feat: Add rp.WithAuthStyle as Option (#546)

* feat: Add rp.WithAuthStyle as Option * Update integration_test.go * Update integration_test.go * Update integration_test.go
2024-02-23 11:18:06 +01:00 · 2024-02-23 11:18:06 +01:00 · f4bbffb51b
commit f4bbffb51b
parent b45072a4c0
2 changed files with 22 additions and 5 deletions
--- a/pkg/client/integration_test.go
+++ b/pkg/client/integration_test.go
@ -21,6 +21,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/exp/slog"
+	"golang.org/x/oauth2"

 	"github.com/zitadel/oidc/v3/example/server/exampleop"
 	"github.com/zitadel/oidc/v3/example/server/storage"
@ -217,6 +218,7 @@ func RunAuthorizationCodeFlow(t *testing.T, opServer *httptest.Server, clientID,
 		targetURL,
 		[]string{"openid", "email", "profile", "offline_access"},
 		rp.WithPKCE(cookieHandler),
+		rp.WithAuthStyle(oauth2.AuthStyleInHeader),
 		rp.WithVerifierOpts(
 			rp.WithIssuedAtOffset(5*time.Second),
 			rp.WithSupportedSigningAlgorithms("RS256", "RS384", "RS512", "ES256", "ES384", "ES512"),
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@ -100,6 +100,8 @@ type relyingParty struct {
 	httpClient    *http.Client
 	cookieHandler *httphelper.CookieHandler

+	oauthAuthStyle oauth2.AuthStyle
+
 	errorHandler        func(http.ResponseWriter, *http.Request, string, string, string)
 	unauthorizedHandler func(http.ResponseWriter, *http.Request, string, string)
 	idTokenVerifier     *IDTokenVerifier
@ -190,6 +192,7 @@ func NewRelyingPartyOAuth(config *oauth2.Config, options ...Option) (RelyingPart
 		httpClient:          httphelper.DefaultHTTPClient,
 		oauth2Only:          true,
 		unauthorizedHandler: DefaultUnauthorizedHandler,
+		oauthAuthStyle:      oauth2.AuthStyleAutoDetect,
 	}

 	for _, optFunc := range options {
@ -198,6 +201,8 @@ func NewRelyingPartyOAuth(config *oauth2.Config, options ...Option) (RelyingPart
 		}
 	}

+	rp.oauthConfig.Endpoint.AuthStyle = rp.oauthAuthStyle
+
 	// avoid races by calling these early
 	_ = rp.IDTokenVerifier()     // sets idTokenVerifier
 	_ = rp.ErrorHandler()        // sets errorHandler
@ -218,8 +223,9 @@ func NewRelyingPartyOIDC(ctx context.Context, issuer, clientID, clientSecret, re
 			RedirectURL:  redirectURI,
 			Scopes:       scopes,
 		},
-		httpClient: httphelper.DefaultHTTPClient,
-		oauth2Only: false,
+		httpClient:     httphelper.DefaultHTTPClient,
+		oauth2Only:     false,
+		oauthAuthStyle: oauth2.AuthStyleAutoDetect,
 	}

 	for _, optFunc := range options {
@ -236,6 +242,9 @@ func NewRelyingPartyOIDC(ctx context.Context, issuer, clientID, clientSecret, re
 	rp.oauthConfig.Endpoint = endpoints.Endpoint
 	rp.endpoints = endpoints

+	rp.oauthConfig.Endpoint.AuthStyle = rp.oauthAuthStyle
+	rp.endpoints.Endpoint.AuthStyle = rp.oauthAuthStyle
+
 	// avoid races by calling these early
 	_ = rp.IDTokenVerifier()     // sets idTokenVerifier
 	_ = rp.ErrorHandler()        // sets errorHandler
@ -295,6 +304,13 @@ func WithUnauthorizedHandler(unauthorizedHandler UnauthorizedHandler) Option {
 	}
 }

+func WithAuthStyle(oauthAuthStyle oauth2.AuthStyle) Option {
+	return func(rp *relyingParty) error {
+		rp.oauthAuthStyle = oauthAuthStyle
+		return nil
+	}
+}
+
 func WithVerifierOpts(opts ...VerifierOption) Option {
 	return func(rp *relyingParty) error {
 		rp.verifierOpts = opts
@ -594,9 +610,8 @@ type Endpoints struct {
 func GetEndpoints(discoveryConfig *oidc.DiscoveryConfiguration) Endpoints {
 	return Endpoints{
 		Endpoint: oauth2.Endpoint{
-			AuthURL:   discoveryConfig.AuthorizationEndpoint,
-			AuthStyle: oauth2.AuthStyleAutoDetect,
-			TokenURL:  discoveryConfig.TokenEndpoint,
+			AuthURL:  discoveryConfig.AuthorizationEndpoint,
+			TokenURL: discoveryConfig.TokenEndpoint,
 		},
 		IntrospectURL:          discoveryConfig.IntrospectionEndpoint,
 		UserinfoURL:            discoveryConfig.UserinfoEndpoint,