feat: coverage prompt=none, response_mode=fragment (#385)

2023-05-03 03:56:47 -07:00 · 2023-05-03 03:56:47 -07:00 · 157bc6ceb0
commit 157bc6ceb0
parent e62473ba71
5 changed files with 117 additions and 10 deletions
--- a/example/server/exampleop/op.go
+++ b/example/server/exampleop/op.go
@ -34,7 +34,7 @@ type Storage interface {
 // SetupServer creates an OIDC server with Issuer=http://localhost:<port>
 //
 // Use one of the pre-made clients in storage/clients.go or register a new one.
-func SetupServer(issuer string, storage Storage) *mux.Router {
+func SetupServer(issuer string, storage Storage, extraOptions ...op.Option) *mux.Router {
 	// the OpenID Provider requires a 32-byte key for (token) encryption
 	// be sure to create a proper crypto random key and manage it securely!
 	key := sha256.Sum256([]byte("test"))
@ -50,7 +50,7 @@ func SetupServer(issuer string, storage Storage) *mux.Router {
 	})

 	// creation of the OpenIDProvider with the just created in-memory Storage
-	provider, err := newOP(storage, issuer, key)
+	provider, err := newOP(storage, issuer, key, extraOptions...)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -79,7 +79,7 @@ func SetupServer(issuer string, storage Storage) *mux.Router {
 // newOP will create an OpenID Provider for localhost on a specified port with a given encryption key
 // and a predefined default logout uri
 // it will enable all options (see descriptions)
-func newOP(storage op.Storage, issuer string, key [32]byte) (op.OpenIDProvider, error) {
+func newOP(storage op.Storage, issuer string, key [32]byte, extraOptions ...op.Option) (op.OpenIDProvider, error) {
 	config := &op.Config{
 		CryptoKey: key,

@ -112,10 +112,12 @@ func newOP(storage op.Storage, issuer string, key [32]byte) (op.OpenIDProvider,
 		},
 	}
 	handler, err := op.NewOpenIDProvider(issuer, config, storage,
-		//we must explicitly allow the use of the http issuer
-		op.WithAllowInsecure(),
-		// as an example on how to customize an endpoint this will change the authorization_endpoint from /authorize to /auth
-		op.WithCustomAuthEndpoint(op.NewEndpoint("auth")),
+		append([]op.Option{
+			// we must explicitly allow the use of the http issuer
+			op.WithAllowInsecure(),
+			// as an example on how to customize an endpoint this will change the authorization_endpoint from /authorize to /auth
+			op.WithCustomAuthEndpoint(op.NewEndpoint("auth")),
+		}, extraOptions...)...,
 	)
 	if err != nil {
 		return nil, err
--- a/example/server/storage/storage.go
+++ b/example/server/storage/storage.go
@ -28,8 +28,10 @@ var serviceKey1 = &rsa.PublicKey{
 	E: 65537,
 }

-var _ op.Storage = &Storage{}
-var _ op.ClientCredentialsStorage = &Storage{}
+var (
+	_ op.Storage                  = &Storage{}
+	_ op.ClientCredentialsStorage = &Storage{}
+)

 // storage implements the op.Storage interface
 // typically you would implement this as a layer on top of your database
@ -167,6 +169,12 @@ func (s *Storage) CreateAuthRequest(ctx context.Context, authReq *oidc.AuthReque
 	s.lock.Lock()
 	defer s.lock.Unlock()

+	if len(authReq.Prompt) == 1 && authReq.Prompt[0] == "none" {
+		// With prompt=none, there is no way for the user to log in
+		// so return error right away.
+		return nil, oidc.ErrLoginRequired()
+	}
+
 	// typically, you'll fill your storage / storage model with the information of the passed object
 	request := authRequestToInternal(authReq, userID)