| 456 | ) |
| 457 | |
| 458 | func NewFakeIDP(t testing.TB, opts ...FakeIDPOpt) *FakeIDP { |
| 459 | t.Helper() |
| 460 | |
| 461 | pkey, err := FakeIDPKey() |
| 462 | require.NoError(t, err) |
| 463 | |
| 464 | idp := &FakeIDP{ |
| 465 | locked: fakeIDPLocked{ |
| 466 | key: pkey, |
| 467 | }, |
| 468 | clientID: uuid.NewString(), |
| 469 | clientSecret: uuid.NewString(), |
| 470 | logger: slog.Make(), |
| 471 | codeToStateMap: syncmap.New[string, string](), |
| 472 | codeToChallengeMap: syncmap.New[string, string](), |
| 473 | accessTokens: syncmap.New[string, token](), |
| 474 | refreshTokens: syncmap.New[string, string](), |
| 475 | refreshTokensUsed: syncmap.New[string, bool](), |
| 476 | stateToIDTokenClaims: syncmap.New[string, jwt.MapClaims](), |
| 477 | refreshIDTokenClaims: syncmap.New[string, jwt.MapClaims](), |
| 478 | deviceCode: syncmap.New[string, deviceFlow](), |
| 479 | hookOnRefresh: func(_ string) error { return nil }, |
| 480 | hookUserInfo: func(_ string) (jwt.MapClaims, error) { return jwt.MapClaims{}, nil }, |
| 481 | hookValidRedirectURL: func(_ string) error { return nil }, |
| 482 | defaultExpire: time.Minute * 5, |
| 483 | } |
| 484 | |
| 485 | for _, opt := range opts { |
| 486 | opt(idp) |
| 487 | } |
| 488 | |
| 489 | if idp.locked.Issuer() == "" { |
| 490 | idp.locked.SetIssuer("https://coder.com") |
| 491 | } |
| 492 | |
| 493 | idp.locked.SetHandler(idp.httpHandler(t)) |
| 494 | idp.updateIssuerURL(t, idp.locked.Issuer()) |
| 495 | if idp.serve { |
| 496 | idp.realServer(t) |
| 497 | } |
| 498 | |
| 499 | // Log the url to indicate which port the IDP is running on if it is |
| 500 | // being served on a real port. |
| 501 | idp.logger.Info(context.Background(), |
| 502 | "fake IDP created", |
| 503 | slog.F("issuer", idp.IssuerURL().String()), |
| 504 | ) |
| 505 | |
| 506 | return idp |
| 507 | } |
| 508 | |
| 509 | func (f *FakeIDP) WellknownConfig() ProviderJSON { |
| 510 | return f.locked.Provider() |