From 167786c77ea9142644c2eef60a97ad1f6a20b5d7 Mon Sep 17 00:00:00 2001 From: arekkas Date: Sun, 22 Jul 2018 23:12:22 +0200 Subject: [PATCH] client: Deprecate field `id`, now only `client_id` is to be used --- client/client.go | 3 -- client/client_test.go | 2 +- client/handler.go | 1 - client/manager_0_sql_migrations_test.go | 2 +- client/manager_memory.go | 15 +++--- client/manager_sql.go | 5 +- client/manager_test_helpers.go | 18 +++---- client/sdk_test.go | 11 +--- client/validator.go | 6 +-- client/validator_test.go | 14 ++--- consent/manager_memory.go | 12 ++--- consent/manager_test.go | 8 +-- consent/sdk_test.go | 4 +- consent/sql_helper_test.go | 4 +- consent/strategy_default_test.go | 60 +++++++++++----------- docker-compose.yml | 2 +- docs/api.swagger.json | 5 -- integration/sql_schema_test.go | 2 +- oauth2/fosite_store_test.go | 2 +- oauth2/fosite_store_test_helpers.go | 12 ++--- oauth2/handler_test.go | 6 +-- oauth2/oauth2_auth_code_test.go | 10 ++-- oauth2/oauth2_client_credentials_test.go | 2 +- sdk/go/hydra/swagger/docs/OAuth2Client.md | 1 - sdk/go/hydra/swagger/o_auth2_client.go | 3 -- sdk/js/swagger/docs/OAuth2Client.md | 1 - sdk/js/swagger/src/model/OAuth2Client.js | 8 --- sdk/php/swagger/docs/Model/OAuth2Client.md | 1 - sdk/php/swagger/lib/Model/OAuth2Client.php | 27 ---------- 29 files changed, 89 insertions(+), 158 deletions(-) diff --git a/client/client.go b/client/client.go index 120aff10281..85438bab78e 100644 --- a/client/client.go +++ b/client/client.go @@ -36,9 +36,6 @@ type Client struct { // ClientID is the id for this client. ClientID string `json:"client_id"` - // ID is an alisa for client_id. - ID string `json:"id"` - // Name is the human-readable string name of the client to be presented to the // end-user during authorization. Name string `json:"client_name"` diff --git a/client/client_test.go b/client/client_test.go index 37fa26092a4..a79f98f3ab9 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -32,7 +32,7 @@ var _ fosite.Client = new(Client) func TestClient(t *testing.T) { c := &Client{ - ID: "foo", + ClientID: "foo", RedirectURIs: []string{"foo"}, Scope: "foo bar", TokenEndpointAuthMethod: "none", diff --git a/client/handler.go b/client/handler.go index 5fbc4f3b9ad..1f833fc97dd 100644 --- a/client/handler.go +++ b/client/handler.go @@ -152,7 +152,6 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.P secret = c.Secret } - c.ID = ps.ByName("id") c.ClientID = ps.ByName("id") if err := h.Validator.Validate(&c); err != nil { h.H.WriteError(w, r, err) diff --git a/client/manager_0_sql_migrations_test.go b/client/manager_0_sql_migrations_test.go index 2565281b3ec..48f49ddd991 100644 --- a/client/manager_0_sql_migrations_test.go +++ b/client/manager_0_sql_migrations_test.go @@ -154,7 +154,7 @@ func TestMigrations(t *testing.T) { s := &client.SQLManager{DB: db, Hasher: &fosite.BCrypt{WorkFactor: 4}} c, err := s.GetConcreteClient(key) require.NoError(t, err) - assert.EqualValues(t, c.ID, key) + assert.EqualValues(t, c.GetID(), key) }) } diff --git a/client/manager_memory.go b/client/manager_memory.go index af5e072b0e4..ee5771cb65f 100644 --- a/client/manager_memory.go +++ b/client/manager_memory.go @@ -53,8 +53,7 @@ func (m *MemoryManager) GetConcreteClient(id string) (*Client, error) { defer m.RUnlock() for _, c := range m.Clients { - if c.ID == id { - c.ClientID = c.ID + if c.GetID() == id { return &c, nil } } @@ -67,7 +66,7 @@ func (m *MemoryManager) GetClient(_ context.Context, id string) (fosite.Client, } func (m *MemoryManager) UpdateClient(c *Client) error { - o, err := m.GetClient(context.Background(), c.ID) + o, err := m.GetClient(context.Background(), c.GetID()) if err != nil { return err } @@ -88,7 +87,7 @@ func (m *MemoryManager) UpdateClient(c *Client) error { m.Lock() defer m.Unlock() for k, f := range m.Clients { - if f.GetID() == c.ID { + if f.GetID() == c.GetID() { m.Clients[k] = *c } } @@ -109,13 +108,12 @@ func (m *MemoryManager) Authenticate(id string, secret []byte) (*Client, error) return nil, errors.WithStack(err) } - c.ClientID = c.ID return c, nil } func (m *MemoryManager) CreateClient(c *Client) error { - if _, err := m.GetConcreteClient(c.ID); err == nil { - return errors.Errorf("Client %s already exists", c.ID) + if _, err := m.GetConcreteClient(c.GetID()); err == nil { + return errors.Errorf("Client %s already exists", c.GetID()) } m.Lock() @@ -152,8 +150,7 @@ func (m *MemoryManager) GetClients(limit, offset int) (clients map[string]Client start, end := pagination.Index(limit, offset, len(m.Clients)) for _, c := range m.Clients[start:end] { - c.ClientID = c.ID - clients[c.ID] = c + clients[c.GetID()] = c } return clients, nil diff --git a/client/manager_sql.go b/client/manager_sql.go index 04f1147e8cb..4adf1c46cf0 100644 --- a/client/manager_sql.go +++ b/client/manager_sql.go @@ -213,7 +213,7 @@ func sqlDataFromClient(d *Client) (*sqlData, error) { } return &sqlData{ - ID: d.ID, + ID: