| 1644 | } |
| 1645 | |
| 1646 | func (f *FakeIDP) OauthConfig(t testing.TB, scopes []string) *oauth2.Config { |
| 1647 | t.Helper() |
| 1648 | |
| 1649 | provider := f.locked.Provider() |
| 1650 | f.locked.MutateConfig(func(cfg *oauth2.Config) { |
| 1651 | if len(scopes) == 0 { |
| 1652 | scopes = []string{"openid", "email", "profile"} |
| 1653 | } |
| 1654 | cfg.ClientID = f.clientID |
| 1655 | cfg.ClientSecret = f.clientSecret |
| 1656 | cfg.Endpoint = oauth2.Endpoint{ |
| 1657 | AuthURL: provider.AuthURL, |
| 1658 | TokenURL: provider.TokenURL, |
| 1659 | AuthStyle: oauth2.AuthStyleInParams, |
| 1660 | } |
| 1661 | // If the user is using a real network request, they will need to do |
| 1662 | // 'fake.SetRedirect()' |
| 1663 | cfg.RedirectURL = "https://redirect.com" |
| 1664 | cfg.Scopes = scopes |
| 1665 | }) |
| 1666 | |
| 1667 | return f.locked.Config() |
| 1668 | } |
| 1669 | |
| 1670 | func (f *FakeIDP) OIDCConfigSkipIssuerChecks(t testing.TB, scopes []string, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig { |
| 1671 | ctx := oidc.InsecureIssuerURLContext(context.Background(), f.locked.Issuer()) |