Skip to content

Commit

Permalink
Add support for logging in to an organization with client credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
ewanharris committed Nov 8, 2023
1 parent 6d25100 commit bbabcc0
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 0 deletions.
4 changes: 4 additions & 0 deletions authentication/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,10 @@ func (o *OAuth) LoginWithClientCredentials(ctx context.Context, body oauth.Login
"audience": []string{body.Audience},
}

if body.Organization != "" {
data.Set("organization", body.Organization)
}

err = o.addClientAuthentication(body.ClientAuthentication, data, true)

if err != nil {
Expand Down
2 changes: 2 additions & 0 deletions authentication/oauth/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ type LoginWithClientCredentialsRequest struct {
Audience string
// Extra parameters to be merged into the request body. Values set here will override any existing values.
ExtraParameters map[string]string
// And organization name or ID. When included the access token will include the org_id or org_name claim.
Organization string
}

// RefreshTokenRequest defines the request body for logging in with Authorization Code grant.
Expand Down
16 changes: 16 additions & 0 deletions authentication/oauth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,22 @@ func TestLoginWithClientCredentials(t *testing.T) {

assert.ErrorContains(t, err, "Unsupported client assertion algorithm \"invalid-alg\" provided")
})

t.Run("Should support passing an organization", func(t *testing.T) {
configureHTTPTestRecordings(t)

tokenSet, err := authAPI.OAuth.LoginWithClientCredentials(context.Background(), oauth.LoginWithClientCredentialsRequest{
ClientAuthentication: oauth.ClientAuthentication{
ClientSecret: clientSecret,
},
Audience: "my-api",
Organization: "org_test",
}, oauth.IDTokenValidationOptions{})

assert.NoError(t, err)
assert.NotEmpty(t, tokenSet.AccessToken)
assert.Equal(t, "Bearer", tokenSet.TokenType)
})
}

func TestRefreshToken(t *testing.T) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
version: 2
interactions:
- id: 0
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 201
transfer_encoding: []
trailer: {}
host: go-auth0-dev.eu.auth0.com
remote_addr: ""
request_uri: ""
body: audience=my-api&client_id=test-client_id&client_secret=test-client_secret&grant_type=client_credentials&organization=org_test
form:
audience:
- my-api
client_id:
- test-client_id
client_secret:
- test-client_secret
grant_type:
- client_credentials
organization:
- org_test
headers:
Content-Type:
- application/x-www-form-urlencoded
url: https://go-auth0-dev.eu.auth0.com/oauth/token
method: POST
response:
proto: HTTP/2.0
proto_major: 2
proto_minor: 0
transfer_encoding: []
trailer: {}
content_length: -1
uncompressed: true
body: '{"access_token":"test-access-token","expires_in":86400,"token_type":"Bearer"}'
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: 487.449709ms

0 comments on commit bbabcc0

Please sign in to comment.