enforced auth style to be always in post params

labbsr0x · Mar 4, 2020 · 5fd152d · 5fd152d
1 parent f2e224e
commit 5fd152d
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 18 deletions.
diff --git a/client/client_test.go b/client/client_test.go
@@ -1,29 +1,30 @@
 package client
 
 import (
+	"context"
 	"fmt"
 	"net/url"
 	"strings"
 	"testing"
-	"context"
+
 	"golang.org/x/oauth2"
 )
 
-func TestOAuthHelper(t *testing.T)  {
+func TestOAuthHelper(t *testing.T) {
 
 	// test init with empty oauthURL
 	oah, err := new(oAuthHelper).init(nil, nil, "", "", []string{})
 	if err == nil {
 		t.Errorf("Expecting oAuthHelper.init to return error when oauthURL is nil")
 	}
-	
+
 	// test init with empty redirect url
 	oauthURL, _ := url.Parse("http://hydra")
 	oah, err = new(oAuthHelper).init(oauthURL, nil, "", "", []string{})
 	if err != nil {
 		t.Errorf("Not expecting error with the provided params")
 	}
-	
+
 	// testing loginURL with empty redirect URL
 	loginURL, codeVerifier, state := oah.getLoginParams()
 	if loginURL == "" || !strings.Contains(loginURL, "nonce") || !strings.Contains(loginURL, "code_challenge") || !strings.Contains(loginURL, "state") || !strings.Contains(loginURL, "code_challenge_method") {
@@ -38,28 +39,28 @@ func TestOAuthHelper(t *testing.T)  {
 	logoutURL := oah.getLogoutURL("anopenidtoken.body.signature", "http://arandomurl")
 
 	if logoutURL == "" {
-		t.Errorf("Expecting a valid, non-empty, logoutURL")	
+		t.Errorf("Expecting a valid, non-empty, logoutURL")
 	}
 
 	if !strings.Contains(logoutURL, "id_token_hint") || !strings.Contains(logoutURL, "post_logout_redirect_uri") {
 		t.Errorf("Expecting logoutURL id_token_hint and post_logout_redirect_uri to be part of the logoutURL when non-empty openIDToken and postLogout are informed")
 	}
 
 	// testing getXOAuth2Client
-	config := oah.getXOAuth2Client("", []string{}) 
-	
+	config := oah.getXOAuth2Client("", []string{})
+
 	if config == nil {
 		t.Errorf("Expecting oauth2 config to be non-empty")
 	}
 
 	if config.ClientID != oah.clientID {
 		t.Errorf("Expecting config client id to be the same as oah.ClientID")
-	} 
-	
+	}
+
 	if config.ClientSecret != oah.clientSecret {
 		t.Errorf("Expecting config client secret to be the same as oah.ClientSecret")
-	} 
-	
+	}
+
 	if !strings.Contains(config.Endpoint.AuthURL, oah.oauthURL.String()) {
 		t.Errorf("Expecting config AuthURL to be based upon oah.oauthURl")
 	}
@@ -76,14 +77,18 @@ func TestOAuthHelper(t *testing.T)  {
 		t.Errorf("Expecting config TokenURL to have path '/oauth2/token'")
 	}
 
+	if config.Endpoint.AuthStyle != oauth2.AuthStyleInParams {
+		t.Errorf("Expecting oauht2 config auth style to be always in params")
+	}
+
 	// testing exchange code for token with err
 	oah._exchange = func(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
 		return nil, fmt.Errorf("Testing exchange with error")
 	}
 
 	tokens, err := oah.exchangeCodeForToken("acode", "averifier", "astate")
 
-	if err == nil{
+	if err == nil {
 		t.Errorf("Expecting err to be not nil")
 	}
 
@@ -101,10 +106,10 @@ func TestOAuthHelper(t *testing.T)  {
 		toReturn.AccessToken = "this is a token"
 
 		toReturn = toReturn.WithExtra(map[string]interface{}{
-				"refresh_token": "a refresh token",
-				"id_token": "an open id token",
-				"scope": "a space separated list of scopes",
-			},
+			"refresh_token": "a refresh token",
+			"id_token":      "an open id token",
+			"scope":         "a space separated list of scopes",
+		},
 		)
 		return toReturn, nil
 	}

diff --git a/client/oauth.go b/client/oauth.go
@@ -78,8 +78,9 @@ func (oah *oAuthHelper) getXOAuth2Client(redirectURL string, scopes []string) *o
 		ClientID:     oah.clientID,
 		ClientSecret: oah.clientSecret,
 		Endpoint: oauth2.Endpoint{
-			AuthURL:  authURL.String(),
-			TokenURL: tokenURL.String(),
+			AuthURL:   authURL.String(),
+			TokenURL:  tokenURL.String(),
+			AuthStyle: oauth2.AuthStyleInParams,
 		},
 		RedirectURL: redirectURL,
 		Scopes:      scopes,