From f0651a9fe375954018be8d1cfd74ed7d75752b34 Mon Sep 17 00:00:00 2001 From: sohgaura Date: Mon, 20 May 2024 12:39:36 -0700 Subject: [PATCH 1/3] OIDC connector option to override jwksURI Signed-off-by: sohgaura --- connector/oidc/oidc.go | 9 +++++++-- connector/oidc/oidc_test.go | 7 ++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index fd715970b1..94cc322795 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -107,10 +107,13 @@ type ProviderDiscoveryOverrides struct { // AuthURL provides a way to user overwrite the Auth URL // from the .well-known/openid-configuration authorization_endpoint AuthURL string `json:"authURL"` + // JWKSURL provides a way to user overwrite the JWKS URL + // from the .well-known/openid-configuration jwks_uri + JWKSURL string `json:"jwksURL" } func (o *ProviderDiscoveryOverrides) Empty() bool { - return o.TokenURL == "" && o.AuthURL == "" + return o.TokenURL == "" && o.AuthURL == "" && o.JWKSURL == "" } func getProvider(ctx context.Context, issuer string, overrides ProviderDiscoveryOverrides) (*oidc.Provider, error) { @@ -151,7 +154,9 @@ func getProvider(ctx context.Context, issuer string, overrides ProviderDiscovery if overrides.AuthURL != "" { config.AuthURL = overrides.AuthURL } - + if overrides.JWKSURL != "" { + config.JWKSURL = overrides.JWKSURL + } return config.NewProvider(context.Background()), nil } diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index e621a55ffb..13fe9b0e62 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -652,7 +652,7 @@ func TestProviderOverride(t *testing.T) { conn, err := newConnector(Config{ Issuer: testServer.URL, Scopes: []string{"openid", "groups"}, - ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2"}, + ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2", JWKSURL:"/test3"}, }) if err != nil { t.Fatal("failed to create new connector", err) @@ -667,6 +667,11 @@ func TestProviderOverride(t *testing.T) { if conn.provider.Endpoint().TokenURL != expToken { t.Fatalf("unexpected token URL: %s, expected: %s\n", conn.provider.Endpoint().TokenURL, expToken) } + + expJWKS := "/test3" + if conn.provider.Endpoint().JWKSURL != expJWKS { + t.Fatalf("unexpected JWKS URL: %s, expected: %s\n", conn.provider.Endpoint().JWKSURL, expJWKS) + } }) } From e0f2fce77c3e63f156f81233784eeb2576f95b88 Mon Sep 17 00:00:00 2001 From: sohgaura <31881670+sohgaura@users.noreply.github.com> Date: Thu, 30 May 2024 15:59:49 +0530 Subject: [PATCH 2/3] fix syntax error jwks_uri override declaration on oidc.go json termination error Signed-off-by: sohgaura <31881670+sohgaura@users.noreply.github.com> --- connector/oidc/oidc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 94cc322795..578480ece3 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -109,7 +109,7 @@ type ProviderDiscoveryOverrides struct { AuthURL string `json:"authURL"` // JWKSURL provides a way to user overwrite the JWKS URL // from the .well-known/openid-configuration jwks_uri - JWKSURL string `json:"jwksURL" + JWKSURL string `json:"jwksURL"` } func (o *ProviderDiscoveryOverrides) Empty() bool { From 579ff55eeb3fa7e3dfd96ca8da14d37630b9e581 Mon Sep 17 00:00:00 2001 From: sohgaura <31881670+sohgaura@users.noreply.github.com> Date: Thu, 30 May 2024 21:12:18 +0530 Subject: [PATCH 3/3] option to override jwksURI option to override jwksURI Signed-off-by: sohgaura <31881670+sohgaura@users.noreply.github.com> --- connector/oidc/oidc_test.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index 13fe9b0e62..e621a55ffb 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -652,7 +652,7 @@ func TestProviderOverride(t *testing.T) { conn, err := newConnector(Config{ Issuer: testServer.URL, Scopes: []string{"openid", "groups"}, - ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2", JWKSURL:"/test3"}, + ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2"}, }) if err != nil { t.Fatal("failed to create new connector", err) @@ -667,11 +667,6 @@ func TestProviderOverride(t *testing.T) { if conn.provider.Endpoint().TokenURL != expToken { t.Fatalf("unexpected token URL: %s, expected: %s\n", conn.provider.Endpoint().TokenURL, expToken) } - - expJWKS := "/test3" - if conn.provider.Endpoint().JWKSURL != expJWKS { - t.Fatalf("unexpected JWKS URL: %s, expected: %s\n", conn.provider.Endpoint().JWKSURL, expJWKS) - } }) }