1 files changed, 84 insertions, 0 deletions

diff --git a/pkg/web/oidc_server.go b/pkg/web/oidc_server.go
new file mode 100644
index 0000000..31ef572
--- /dev/null
+++ b/pkg/web/oidc_server.go
@@ -0,0 +1,84 @@
+package web
+
+import (
+	"net/http"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/oauth2-proxy/mockoidc"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/oauth2"
+)
+
+type OIDCServer struct {
+	*mockoidc.MockOIDC
+	*oauth2.Config
+	*oidc.Provider
+	*testing.T
+}
+
+func NewOIDCServer(t *testing.T) *OIDCServer {
+	srv, err := mockoidc.Run()
+	require.NoError(t, err)
+
+	srv.AddMiddleware(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			t.Logf("%v %v %v\n", r.Method, r.URL.Path, r.URL.Query())
+			next.ServeHTTP(w, r)
+		})
+	})
+	provider, err := oidc.NewProvider(t.Context(), srv.Issuer())
+	require.NoError(t, err)
+
+	return &OIDCServer{
+		srv,
+		&oauth2.Config{
+			ClientID:     srv.ClientID,
+			ClientSecret: srv.ClientSecret,
+			RedirectURL:  "https://example.com/oauth/callback",
+			Endpoint:     provider.Endpoint(),
+			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+		},
+		provider,
+		t,
+	}
+}
+
+func (srv *OIDCServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
+	code := strconv.FormatInt(time.Now().Unix(), 10)
+	srv.QueueUser(user)
+	srv.QueueCode(code)
+
+	http.Get(srv.AuthCodeURL("state"))
+
+	return code
+}
+
+func (srv *OIDCServer) CreateTokenFor(user mockoidc.User) *oauth2.Token {
+	code := srv.CreateAuthorizationCodeFor(user)
+	token, err := srv.Exchange(srv.Context(), code)
+	require.NoError(srv, err)
+	return token
+}
+
+func (srv *OIDCServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) {
+	token := srv.CreateTokenFor(user)
+	rawIDToken, ok := token.Extra("id_token").(string)
+	require.True(srv, ok)
+	return token, rawIDToken
+}
+
+func (srv *OIDCServer) Verify(rawIDToken string) *oidc.IDToken {
+	idToken, err := srv.
+		Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}).
+		Verify(srv.Context(), rawIDToken)
+	require.NoError(srv, err)
+
+	return idToken
+}
+
+func (s *OIDCServer) Close() {
+	s.Shutdown()
+}