1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
package web
import (
"net"
"net/http"
"strconv"
"strings"
"testing"
"time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/oauth2-proxy/mockoidc"
"github.com/stretchr/testify/require"
"golang.org/x/oauth2"
)
type OIDCServer struct {
*mockoidc.MockOIDC
*oauth2.Config
*oidc.Provider
*testing.T
}
func NewOIDCServer(t *testing.T) *OIDCServer {
srv, err := mockoidc.NewServer(nil)
require.NoError(t, err)
require.NoError(t, srv.AddMiddleware(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
t.Logf("mockoidc: %v %v %v\n", r.Method, r.URL.Path, r.URL.Query())
next.ServeHTTP(w, r)
})
}))
ln, err := net.Listen("tcp", "127.0.0.1:0")
require.NoError(t, err)
require.NoError(t, srv.Start(ln, nil))
if srv.Server != nil {
mux := srv.Server.Handler.(*http.ServeMux)
mux.Handle(strings.Replace(mockoidc.AuthorizationEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Authorize))
mux.Handle(strings.Replace(mockoidc.TokenEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Token))
mux.Handle(strings.Replace(mockoidc.UserinfoEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Userinfo))
mux.Handle(strings.Replace(mockoidc.JWKSEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.JWKS))
mux.Handle(strings.Replace(mockoidc.DiscoveryEndpoint, "/oidc", "/oidc/oauth", 1), http.HandlerFunc(srv.Discovery))
}
provider, err := oidc.NewProvider(t.Context(), srv.Issuer())
require.NoError(t, err)
return &OIDCServer{
srv,
&oauth2.Config{
ClientID: srv.ClientID,
ClientSecret: srv.ClientSecret,
RedirectURL: "https://example.com/oauth/callback",
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
},
provider,
t,
}
}
func (srv *OIDCServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
code := strconv.FormatInt(time.Now().Unix(), 10)
srv.QueueUser(user)
srv.QueueCode(code)
http.Get(srv.AuthCodeURL("state"))
return code
}
func (srv *OIDCServer) CreateTokenFor(user mockoidc.User) *oauth2.Token {
code := srv.CreateAuthorizationCodeFor(user)
token, err := srv.Exchange(srv.Context(), code)
require.NoError(srv, err)
return token
}
func (srv *OIDCServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) {
token := srv.CreateTokenFor(user)
rawIDToken, ok := token.Extra("id_token").(string)
require.True(srv, ok)
return token, rawIDToken
}
func (srv *OIDCServer) Verify(rawIDToken string) *oidc.IDToken {
idToken, err := srv.
Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}).
Verify(srv.Context(), rawIDToken)
require.NoError(srv, err)
return idToken
}
func (s *OIDCServer) Close() {
s.Shutdown()
}
|
