Unbeta oauth2_verifier() function

CHANGELOG.md

@@ -12,7 +12,7 @@ Unreleased changes are available as `avenga/couper:edge` container.
   * Missing [scope or roles claims](./docs/REFERENCE.md#jwt-block), or scope or roles claim with unsupported values are now ignored instead of causing an error ([#380](https://github.com/avenga/couper/issues/380))
   * Improved the validation for unique keys in all map-attributes in the config ([#403](https://github.com/avenga/couper/pull/403))
   * Unbeta [OIDC block](./docs/REFERENCE.md#oidc-block) ([#400](https://github.com/avenga/couper/pull/400))
-  * Unbeta [`oauth2_authorization_url()`](./docs/REFERENCE.md#functions) function. The prefix is changed from `beta_oauth_...` to `oauth2_...` ([#400](https://github.com/avenga/couper/pull/400))
+  * Unbeta the `oauth2_authorization_url()` and `oauth2_verifier()` [function](./docs/REFERENCE.md#functions). The prefix is changed from `beta_oauth_...` to `oauth2_...` ([#400](https://github.com/avenga/couper/pull/400))
 
 * **Fixed**
   * build-date configuration for binary and docker builds ([#396](https://github.com/avenga/couper/pull/396))

docs/REFERENCE.md

@@ -432,7 +432,7 @@ Like all [Access Control](#access-control) types, the `beta_oauth2` block is def
 | `client_secret` |string|-|The client password.|⚠ required.|-|
 | `scope` |string|-| A space separated list of requested scopes for the access token.| - | `scope = "read write"` |
 | `verifier_method` | string | - | The method to verify the integrity of the authorization code flow | ⚠ required, available values: `ccm_s256` (`code_challenge` parameter with `code_challenge_method` `S256`), `state` (`state` parameter) | `verifier_method = "ccm_s256"` |
-| `verifier_value` | string or expression | - | The value of the (unhashed) verifier. | ⚠ required; e.g. using cookie value created with [`beta_oauth_verifier()` function](#functions) | `verifier_value = request.cookies.verifier` |
+| `verifier_value` | string or expression | - | The value of the (unhashed) verifier. | ⚠ required; e.g. using cookie value created with [`oauth2_verifier()` function](#functions) | `verifier_value = request.cookies.verifier` |
 | `custom_log_fields` | map | - | Defines log fields for [Custom Logging](LOGS.md#custom-logging). | ⚠ Inherited by nested blocks. | - |
 
 If the authorization server supports the `code_challenge_method` `S256` (a.k.a. PKCE, see RFC 7636), we recommend `verifier_method = "ccm_s256"`.
@@ -460,7 +460,7 @@ Like all [Access Control](#access-control) types, the `oidc` block is defined in
 | `client_secret` |string|-|The client password.|⚠ required.|-|
 | `scope` |string|-| A space separated list of requested scopes for the access token.|`openid` is automatically added.| `scope = "profile read"` |
 | `verifier_method` | string | - | The method to verify the integrity of the authorization code flow | available values: `ccm_s256` (`code_challenge` parameter with `code_challenge_method` `S256`), `nonce` (`nonce` parameter) | `verifier_method = "nonce"` |
-| `verifier_value` | string or expression | - | The value of the (unhashed) verifier. | ⚠ required; e.g. using cookie value created with [`beta_oauth_verifier()` function](#functions) | `verifier_value = request.cookies.verifier` |
+| `verifier_value` | string or expression | - | The value of the (unhashed) verifier. | ⚠ required; e.g. using cookie value created with [`oauth2_verifier()` function](#functions) | `verifier_value = request.cookies.verifier` |
 | `custom_log_fields` | map | - | Defines log fields for [Custom Logging](LOGS.md#custom-logging). | ⚠ Inherited by nested blocks. | - |
 