d.GetID(), Name: d.Name, Secret: d.Secret, RedirectURIs: strings.Join(d.RedirectURIs, "|"), @@ -239,7 +239,6 @@ func sqlDataFromClient(d *Client) (*sqlData, error) { func (d *sqlData) ToClient() (*Client, error) { c := &Client{ - ID: d.ID, ClientID: d.ID, Name: d.Name, Secret: d.Secret, @@ -301,7 +300,7 @@ func (m *SQLManager) GetClient(_ context.Context, id string) (fosite.Client, err } func (m *SQLManager) UpdateClient(c *Client) error { - o, err := m.GetClient(context.Background(), c.ID) + o, err := m.GetClient(context.Background(), c.GetID()) if err != nil { return errors.WithStack(err) } diff --git a/client/manager_test_helpers.go b/client/manager_test_helpers.go index 335cdf6fe95..70f58c02a56 100644 --- a/client/manager_test_helpers.go +++ b/client/manager_test_helpers.go @@ -34,14 +34,14 @@ func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { t.Parallel() c := &Client{ - ID: "foo", + ClientID: "foo", Secret: "secret", RedirectURIs: []string{"http://redirect"}, TermsOfServiceURI: "foo", } assert.NoError(t, m.CreateClient(c)) //assert.NotEmpty(t, c.ID) - assert.NoError(t, m.DeleteClient(c.ID)) + assert.NoError(t, m.DeleteClient(c.GetID())) } } @@ -49,7 +49,7 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { return func(t *testing.T) { t.Parallel() m.CreateClient(&Client{ - ID: "1234321", + ClientID: "1234321", Secret: "secret", RedirectURIs: []string{"http://redirect"}, }) @@ -59,7 +59,7 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { c, err = m.Authenticate("1234321", []byte("secret")) require.NoError(t, err) - assert.Equal(t, "1234321", c.ID) + assert.Equal(t, "1234321", c.GetID()) } } @@ -70,7 +70,7 @@ func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { assert.NotNil(t, err) c := &Client{ - ID: "1234", + ClientID: "1234", Name: "name", Secret: "secret", RedirectURIs: []string{"http://redirect", "http://redirect1"}, @@ -100,7 +100,7 @@ func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { } assert.NoError(t, m.CreateClient(&Client{ - ID: "2-1234", + ClientID: "2-1234", Name: "name", Secret: "secret", RedirectURIs: []string{"http://redirect"}, @@ -116,8 +116,8 @@ func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { ds, err := m.GetClients(100, 0) assert.NoError(t, err) assert.Len(t, ds, 2) - assert.NotEqual(t, ds["1234"].ID, ds["2-1234"].ID) - assert.NotEqual(t, ds["1234"].ID, ds["2-1234"].ClientID) + assert.NotEqual(t, ds["1234"].ClientID, ds["2-1234"].ClientID) + assert.NotEqual(t, ds["1234"].ClientID, ds["2-1234"].ClientID) //test if SecretExpiresAt was set properly assert.Equal(t, ds["1234"].SecretExpiresAt, 0) @@ -132,7 +132,7 @@ func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { assert.Len(t, ds, 0) err = m.UpdateClient(&Client{ - ID: "2-1234", + ClientID: "2-1234", Name: "name-new", Secret: "secret-new", RedirectURIs: []string{"http://redirect/new"}, diff --git a/client/sdk_test.go b/client/sdk_test.go index 61ce0dcecb2..1166481395a 100644 --- a/client/sdk_test.go +++ b/client/sdk_test.go @@ -81,7 +81,6 @@ func TestClientSDK(t *testing.T) { t.Run("case=client is created and updated", func(t *testing.T) { createClient := createTestClient("") compareClient := createClient - compareClient.Id = compareClient.ClientId createClient.ClientSecretExpiresAt = 10 // returned client is correct on Create @@ -114,7 +113,6 @@ func TestClientSDK(t *testing.T) { // create another client updateClient := createTestClient("foo") result, response, err = c.UpdateOAuth2Client(createClient.ClientId, updateClient) - updateClient.Id = updateClient.ClientId require.NoError(t, err) require.EqualValues(t, http.StatusOK, response.StatusCode, "%s", response.Payload) assert.EqualValues(t, updateClient, *result) @@ -125,7 +123,6 @@ func TestClientSDK(t *testing.T) { result, response, err = c.GetOAuth2Client(updateClient.ClientId) require.NoError(t, err) require.EqualValues(t, http.StatusOK, response.StatusCode, "%s", response.Payload) - compareClient.ClientId = compareClient.Id assert.EqualValues(t, compareClient, *result) // client can not be found after being deleted @@ -163,7 +160,7 @@ func TestClientSDK(t *testing.T) { client: hydra.OAuth2Client{}, }, { - client: hydra.OAuth2Client{Id: "set-properly-1"}, + client: hydra.OAuth2Client{ClientId: "set-properly-1"}, expectID: "set-properly-1", }, { @@ -176,13 +173,10 @@ func TestClientSDK(t *testing.T) { require.NoError(t, err) require.EqualValues(t, http.StatusCreated, response.StatusCode, "%s", response.Payload) - assert.NotEmpty(t, result.Id) assert.NotEmpty(t, result.ClientId) - assert.EqualValues(t, result.Id, result.ClientId) - id := result.Id + id := result.ClientId if tc.expectID != "" { - assert.EqualValues(t, tc.expectID, result.Id) assert.EqualValues(t, tc.expectID, result.ClientId) id = tc.expectID } @@ -191,7 +185,6 @@ func TestClientSDK(t *testing.T) { require.NoError(t, err) require.EqualValues(t, http.StatusOK, response.StatusCode, "%s", response.Payload) - assert.EqualValues(t, id, result.Id) assert.EqualValues(t, id, result.ClientId) }) } diff --git a/client/validator.go b/client/validator.go index e5e73642d5a..8db7dbca7bb 100644 --- a/client/validator.go +++ b/client/validator.go @@ -49,11 +49,7 @@ func NewValidator( func (v *Validator) Validate(c *Client) error { id := uuid.New() - c.ID = stringsx.Coalesce(c.ID, c.ClientID, id) - c.ClientID = stringsx.Coalesce(c.ClientID, c.ID, id) - if c.ID != c.ClientID { - return errors.WithStack(fosite.ErrInvalidRequest.WithHint("Field id and client_id must match.")) - } + c.ClientID = stringsx.Coalesce(c.ClientID, id) if c.TokenEndpointAuthMethod == "" { c.TokenEndpointAuthMethod = "client_secret_basic" diff --git a/client/validator_test.go b/client/validator_test.go index 68990592924..59173fe8483 100644 --- a/client/validator_test.go +++ b/client/validator_test.go @@ -44,30 +44,26 @@ func TestValidate(t *testing.T) { in: new(Client), check: func(t *testing.T, c *Client) { assert.NotEmpty(t, c.ClientID) - assert.NotEmpty(t, c.ID) - assert.Equal(t, c.ID, c.ClientID) + assert.NotEmpty(t, c.GetID()) + assert.Equal(t, c.GetID(), c.ClientID) }, }, { - in: &Client{ID: "foo"}, + in: &Client{ClientID: "foo"}, check: func(t *testing.T, c *Client) { - assert.Equal(t, c.ID, c.ClientID) + assert.Equal(t, c.GetID(), c.ClientID) }, }, { in: &Client{ClientID: "foo"}, check: func(t *testing.T, c *Client) { - assert.Equal(t, c.ID, c.ClientID) + assert.Equal(t, c.GetID(), c.ClientID) }, }, { in: &Client{ClientID: "foo", UserinfoSignedResponseAlg: "foo"}, expectErr: true, }, - { - in: &Client{ClientID: "foo", ID: "bar"}, - expectErr: true, - }, { in: &Client{ClientID: "foo", TokenEndpointAuthMethod: "private_key_jwt"}, expectErr: true, diff --git a/consent/manager_memory.go b/consent/manager_memory.go index 3928b3bf028..02784458615 100644 --- a/consent/manager_memory.go +++ b/consent/manager_memory.go @@ -69,7 +69,7 @@ func (m *MemoryManager) RevokeUserClientConsentSession(user, client string) erro var found bool for k, c := range m.handledConsentRequests { - if c.ConsentRequest.Subject == user && (client == "" || (client != "" && c.ConsentRequest.Client.ID == client)) { + if c.ConsentRequest.Subject == user && (client == "" || (client != "" && c.ConsentRequest.Client.GetID() == client)) { delete(m.handledConsentRequests, k) delete(m.consentRequests, k) if err := m.store.RevokeAccessToken(nil, c.Challenge); errors.Cause(err) == fosite.ErrNotFound { @@ -124,7 +124,7 @@ func (m *MemoryManager) GetConsentRequest(challenge string) (*ConsentRequest, er m.m["consentRequests"].RLock() defer m.m["consentRequests"].RUnlock() if c, ok := m.consentRequests[challenge]; ok { - c.Client.ClientID = c.Client.ID + c.Client.ClientID = c.Client.GetID() return &c, nil } return nil, errors.WithStack(pkg.ErrNotFound) @@ -151,7 +151,7 @@ func (m *MemoryManager) VerifyAndInvalidateConsentRequest(verifier string) (*Han return nil, err } - c.Client.ClientID = c.Client.ID + c.Client.ClientID = c.Client.GetID() h.ConsentRequest = &c return &h, nil } @@ -195,7 +195,7 @@ func (m *MemoryManager) FindPreviouslyGrantedConsentRequests(client string, subj continue } - cr.Client.ClientID = cr.Client.ID + cr.Client.ClientID = cr.Client.GetID() c.ConsentRequest = cr rs = append(rs, c) } @@ -246,7 +246,7 @@ func (m *MemoryManager) GetAuthenticationRequest(challenge string) (*Authenticat m.m["authRequests"].RLock() defer m.m["authRequests"].RUnlock() if c, ok := m.authRequests[challenge]; ok { - c.Client.ClientID = c.Client.ID + c.Client.ClientID = c.Client.GetID() return &c, nil } return nil, errors.WithStack(pkg.ErrNotFound) @@ -273,7 +273,7 @@ func (m *MemoryManager) VerifyAndInvalidateAuthenticationRequest(verifier string return nil, err } - c.Client.ClientID = c.Client.ID + c.Client.ClientID = c.Client.GetID() h.AuthenticationRequest = &c return &h, nil } diff --git a/consent/manager_test.go b/consent/manager_test.go index 1dc79f64d51..a5c9c619e2a 100644 --- a/consent/manager_test.go +++ b/consent/manager_test.go @@ -53,7 +53,7 @@ func mockConsentRequest(key string, remember bool, rememberFor int, hasError boo Display: "popup" + key, }, RequestedAt: time.Now().UTC().Add(-time.Hour), - Client: &client.Client{ID: "client" + key}, + Client: &client.Client{ClientID: "client" + key}, Subject: "subject" + key, RequestURL: "https://request-url/path" + key, Skip: skip, @@ -100,7 +100,7 @@ func mockAuthRequest(key string, authAt bool) (c *AuthenticationRequest, h *Hand Display: "popup" + key, }, RequestedAt: time.Now().UTC().Add(-time.Hour), - Client: &client.Client{ID: "client" + key}, + Client: &client.Client{ClientID: "client" + key}, Subject: "subject" + key, RequestURL: "https://request-url/path" + key, Skip: true, @@ -482,7 +482,7 @@ func TestManagers(t *testing.T) { } func compareAuthenticationRequest(t *testing.T, a, b *AuthenticationRequest) { - assert.EqualValues(t, a.Client.ID, b.Client.ID) + assert.EqualValues(t, a.Client.GetID(), b.Client.GetID()) assert.EqualValues(t, a.Challenge, b.Challenge) assert.EqualValues(t, *a.OpenIDConnectContext, *b.OpenIDConnectContext) assert.EqualValues(t, a.Subject, b.Subject) @@ -494,7 +494,7 @@ func compareAuthenticationRequest(t *testing.T, a, b *AuthenticationRequest) { } func compareConsentRequest(t *testing.T, a, b *ConsentRequest) { - assert.EqualValues(t, a.Client.ID, b.Client.ID) + assert.EqualValues(t, a.Client.GetID(), b.Client.GetID()) assert.EqualValues(t, a.Challenge, b.Challenge) assert.EqualValues(t, *a.OpenIDConnectContext, *b.OpenIDConnectContext) assert.EqualValues(t, a.Subject, b.Subject) diff --git a/consent/sdk_test.go b/consent/sdk_test.go index 0c5dd28cce4..8790cddf9e6 100644 --- a/consent/sdk_test.go +++ b/consent/sdk_test.go @@ -119,12 +119,12 @@ func compareSDKLoginRequest(t *testing.T, expected *AuthenticationRequest, got * assert.EqualValues(t, expected.Challenge, got.Challenge) assert.EqualValues(t, expected.Subject, got.Subject) assert.EqualValues(t, expected.Skip, got.Skip) - assert.EqualValues(t, expected.Client.ID, got.Client.Id) + assert.EqualValues(t, expected.Client.GetID(), got.Client.ClientId) } func compareSDKConsentRequest(t *testing.T, expected *ConsentRequest, got *swagger.ConsentRequest) { assert.EqualValues(t, expected.Challenge, got.Challenge) assert.EqualValues(t, expected.Subject, got.Subject) assert.EqualValues(t, expected.Skip, got.Skip) - assert.EqualValues(t, expected.Client.ID, got.Client.Id) + assert.EqualValues(t, expected.Client.GetID(), got.Client.ClientId) } diff --git a/consent/sql_helper_test.go b/consent/sql_helper_test.go index c66f9739384..7da3ca20616 100644 --- a/consent/sql_helper_test.go +++ b/consent/sql_helper_test.go @@ -46,7 +46,7 @@ func TestSQLAuthenticationConverter(t *testing.T) { }, AuthenticatedAt: time.Now().UTC().Add(-time.Minute), RequestedAt: time.Now().UTC().Add(-time.Hour), - Client: &client.Client{ID: "client"}, + Client: &client.Client{ClientID: "client"}, Subject: "subject", RequestURL: "https://request-url/path", Skip: true, @@ -101,7 +101,7 @@ func TestSQLConsentConverter(t *testing.T) { IDTokenHintClaims: map[string]interface{}{"foo": "bar"}, }, RequestedAt: time.Now().UTC().Add(-time.Hour), - Client: &client.Client{ID: "client"}, + Client: &client.Client{ClientID: "client"}, Subject: "subject", RequestURL: "https://request-url/path", Skip: true, diff --git a/consent/strategy_default_test.go b/consent/strategy_default_test.go index 6027eebe290..a7e9b37b400 100644 --- a/consent/strategy_default_test.go +++ b/consent/strategy_default_test.go @@ -143,7 +143,7 @@ func TestStrategy(t *testing.T) { }{ { d: "This should fail because a login verifier was given that doesn't exist in the store", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}}}, lv: "invalid", expectErrType: []error{fosite.ErrAccessDenied}, expectErr: []bool{true}, @@ -151,7 +151,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because a consent verifier was given but no login verifier", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}}}, lv: "", cv: "invalid", expectErrType: []error{fosite.ErrAccessDenied}, @@ -162,7 +162,7 @@ func TestStrategy(t *testing.T) { d: "This should fail because the request was redirected but the login endpoint doesn't do anything (like redirecting back)", req: fosite.AuthorizeRequest{ Request: fosite.Request{ - Client: &client.Client{ID: "client-id"}, + Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}, }, }, @@ -189,7 +189,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because the request was redirected but the login endpoint rejected the request", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { lr, res, err := apiClient.RejectLoginRequest(r.URL.Query().Get("login_challenge"), swagger.RejectRequest{ @@ -211,7 +211,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because no cookie jar / invalid csrf", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, lph: passAuthentication(apiClient, false), cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -226,7 +226,7 @@ func TestStrategy(t *testing.T) { { d: "This should fail because consent endpoints idles after login was granted - but consent endpoint should be called because cookie jar exists", jar: newCookieJar(), - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, lph: passAuthentication(apiClient, false), other: "display=page&ui_locales=de+en&acr_values=1+2", cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -253,14 +253,14 @@ func TestStrategy(t *testing.T) { d: "This should fail because consent verifier was set but does not exist", jar: newCookieJar(), cv: "invalid", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, expectFinalStatusCode: http.StatusForbidden, expectErrType: []error{fosite.ErrAccessDenied}, expectErr: []bool{true}, }, { d: "This should fail because consent endpoints denies the request after login was