From 62abddca7d506c6c2a0c0e6f25d629c79137c877 Mon Sep 17 00:00:00 2001 From: Benjamin Ullian Date: Mon, 4 Jan 2021 22:10:32 -0500 Subject: [PATCH 1/2] fix etcd pkce authcode json deserialization Signed-off-by: Benjamin Ullian --- storage/etcd/etcd.go | 6 +++++- storage/etcd/types.go | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/storage/etcd/etcd.go b/storage/etcd/etcd.go index e8abe3d0..6f320e22 100644 --- a/storage/etcd/etcd.go +++ b/storage/etcd/etcd.go @@ -156,7 +156,11 @@ func (c *conn) CreateAuthCode(a storage.AuthCode) error { func (c *conn) GetAuthCode(id string) (a storage.AuthCode, err error) { ctx, cancel := context.WithTimeout(context.Background(), defaultStorageTimeout) defer cancel() - err = c.getKey(ctx, keyID(authCodePrefix, id), &a) + var ac AuthCode + err = c.getKey(ctx, keyID(authCodePrefix, id), &ac) + if err == nil { + a = toStorageAuthCode(ac) + } return a, err } diff --git a/storage/etcd/types.go b/storage/etcd/types.go index 22e083af..f2ffd9f7 100644 --- a/storage/etcd/types.go +++ b/storage/etcd/types.go @@ -26,6 +26,24 @@ type AuthCode struct { CodeChallengeMethod string `json:"code_challenge_method,omitempty"` } +func toStorageAuthCode(a AuthCode) storage.AuthCode { + return storage.AuthCode{ + ID: a.ID, + ClientID: a.ClientID, + RedirectURI: a.RedirectURI, + ConnectorID: a.ConnectorID, + ConnectorData: a.ConnectorData, + Nonce: a.Nonce, + Scopes: a.Scopes, + Claims: toStorageClaims(a.Claims), + Expiry: a.Expiry, + PKCE: storage.PKCE{ + CodeChallenge: a.CodeChallenge, + CodeChallengeMethod: a.CodeChallengeMethod, + }, + } +} + func fromStorageAuthCode(a storage.AuthCode) AuthCode { return AuthCode{ ID: a.ID, From b45a501c9930f5cabe26c6211b106c2224c0062b Mon Sep 17 00:00:00 2001 From: Benjamin Ullian Date: Mon, 4 Jan 2021 22:49:12 -0500 Subject: [PATCH 2/2] add PKCE roundtrip to conformance test Signed-off-by: Benjamin Ullian --- storage/conformance/conformance.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go index baf3948d..563a4030 100644 --- a/storage/conformance/conformance.go +++ b/storage/conformance/conformance.go @@ -185,6 +185,10 @@ func testAuthCodeCRUD(t *testing.T, s storage.Storage) { Expiry: neverExpire, ConnectorID: "ldap", ConnectorData: []byte(`{"some":"data"}`), + PKCE: storage.PKCE{ + CodeChallenge: "12345", + CodeChallengeMethod: "Whatever", + }, Claims: storage.Claims{ UserID: "1", Username: "jane",