 If the OpenID server supports the `code_challenge_method` `S256` the default value for `verifier_method`is `ccm_s256`, `nonce` otherwise.
@@ -684,8 +684,8 @@ To access the HTTP status code of the `default` response use `backend_responses.
 | `json_encode`                  | string          | Returns a JSON serialization of the given value.                                                                                                                                                                                                                                                     | `val` (various)                     | `json_encode(request.context.myJWT)`                 |
 | `jwt_sign`                     | string          | jwt_sign creates and signs a JSON Web Token (JWT) from information from a referenced [JWT Signing Profile Block](#jwt-signing-profile-block) (or [JWT Block](#jwt-block) with `signing_ttl`) and additional claims provided as a function parameter.                                                                                                 | `label` (string), `claims` (object) | `jwt_sign("myJWT")`                                  |
 | `merge`                        | object or tuple | Deep-merges two or more of either objects or tuples. `null` arguments are ignored. A `null` attribute value in an object removes the previous attribute value. An attribute value with a different type than the current value is set as the new value. `merge()` with no parameters returns `null`. | `arg...` (object or tuple)          | `merge(request.headers, { x-additional = "myval" })` |
-| `oauth2_authorization_url` | string          | Creates an OAuth2 authorization URL from a referenced [OAuth2 AC Block](#oauth2-ac-block-beta) or [OIDC Block](#oidc-block).                                                                                                                                                                                                      | `label` (string)                    | `oauth2_authorization_url("myOAuth2")`           |
-| `beta_oauth_verifier`          | string          | Creates a cryptographically random key as specified in RFC 7636, applicable for all verifier methods; e.g. to be set as a cookie and read into `verifier_value`. Multiple calls of this function in the same client request context return the same value.                                           |                                     | `beta_oauth_verifier()`                         |
+| `oauth2_authorization_url`     | string          | Creates an OAuth2 authorization URL from a referenced [OAuth2 AC Block](#oauth2-ac-block-beta) or [OIDC Block](#oidc-block).                                                                                                                                                                         | `label` (string)                    | `oauth2_authorization_url("myOAuth2")`               |
+| `oauth2_verifier`              | string          | Creates a cryptographically random key as specified in RFC 7636, applicable for all verifier methods; e.g. to be set as a cookie and read into `verifier_value`. Multiple calls of this function in the same client request context return the same value.                                           |                                     | `oauth2_verifier()`                                  |
 | `relative_url`                 | string          | Returns a relative URL by retaining `path`, `query` and `fragment` components.  The input URL `s` must begin with `/<path>`, `//<authority>`, `http://` or `https://`, otherwise an error is thrown. | s (string) | `relative_url("https://httpbin.org/anything?query#fragment") // returns "/anything?query#fragment"` |
 | `saml_sso_url`                 | string          | Creates a SAML SingleSignOn URL (including the `SAMLRequest` parameter) from a referenced [SAML Block](#saml-block).                                                                                                                                                                                 | `label` (string)                    | `saml_sso_url("mySAML")`                             |
 | `split`                        | tuple           | Divides a given string by a given separator, returning a list of strings containing the characters between the separator sequences.                                                                                                                                                                  | `sep` (string), `str` (string)      | `split(" ", "foo bar qux")`                          |

eval/lib/oauth2.go

@@ -17,7 +17,7 @@ const (
 	RedirectURI                   = "redirect_uri"
 	CodeVerifier                  = "code_verifier"
 	FnOAuthAuthorizationUrl       = "oauth2_authorization_url"
-	FnOAuthVerifier               = "beta_oauth_verifier"
+	FnOAuthVerifier               = "oauth2_verifier"
 	InternalFnOAuthHashedVerifier = "internal_oauth_hashed_verifier"
 )
 

server/http_integration_test.go

@@ -3973,7 +3973,7 @@ func TestOAuthPKCEFunctions(t *testing.T) {
 	v2 := res.Header.Get("x-v-2")
 	hv := res.Header.Get("x-hv")
 	if v2 != v1 {
-		t.Errorf("multiple calls to beta_oauth_verifier() must return the same value:\n\t%s\n\t%s", v1, v2)
+		t.Errorf("multiple calls to oauth2_verifier() must return the same value:\n\t%s\n\t%s", v1, v2)
 	}
 	s256 := oauth2.Base64urlSha256(v1)
 	if hv != s256 {
@@ -4021,7 +4021,7 @@ func TestOAuthPKCEFunctions(t *testing.T) {
 
 	cv1_n := res.Header.Get("x-v-1")
 	if cv1_n == v1 {
-		t.Errorf("calls to beta_oauth_verifier() on different requests must not return the same value:\n\t%s\n\t%s", v1, cv1_n)
+		t.Errorf("calls to oauth2_verifier() on different requests must not return the same value:\n\t%s\n\t%s", v1, cv1_n)
 	}
 }
 

server/testdata/integration/functions/02_couper.hcl

@@ -2,8 +2,8 @@ server "oauth-functions" {
   endpoint "/pkce" {
     response {
       headers = {
-        x-v-1 = beta_oauth_verifier()
-        x-v-2 = beta_oauth_verifier()
+        x-v-1 = oauth2_verifier()
+        x-v-2 = oauth2_verifier()
         x-hv = internal_oauth_hashed_verifier()
         x-au-pkce = oauth2_authorization_url("ac-pkce")
         x-au-pkce-rel = oauth2_authorization_url("ac-pkce-relative")