granted", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: newCookieJar(), lph: passAuthentication(apiClient, false), cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -284,7 +284,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass because login and consent have been granted", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: newCookieJar(), lph: passAuthentication(apiClient, false), cph: passAuthorization(apiClient, false), @@ -304,7 +304,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass because login and consent have been granted, this time we remember the decision", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, lph: passAuthentication(apiClient, true), cph: passAuthorization(apiClient, true), @@ -324,7 +324,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because prompt=none, client is public, and redirection scheme is not HTTPS but a custom scheme", - req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://redirection-scheme/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://redirection-scheme/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, prompt: "none", jar: persistentCJ, lph: passAuthentication(apiClient, false), @@ -335,7 +335,7 @@ func TestStrategy(t *testing.T) { // This test is disabled because it breaks OIDC Conformity Tests //{ // d: "This should pass but require consent because it's not an authorization_code flow", - // req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + // req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, // jar: persistentCJ, // lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { // return func(w http.ResponseWriter, r *http.Request) { @@ -397,7 +397,7 @@ func TestStrategy(t *testing.T) { //}, { d: "This should fail at login screen because subject from accept does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -425,7 +425,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and confirm previous authentication and consent because it is a authorization_code", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", Secret: "should-not-be-included"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", Secret: "should-not-be-included"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -489,7 +489,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and require re-authentication although session is set (because prompt=login)", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, prompt: "login+consent", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -549,7 +549,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and require re-authentication although session is set (because max_age=1)", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, maxAge: "1", setup: func() { @@ -612,7 +612,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because max_age=1 but prompt=none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, setup: func() { time.Sleep(time.Second * 2) @@ -625,7 +625,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because skip is true and remember as well when doing login", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -652,7 +652,7 @@ func TestStrategy(t *testing.T) { }, { d: "This fail because skip is true and remember as well when doing consent", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -703,7 +703,7 @@ func TestStrategy(t *testing.T) { { d: "This should fail because prompt is none but no auth session exists", prompt: "none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: newCookieJar(), expectFinalStatusCode: http.StatusBadRequest, expectErrType: []error{fosite.ErrLoginRequired}, @@ -712,7 +712,7 @@ func TestStrategy(t *testing.T) { { d: "This should fail because prompt is none and consent is missing a permission which requires re-authorization of the app", prompt: "none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a", "this-scope-has-not-been-granted-before"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a", "this-scope-has-not-been-granted-before"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -740,7 +740,7 @@ func TestStrategy(t *testing.T) { }, { d: "This pass and properly require authentication as well as authorization because prompt is set to login and consent - although previous session exists", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, prompt: "login+consent", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -790,7 +790,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because id_token_hint does not match authentication session and prompt is none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, prompt: "none", idTokenHint: fooUserIDToken, @@ -800,7 +800,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and require authentication because id_token_hint does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -828,7 +828,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and require authentication because id_token_hint does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ, idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -890,7 +890,7 @@ func TestStrategy(t *testing.T) { // checks revoking sessions { d: "This should pass as regularly and create a new session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ2, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -913,7 +913,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should pass and also revoke the session cookie", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ2, prompt: "login", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -937,7 +937,7 @@ func TestStrategy(t *testing.T) { }, // these two tests depend on one another { d: "This should require re-authentication because the session was revoked in the previous test", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: persistentCJ2, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -968,7 +968,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should require re-authentication because the session does not exist in the store", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: nonexistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -999,7 +999,7 @@ func TestStrategy(t *testing.T) { }, { d: "This should fail because the user from the ID token does not match the user from the accept login request", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, Scopes: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, Scopes: []string{"scope-a"}}}, jar: newCookieJar(), idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { diff --git a/docker-compose.yml b/docker-compose.yml index f394e848051..2fe66c7746a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,7 +39,6 @@ services: - hydra-migrate ports: - "4444:4444" - - "4445:4445" command: serve --dangerous-force-http environment: @@ -52,6 +51,7 @@ services: # - DATABASE_URL=mysql://root:secret@tcp(mysqld:3306)/mysql?parseTime=true - SYSTEM_SECRET=youReallyNeedToChangeThis - OAUTH2_SHARE_ERROR_DEBUG=1 + - OAUTH2_ACCESS_TOKEN_STRATEGY=jwt restart: unless-stopped consent: diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 49fe67181ac..eff6f931bdd 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -2326,11 +2326,6 @@ }, "x-go-name": "GrantTypes" }, - "id": { - "description": "ID is an alisa for client_id.", - "type": "string", - "x-go-name": "ID" - }, "jwks": { "$ref": "#/definitions/JSONWebKeySet" }, diff --git a/integration/sql_schema_test.go b/integration/sql_schema_test.go index b814426dcca..105682e7c34 100644 --- a/integration/sql_schema_test.go +++ b/integration/sql_schema_test.go @@ -76,7 +76,7 @@ func TestSQLSchema(t *testing.T) { require.NoError(t, jm.AddKey("integration-test-foo", jwk.First(p1))) require.NoError(t, pm.Create(&ladon.DefaultPolicy{ID: "integration-test-foo", Resources: []string{"foo"}, Actions: []string{"bar"}, Subjects: []string{"baz"}, Effect: "allow"})) - require.NoError(t, cm.CreateClient(&client.Client{ID: "integration-test-foo"})) + require.NoError(t, cm.CreateClient(&client.Client{ClientID: "integration-test-foo"})) require.NoError(t, crm.CreateAuthenticationSession(&consent.AuthenticationSession{ ID: "foo", AuthenticatedAt: time.Now(), diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index 03e4425bb2f..97d24485dec 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -40,7 +40,7 @@ import ( var fositeStores = map[string]pkg.FositeStorer{} var clientManager = &client.MemoryManager{ - Clients: []client.Client{{ID: "foobar"}}, + Clients: []client.Client{{ClientID: "foobar"}}, Hasher: &fosite.BCrypt{}, } var databases = make(map[string]*sqlx.DB) diff --git a/oauth2/fosite_store_test_helpers.go b/oauth2/fosite_store_test_helpers.go index 8a536fa7f17..00572ee05eb 100644 --- a/oauth2/fosite_store_test_helpers.go +++ b/oauth2/fosite_store_test_helpers.go @@ -36,7 +36,7 @@ import ( var defaultRequest = fosite.Request{ RequestedAt: time.Now().UTC().Round(time.Second), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -92,10 +92,10 @@ func TestHelperRevokeRefreshToken(m pkg.FositeStorer) func(t *testing.T) { _, err := m.GetRefreshTokenSession(ctx, "1111", &fosite.DefaultSession{}) assert.NotNil(t, err) - err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{ID: id, Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &fosite.DefaultSession{}}) + err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{ID: id, Client: &client.Client{ClientID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &fosite.DefaultSession{}}) require.NoError(t, err) - err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{ID: id, Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &fosite.DefaultSession{}}) + err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{ID: id, Client: &client.Client{ClientID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &fosite.DefaultSession{}}) require.NoError(t, err) _, err = m.GetRefreshTokenSession(ctx, "1111", &fosite.DefaultSession{}) @@ -184,7 +184,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -193,7 +193,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-2", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -202,7 +202,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-3", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index 38da9675688..95b97f4b754 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -56,7 +56,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -65,7 +65,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-2", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -74,7 +74,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-3", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{ID: "foobar"}, + Client: &client.Client{ClientID: "foobar"}, Scopes: fosite.Arguments{"fa", "ba"}, GrantedScopes: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index a4df50712cf..8c31c23d093 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -179,13 +179,13 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { api := httptest.NewServer(apiRouter) client := hc.Client{ - ID: "e2e-app-client" + km, Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, + ClientID: "e2e-app-client" + km, Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, Scope: "hydra offline openid", } oauthConfig := &oauth2.Config{ - ClientID: client.ID, ClientSecret: client.Secret, + ClientID: client.GetID(), ClientSecret: client.Secret, Endpoint: oauth2.Endpoint{AuthURL: ts.URL + "/oauth2/auth", TokenURL: ts.URL + "/oauth2/token"}, RedirectURL: client.RedirectURIs[0], Scopes: []string{"hydra", "offline", "openid"}, } @@ -225,7 +225,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { require.EqualValues(t, http.StatusOK, res.StatusCode) assert.False(t, rr.Skip) assert.Empty(t, rr.Subject) - assert.EqualValues(t, client.ID, rr.Client.ClientId) + assert.EqualValues(t, client.GetID(), rr.Client.ClientId) assert.EqualValues(t, client.GrantTypes, rr.Client.GrantTypes) assert.EqualValues(t, client.LogoURI, rr.Client.LogoUri) assert.EqualValues(t, client.RedirectURIs, rr.Client.RedirectUris) @@ -249,7 +249,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { require.EqualValues(t, http.StatusOK, res.StatusCode) assert.False(t, rr.Skip) assert.EqualValues(t, "user-a", rr.Subject) - assert.EqualValues(t, client.ID, rr.Client.ClientId) + assert.EqualValues(t, client.GetID(), rr.Client.ClientId) assert.EqualValues(t, client.GrantTypes, rr.Client.GrantTypes) assert.EqualValues(t, client.LogoURI, rr.Client.LogoUri) assert.EqualValues(t, client.RedirectURIs, rr.Client.RedirectUris) @@ -645,7 +645,7 @@ func TestAuthCodeWithMockStrategy(t *testing.T) { m := sync.Mutex{} store.CreateClient(&hc.Client{ - ID: "app-client", + ClientID: "app-client", Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, diff --git a/oauth2/oauth2_client_credentials_test.go b/oauth2/oauth2_client_credentials_test.go index 0322ef8104c..f84b690854b 100644 --- a/oauth2/oauth2_client_credentials_test.go +++ b/oauth2/oauth2_client_credentials_test.go @@ -77,7 +77,7 @@ func TestClientCredentials(t *testing.T) { handler.SetRoutes(router) require.NoError(t, store.CreateClient(&hc.Client{ - ID: "app-client", + ClientID: "app-client", Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"token"}, diff --git a/sdk/go/hydra/swagger/docs/OAuth2Client.md b/sdk/go/hydra/swagger/docs/OAuth2Client.md index 30914c136d2..b84f51bd5f1 100644 --- a/sdk/go/hydra/swagger/docs/OAuth2Client.md +++ b/sdk/go/hydra/swagger/docs/OAuth2Client.md @@ -10,7 +10,6 @@ Name | Type | Description | Notes **ClientUri** | **string** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional] [default to null] **Contacts** | **[]string** | Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses. | [optional] [default to null] **GrantTypes** | **[]string** | GrantTypes is an array of grant types the client is allowed to use. | [optional] [default to null] -**Id** | **string** | ID is an alisa for client_id. | [optional] [default to null] **Jwks** | [**JsonWebKeySet**](JSONWebKeySet.md) | | [optional] [default to null] **JwksUri** | **string** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | [optional] [default to null] **LogoUri** | **string** | LogoURI is an URL string that references a logo for the client. | [optional] [default to null] diff --git a/sdk/go/hydra/swagger/o_auth2_client.go b/sdk/go/hydra/swagger/o_auth2_client.go index 55b324ed33a..97440e6dd0d 100644 --- a/sdk/go/hydra/swagger/o_auth2_client.go +++ b/sdk/go/hydra/swagger/o_auth2_client.go @@ -33,9 +33,6 @@ type OAuth2Client struct { // GrantTypes is an array of grant types the client is allowed to use. GrantTypes []string `json:"grant_types,omitempty"` - // ID is an alisa for client_id. - Id string `json:"id,omitempty"` - Jwks JsonWebKeySet `json:"jwks,omitempty"` // URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. diff --git a/sdk/js/swagger/docs/OAuth2Client.md b/sdk/js/swagger/docs/OAuth2Client.md index e1e77281f82..85894657b1f 100644 --- a/sdk/js/swagger/docs/OAuth2Client.md +++ b/sdk/js/swagger/docs/OAuth2Client.md @@ -10,7 +10,6 @@ Name | Type | Description | Notes **clientUri** | **String** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional] **contacts** | **[String]** | Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses. | [optional] **grantTypes** | **[String]** | GrantTypes is an array of grant types the client is allowed to use. | [optional] -**id** | **String** | ID is an alisa for client_id. | [optional] **jwks** | [**JSONWebKeySet**](JSONWebKeySet.md) | | [optional] **jwksUri** | **String** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | [optional] **logoUri** | **String** | LogoURI is an URL string that references a logo for the client. | [optional] diff --git a/sdk/js/swagger/src/model/OAuth2Client.js b/sdk/js/swagger/src/model/OAuth2Client.js index cc51885935e..7b62b0d20d8 100644 --- a/sdk/js/swagger/src/model/OAuth2Client.js +++ b/sdk/js/swagger/src/model/OAuth2Client.js @@ -98,9 +98,6 @@ 'String' ]) } - if (data.hasOwnProperty('id')) { - obj['id'] = ApiClient.convertToType(data['id'], 'String') - } if (data.hasOwnProperty('jwks')) { obj['jwks'] = JSONWebKeySet.constructFromObject(data['jwks']) } @@ -204,11 +201,6 @@ * @member {Array.} grant_types */ exports.prototype['grant_types'] = undefined - /** - * ID is an alisa for client_id. - * @member {String} id - */ - exports.prototype['id'] = undefined /** * @member {module:model/JSONWebKeySet} jwks */ diff --git a/sdk/php/swagger/docs/Model/OAuth2Client.md b/sdk/php/swagger/docs/Model/OAuth2Client.md index 3a6d1495980..1e84e7077fa 100644 --- a/sdk/php/swagger/docs/Model/OAuth2Client.md +++ b/sdk/php/swagger/docs/Model/OAuth2Client.md @@ -10,7 +10,6 @@ Name | Type | Description | Notes **client_uri** | **string** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional] **contacts** | **string[]** | Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses. | [optional] **grant_types** | **string[]** | GrantTypes is an array of grant types the client is allowed to use. | [optional] -**id** | **string** | ID is an alisa for client_id. | [optional] **jwks** | [**\Hydra\SDK\Model\JSONWebKeySet**](JSONWebKeySet.md) | | [optional] **jwks_uri** | **string** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. | [optional] **logo_uri** | **string** | LogoURI is an URL string that references a logo for the client. | [optional] diff --git a/sdk/php/swagger/lib/Model/OAuth2Client.php b/sdk/php/swagger/lib/Model/OAuth2Client.php index 9babf2d55aa..5edc64755b8 100644 --- a/sdk/php/swagger/lib/Model/OAuth2Client.php +++ b/sdk/php/swagger/lib/Model/OAuth2Client.php @@ -61,7 +61,6 @@ class OAuth2Client implements ArrayAccess 'client_uri' => 'string', 'contacts' => 'string[]', 'grant_types' => 'string[]', - 'id' => 'string', 'jwks' => '\Hydra\SDK\Model\JSONWebKeySet', 'jwks_uri' => 'string', 'logo_uri' => 'string', @@ -90,7 +89,6 @@ class OAuth2Client implements ArrayAccess 'client_uri' => null, 'contacts' => null, 'grant_types' => null, - 'id' => null, 'jwks' => null, 'jwks_uri' => null, 'logo_uri' => null, @@ -129,7 +127,6 @@ public static function swaggerFormats() 'client_uri' => 'client_uri', 'contacts' => 'contacts', 'grant_types' => 'grant_types', - 'id' => 'id', 'jwks' => 'jwks', 'jwks_uri' => 'jwks_uri', 'logo_uri' => 'logo_uri', @@ -159,7 +156,6 @@ public static function swaggerFormats() 'client_uri' => 'setClientUri', 'contacts' => 'setContacts', 'grant_types' => 'setGrantTypes', - 'id' => 'setId', 'jwks' => 'setJwks', 'jwks_uri' => 'setJwksUri', 'logo_uri' => 'setLogoUri', @@ -189,7 +185,6 @@ public static function swaggerFormats() 'client_uri' => 'getClientUri', 'contacts' => 'getContacts', 'grant_types' => 'getGrantTypes', - 'id' => 'getId', 'jwks' => 'getJwks', 'jwks_uri' => 'getJwksUri', 'logo_uri' => 'getLogoUri', @@ -244,7 +239,6 @@ public function __construct(array $data = null) $this->container['client_uri'] = isset($data['client_uri']) ? $data['client_uri'] : null; $this->container['contacts'] = isset($data['contacts']) ? $data['contacts'] : null; $this->container['grant_types'] = isset($data['grant_types']) ? $data['grant_types'] : null; - $this->container['id'] = isset($data['id']) ? $data['id'] : null; $this->container['jwks'] = isset($data['jwks']) ? $data['jwks'] : null; $this->container['jwks_uri'] = isset($data['jwks_uri']) ? $data['jwks_uri'] : null; $this->container['logo_uri'] = isset($data['logo_uri']) ? $data['logo_uri'] : null; @@ -440,27 +434,6 @@ public function setGrantTypes($grant_types) return $this; } - /** - * Gets id - * @return string - */ - public function getId() - { - return $this->container['id']; - } - - /** - * Sets id - * @param string $id ID is an alisa for client_id. - * @return $this - */ - public function setId($id) - { - $this->container['id'] = $id; - - return $this; - } - /** * Gets jwks * @return \Hydra\SDK\Model\JSONWebKeySet