OIDCConfig returns the OIDC config to use for Coderd.
(ctx context.Context, t testing.TB, scopes []string, verifierOpt func(config *oidc.Config), opts ...func(cfg *coderd.OIDCConfig))
| 1681 | |
| 1682 | // OIDCConfig returns the OIDC config to use for Coderd. |
| 1683 | func (f *FakeIDP) internalOIDCConfig(ctx context.Context, t testing.TB, scopes []string, verifierOpt func(config *oidc.Config), opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig { |
| 1684 | t.Helper() |
| 1685 | |
| 1686 | oauthCfg := f.OauthConfig(t, scopes) |
| 1687 | |
| 1688 | ctx = oidc.ClientContext(ctx, f.HTTPClient(nil)) |
| 1689 | p, err := oidc.NewProvider(ctx, f.locked.Issuer()) |
| 1690 | require.NoError(t, err, "failed to create OIDC provider") |
| 1691 | |
| 1692 | verifierConfig := &oidc.Config{ |
| 1693 | ClientID: oauthCfg.ClientID, |
| 1694 | SupportedSigningAlgs: []string{ |
| 1695 | "RS256", |
| 1696 | }, |
| 1697 | // Todo: add support for Now() |
| 1698 | } |
| 1699 | if verifierOpt != nil { |
| 1700 | verifierOpt(verifierConfig) |
| 1701 | } |
| 1702 | |
| 1703 | cfg := &coderd.OIDCConfig{ |
| 1704 | OAuth2Config: oauthCfg, |
| 1705 | Provider: p, |
| 1706 | Verifier: oidc.NewVerifier(f.locked.Issuer(), &oidc.StaticKeySet{ |
| 1707 | PublicKeys: []crypto.PublicKey{f.locked.PrivateKey().Public()}, |
| 1708 | }, verifierConfig), |
| 1709 | UsernameField: "preferred_username", |
| 1710 | EmailField: "email", |
| 1711 | AuthURLParams: map[string]string{"access_type": "offline"}, |
| 1712 | SecondaryClaims: coderd.MergedClaimsSourceUserInfo, |
| 1713 | } |
| 1714 | |
| 1715 | for _, opt := range opts { |
| 1716 | if opt == nil { |
| 1717 | continue |
| 1718 | } |
| 1719 | opt(cfg) |
| 1720 | } |
| 1721 | |
| 1722 | return cfg |
| 1723 | } |
| 1724 | |
| 1725 | func (f *FakeIDP) getClaims(m *syncmap.Map[string, jwt.MapClaims], key string) (jwt.MapClaims, bool) { |
| 1726 | v, ok := m.Load(key) |
no test coverage detected