feat: allow deletion of an individual OIDC credential #3968
Conversation
| @@ -507,6 +507,80 @@ func (i *Identity) WithDeclassifiedCredentials(ctx context.Context, c cipher.Pro | |||
| return &ii, nil | |||
| } | |||
|
|
|||
| func (i *Identity) deleteCredentialWebAuthFromIdentity() error { | |||
There was a problem hiding this comment.
This function was moved here from identity/handler.go where it had the signature func deletCredentialWebAuthFromIdentity(identity *Identity) (*Identity, error)
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3968 +/- ##
==========================================
- Coverage 78.21% 78.19% -0.03%
==========================================
Files 363 363
Lines 25486 25516 +30
==========================================
+ Hits 19935 19953 +18
- Misses 4030 4038 +8
- Partials 1521 1525 +4 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
This is looking great already!
What I'm most worried about is that we accidentally delete the wrong credential. While it doesn't appear to be the case from reading the code, I think it would be good to have test(s) that verify that.
To make it a bit easier to test, you can probably set up a unit test for the new identity methods?
|
I've added a test |
This extends the existing
DELETE /admin/identities/{id}/credentials/{type}API to accept an?identifier=foobarquery parameter for{type}==oidclike such:DELETE /admin/identities/{id}/credentials/oidc?identifier=github%3A012345This will delete the GitHub OIDC credential with the identifier
github:012345(012345is the subject as returned by GitHub).To find out which OIDC credentials exist, call
GET /admin/identities/{id}?include_credential=oidcbeforehand.This will allow you to delete individual OIDC credentials for users even if they have several set up.