "client-secret", srv.URL + "/openid-configuration", nil, nil}, args{config}, true}, + {"no-configuration", fields{"oidc", "name", "client-id", "client-secret", "", nil, nil}, args{config}, true}, + {"bad-configuration", fields{"oidc", "name", "client-id", "client-secret", srv.URL, nil, nil}, args{config}, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {