diff --git a/client/client.go b/client/client.go index d08e73e6..ad932404 100644 --- a/client/client.go +++ b/client/client.go @@ -172,7 +172,7 @@ func (ci *clientIdentity) UnmarshalJSON(data []byte) error { Secret: c.Secret, } ci.Metadata = oidc.ClientMetadata{ - RedirectURLs: make([]url.URL, len(c.RedirectURLs)), + RedirectURIs: make([]url.URL, len(c.RedirectURLs)), } for i, us := range c.RedirectURLs { @@ -180,7 +180,7 @@ func (ci *clientIdentity) UnmarshalJSON(data []byte) error { if err != nil { return err } - ci.Metadata.RedirectURLs[i] = *up + ci.Metadata.RedirectURIs[i] = *up } return nil diff --git a/client/client_test.go b/client/client_test.go index d018b466..666e1f05 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -18,7 +18,7 @@ func TestMemClientIdentityRepoNew(t *testing.T) { { id: "foo", meta: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "https", Host: "example.com", @@ -29,7 +29,7 @@ func TestMemClientIdentityRepoNew(t *testing.T) { { id: "bar", meta: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "https", Host: "example.com/foo"}, url.URL{Scheme: "https", Host: "example.com/bar"}, }, @@ -60,8 +60,8 @@ func TestMemClientIdentityRepoNew(t *testing.T) { t.Errorf("case %d: expected repo to contain newly created Client", i) } - wantURLs := tt.meta.RedirectURLs - gotURLs := all[0].Metadata.RedirectURLs + wantURLs := tt.meta.RedirectURIs + gotURLs := all[0].Metadata.RedirectURIs if !reflect.DeepEqual(wantURLs, gotURLs) { t.Errorf("case %d: redirect url mismatch, want=%v, got=%v", i, wantURLs, gotURLs) } @@ -72,7 +72,7 @@ func TestMemClientIdentityRepoNewDuplicate(t *testing.T) { cr := NewClientIdentityRepo(nil) meta1 := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "https", Host: "foo.example.com"}, }, } @@ -82,7 +82,7 @@ func TestMemClientIdentityRepoNewDuplicate(t *testing.T) { } meta2 := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "https", Host: "bar.example.com"}, }, } @@ -174,7 +174,7 @@ func TestClientIdentityUnmarshalJSON(t *testing.T) { sort.Strings(expectedURLs) actualURLs := make([]string, 0) - for _, u := range actual.Metadata.RedirectURLs { + for _, u := range actual.Metadata.RedirectURIs { actualURLs = append(actualURLs, u.String()) } sort.Strings(actualURLs) diff --git a/cmd/dexctl/command_client.go b/cmd/dexctl/command_client.go index 4460b9ad..ee67250d 100644 --- a/cmd/dexctl/command_client.go +++ b/cmd/dexctl/command_client.go @@ -37,7 +37,7 @@ func runNewClient(cmd *cobra.Command, args []string) int { redirectURLs[i] = *u } - cc, err := getDriver().NewClient(oidc.ClientMetadata{RedirectURLs: redirectURLs}) + cc, err := getDriver().NewClient(oidc.ClientMetadata{RedirectURIs: redirectURLs}) if err != nil { stderr("Failed creating new client: %v", err) return 1 diff --git a/cmd/dexctl/driver_api.go b/cmd/dexctl/driver_api.go index b287e5bd..ef05bdee 100644 --- a/cmd/dexctl/driver_api.go +++ b/cmd/dexctl/driver_api.go @@ -21,13 +21,13 @@ func newAPIDriver(pcfg oidc.ProviderConfig, creds oidc.ClientCredentials) (drive trans := &oidc.AuthenticatedTransport{ TokenRefresher: &oidc.ClientCredsTokenRefresher{ - Issuer: pcfg.Issuer, + Issuer: pcfg.Issuer.String(), OIDCClient: oc, }, RoundTripper: http.DefaultTransport, } hc := &http.Client{Transport: trans} - svc, err := schema.NewWithBasePath(hc, pcfg.Issuer) + svc, err := schema.NewWithBasePath(hc, pcfg.Issuer.String()) if err != nil { return nil, err } @@ -41,10 +41,10 @@ type apiDriver struct { func (d *apiDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) { sc := &schema.Client{ - RedirectURIs: make([]string, len(meta.RedirectURLs)), + RedirectURIs: make([]string, len(meta.RedirectURIs)), } - for i, u := range meta.RedirectURLs { + for i, u := range meta.RedirectURIs { sc.RedirectURIs[i] = u.String() } diff --git a/cmd/dexctl/driver_db.go b/cmd/dexctl/driver_db.go index e5c8d760..7f61092a 100644 --- a/cmd/dexctl/driver_db.go +++ b/cmd/dexctl/driver_db.go @@ -31,7 +31,7 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, return nil, err } - clientID, err := oidc.GenClientID(meta.RedirectURLs[0].Host) + clientID, err := oidc.GenClientID(meta.RedirectURIs[0].Host) if err != nil { return nil, err } diff --git a/connector/connector_oidc_test.go b/connector/connector_oidc_test.go index df9077ce..4ef99e17 100644 --- a/connector/connector_oidc_test.go +++ b/connector/connector_oidc_test.go @@ -89,8 +89,8 @@ func TestLoginURL(t *testing.T) { Credentials: oidc.ClientCredentials{ID: tt.cid, Secret: "fake-client-secret"}, RedirectURL: tt.redir, ProviderConfig: oidc.ProviderConfig{ - AuthEndpoint: "http://example.com/authorize", - TokenEndpoint: "http://example.com/token", + AuthEndpoint: &url.URL{Scheme: "http", Host: "example.com", Path: "/authorize"}, + TokenEndpoint: &url.URL{Scheme: "http", Host: "example.com", Path: "/token"}, }, Scope: tt.scope, } diff --git a/functional/db_test.go b/functional/db_test.go index 59d950fa..d968a96b 100644 --- a/functional/db_test.go +++ b/functional/db_test.go @@ -193,7 +193,7 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) { r := db.NewClientIdentityRepo(connect(t)) cm := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"}, url.URL{Scheme: "https", Host: "example.com", Path: "/callback"}, }, @@ -230,7 +230,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) { r := db.NewClientIdentityRepo(connect(t)) meta1 := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "foo.example.com"}, }, } @@ -240,7 +240,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) { } meta2 := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "bar.example.com"}, }, } @@ -254,7 +254,7 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) { r := db.NewClientIdentityRepo(connect(t)) cm := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"}, }, } @@ -302,7 +302,7 @@ func TestDBClientIdentityAll(t *testing.T) { r := db.NewClientIdentityRepo(connect(t)) cm := oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"}, }, } @@ -326,7 +326,7 @@ func TestDBClientIdentityAll(t *testing.T) { } cm = oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "foo.com", Path: "/cb"}, }, } diff --git a/functional/repo/client_repo_test.go b/functional/repo/client_repo_test.go index 81e73bea..b76f6536 100644 --- a/functional/repo/client_repo_test.go +++ b/functional/repo/client_repo_test.go @@ -22,7 +22,7 @@ var ( Secret: "secret-1", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "https", Host: "client1.example.com/callback", @@ -36,7 +36,7 @@ var ( Secret: "secret-2", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "https", Host: "client2.example.com/callback", diff --git a/integration/client_api_test.go b/integration/client_api_test.go index f36323ad..46a9b376 100644 --- a/integration/client_api_test.go +++ b/integration/client_api_test.go @@ -72,8 +72,8 @@ func TestClientCreate(t *testing.T) { t.Error("Expected new client to exist in repo") } - gotURLs := make([]string, len(meta.RedirectURLs)) - for i, u := range meta.RedirectURLs { + gotURLs := make([]string, len(meta.RedirectURIs)) + for i, u := range meta.RedirectURIs { gotURLs[i] = u.String() } if !reflect.DeepEqual(newClientInput.RedirectURIs, gotURLs) { diff --git a/integration/user_api_test.go b/integration/user_api_test.go index 0b4c1431..6e7eaeaf 100644 --- a/integration/user_api_test.go +++ b/integration/user_api_test.go @@ -104,7 +104,7 @@ func makeUserAPITestFixtures() *userAPITestFixtures { Secret: testClientSecret, }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ testRedirectURL, }, }, @@ -115,7 +115,7 @@ func makeUserAPITestFixtures() *userAPITestFixtures { Secret: "secret", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ testRedirectURL, }, }, diff --git a/schema/workerschema/mapper.go b/schema/workerschema/mapper.go index 6236f59b..ab9c16e7 100644 --- a/schema/workerschema/mapper.go +++ b/schema/workerschema/mapper.go @@ -13,7 +13,7 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) { ID: sc.Id, }, Metadata: oidc.ClientMetadata{ - RedirectURLs: make([]url.URL, len(sc.RedirectURIs)), + RedirectURIs: make([]url.URL, len(sc.RedirectURIs)), }, } @@ -27,7 +27,7 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) { return oidc.ClientIdentity{}, errors.New("redirect URL invalid") } - ci.Metadata.RedirectURLs[i] = *u + ci.Metadata.RedirectURIs[i] = *u } return ci, nil @@ -36,9 +36,9 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) { func MapClientIdentityToSchemaClient(c oidc.ClientIdentity) Client { cl := Client{ Id: c.Credentials.ID, - RedirectURIs: make([]string, len(c.Metadata.RedirectURLs)), + RedirectURIs: make([]string, len(c.Metadata.RedirectURIs)), } - for i, u := range c.Metadata.RedirectURLs { + for i, u := range c.Metadata.RedirectURIs { cl.RedirectURIs[i] = u.String() } return cl @@ -48,9 +48,9 @@ func MapClientIdentityToSchemaClientWithSecret(c oidc.ClientIdentity) ClientWith cl := ClientWithSecret{ Id: c.Credentials.ID, Secret: c.Credentials.Secret, - RedirectURIs: make([]string, len(c.Metadata.RedirectURLs)), + RedirectURIs: make([]string, len(c.Metadata.RedirectURIs)), } - for i, u := range c.Metadata.RedirectURLs { + for i, u := range c.Metadata.RedirectURIs { cl.RedirectURIs[i] = u.String() } return cl diff --git a/server/client_resource.go b/server/client_resource.go index c1df3862..45f7027b 100644 --- a/server/client_resource.go +++ b/server/client_resource.go @@ -89,7 +89,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) { return } - clientID, err := oidc.GenClientID(ci.Metadata.RedirectURLs[0].Host) + clientID, err := oidc.GenClientID(ci.Metadata.RedirectURIs[0].Host) if err != nil { log.Errorf("Failed generating ID for new client: %v", err) writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to generate client ID")) diff --git a/server/client_resource_test.go b/server/client_resource_test.go index a1d4490d..9557966c 100644 --- a/server/client_resource_test.go +++ b/server/client_resource_test.go @@ -89,13 +89,13 @@ func TestCreateInvalidRequest(t *testing.T) { { req: &http.Request{Method: "POST", URL: u, Header: h, Body: makeBody(`{"redirectURIs":["asdf.com"]}`)}, wantCode: http.StatusBadRequest, - wantBody: `{"error":"invalid_client_metadata","error_description":"invalid redirect URL: scheme not http/https"}`, + wantBody: `{"error":"invalid_client_metadata","error_description":"no host for uri field redirect_uris"}`, }, // uri missing host { req: &http.Request{Method: "POST", URL: u, Header: h, Body: makeBody(`{"redirectURIs":["http://"]}`)}, wantCode: http.StatusBadRequest, - wantBody: `{"error":"invalid_client_metadata","error_description":"invalid redirect URL: host empty"}`, + wantBody: `{"error":"invalid_client_metadata","error_description":"no host for uri field redirect_uris"}`, }, } @@ -183,7 +183,7 @@ func TestList(t *testing.T) { oidc.ClientIdentity{ Credentials: oidc.ClientCredentials{ID: "foo", Secret: "bar"}, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "example.com"}, }, }, @@ -202,7 +202,7 @@ func TestList(t *testing.T) { oidc.ClientIdentity{ Credentials: oidc.ClientCredentials{ID: "foo", Secret: "bar"}, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "example.com"}, }, }, @@ -210,7 +210,7 @@ func TestList(t *testing.T) { oidc.ClientIdentity{ Credentials: oidc.ClientCredentials{ID: "biz", Secret: "bang"}, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "https", Host: "example.com", Path: "one/two/three"}, }, }, diff --git a/server/email_verification.go b/server/email_verification.go index fe3e9746..2bc01fa9 100644 --- a/server/email_verification.go +++ b/server/email_verification.go @@ -158,7 +158,7 @@ func handleVerifyEmailResendFunc( return } - *redirectURL, err = client.ValidRedirectURL(redirectURL, cm.RedirectURLs) + *redirectURL, err = client.ValidRedirectURL(redirectURL, cm.RedirectURIs) if err != nil { switch err { case (client.ErrorInvalidRedirectURL): diff --git a/server/http.go b/server/http.go index 049ae778..c2855269 100644 --- a/server/http.go +++ b/server/http.go @@ -55,7 +55,7 @@ func handleDiscoveryFunc(cfg oidc.ProviderConfig) http.HandlerFunc { return } - b, err := json.Marshal(cfg) + b, err := json.Marshal(&cfg) if err != nil { log.Errorf("Unable to marshal %#v to JSON: %v", cfg, err) } @@ -309,13 +309,13 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T return } - if len(cm.RedirectURLs) == 0 { + if len(cm.RedirectURIs) == 0 { log.Errorf("Client %q has no redirect URLs", acr.ClientID) writeAuthError(w, oauth2.NewError(oauth2.ErrorServerError), acr.State) return } - redirectURL, err := client.ValidRedirectURL(acr.RedirectURL, cm.RedirectURLs) + redirectURL, err := client.ValidRedirectURL(acr.RedirectURL, cm.RedirectURIs) if err != nil { switch err { case (client.ErrorCantChooseRedirectURL): diff --git a/server/http_test.go b/server/http_test.go index 0820a7ce..da35bd83 100644 --- a/server/http_test.go +++ b/server/http_test.go @@ -83,7 +83,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"}, }, }, @@ -206,7 +206,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{Scheme: "http", Host: "foo.example.com", Path: "/callback"}, url.URL{Scheme: "http", Host: "bar.example.com", Path: "/callback"}, }, @@ -363,17 +363,22 @@ func TestHandleDiscoveryFuncMethodNotAllowed(t *testing.T) { } func TestHandleDiscoveryFunc(t *testing.T) { - u := "http://server.example.com" + u := url.URL{Scheme: "http", Host: "server.example.com"} + pathURL := func(path string) *url.URL { + ucopy := u + ucopy.Path = path + return &ucopy + } cfg := oidc.ProviderConfig{ - Issuer: u, - AuthEndpoint: u + httpPathAuth, - TokenEndpoint: u + httpPathToken, - KeysEndpoint: u + httpPathKeys, + Issuer: &u, + AuthEndpoint: pathURL(httpPathAuth), + TokenEndpoint: pathURL(httpPathToken), + KeysEndpoint: pathURL(httpPathKeys), GrantTypesSupported: []string{oauth2.GrantTypeAuthCode}, ResponseTypesSupported: []string{"code"}, SubjectTypesSupported: []string{"public"}, - IDTokenAlgValuesSupported: []string{"RS256"}, + IDTokenSigningAlgValues: []string{"RS256"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, } diff --git a/server/password.go b/server/password.go index f2f9ffe6..4d517f05 100644 --- a/server/password.go +++ b/server/password.go @@ -134,7 +134,7 @@ func (h *SendResetPasswordEmailHandler) validateRedirectURL(clientID string, red return url.URL{}, false } - validURL, err := client.ValidRedirectURL(parsed, cm.RedirectURLs) + validURL, err := client.ValidRedirectURL(parsed, cm.RedirectURIs) if err != nil { log.Errorf("Invalid redirectURL for clientID: redirectURL:%q, clientID:%q", redirectURL, clientID) return url.URL{}, false diff --git a/server/server.go b/server/server.go index f2da3739..b8206397 100644 --- a/server/server.go +++ b/server/server.go @@ -110,19 +110,24 @@ func (s *Server) KillSession(sessionKey string) error { return err } -func (s *Server) ProviderConfig() oidc.ProviderConfig { - iss := s.IssuerURL.String() - cfg := oidc.ProviderConfig{ - Issuer: iss, +func (s *Server) pathURL(path string) *url.URL { + u := s.IssuerURL + u.Path = path + return &u +} - AuthEndpoint: iss + httpPathAuth, - TokenEndpoint: iss + httpPathToken, - KeysEndpoint: iss + httpPathKeys, +func (s *Server) ProviderConfig() oidc.ProviderConfig { + cfg := oidc.ProviderConfig{ + Issuer: &s.IssuerURL, + + AuthEndpoint: s.pathURL(httpPathAuth), + TokenEndpoint: s.pathURL(httpPathToken), + KeysEndpoint: s.pathURL(httpPathKeys), GrantTypesSupported: []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeClientCreds}, ResponseTypesSupported: []string{"code"}, SubjectTypesSupported: []string{"public"}, - IDTokenAlgValuesSupported: []string{"RS256"}, + IDTokenSigningAlgValues: []string{"RS256"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, } diff --git a/server/server_test.go b/server/server_test.go index 5a162c16..65e0162f 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -17,6 +17,7 @@ import ( "github.com/coreos/go-oidc/key" "github.com/coreos/go-oidc/oauth2" "github.com/coreos/go-oidc/oidc" + "github.com/kylelemons/godebug/pretty" ) type StaticKeyManager struct { @@ -100,20 +101,21 @@ func TestServerProviderConfig(t *testing.T) { srv := &Server{IssuerURL: url.URL{Scheme: "http", Host: "server.example.com"}} want := oidc.ProviderConfig{ - Issuer: "http://server.example.com", - AuthEndpoint: "http://server.example.com/auth", - TokenEndpoint: "http://server.example.com/token", - KeysEndpoint: "http://server.example.com/keys", + Issuer: &url.URL{Scheme: "http", Host: "server.example.com"}, + AuthEndpoint: &url.URL{Scheme: "http", Host: "server.example.com", Path: "/auth"}, + TokenEndpoint: &url.URL{Scheme: "http", Host: "server.example.com", Path: "/token"}, + KeysEndpoint: &url.URL{Scheme: "http", Host: "server.example.com", Path: "/keys"}, + GrantTypesSupported: []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeClientCreds}, ResponseTypesSupported: []string{"code"}, SubjectTypesSupported: []string{"public"}, - IDTokenAlgValuesSupported: []string{"RS256"}, + IDTokenSigningAlgValues: []string{"RS256"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, } got := srv.ProviderConfig() - if !reflect.DeepEqual(want, got) { - t.Fatalf("want=%#v, got=%#v", want, got) + if diff := pretty.Compare(want, got); diff != "" { + t.Fatalf("provider config did not match expected: %s", diff) } } @@ -131,7 +133,7 @@ func TestServerNewSession(t *testing.T) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "http", Host: "client.example.com", @@ -141,7 +143,7 @@ func TestServerNewSession(t *testing.T) { }, } - key, err := srv.NewSession("bogus_idpc", ci.Credentials.ID, state, ci.Metadata.RedirectURLs[0], nonce, false, []string{"openid"}) + key, err := srv.NewSession("bogus_idpc", ci.Credentials.ID, state, ci.Metadata.RedirectURIs[0], nonce, false, []string{"openid"}) if err != nil { t.Fatalf("Unexpected error: %v", err) } @@ -156,8 +158,8 @@ func TestServerNewSession(t *testing.T) { t.Fatalf("Unable to add Identity to Session: %v", err) } - if !reflect.DeepEqual(ci.Metadata.RedirectURLs[0], ses.RedirectURL) { - t.Fatalf("Session created with incorrect RedirectURL: want=%#v got=%#v", ci.Metadata.RedirectURLs[0], ses.RedirectURL) + if !reflect.DeepEqual(ci.Metadata.RedirectURIs[0], ses.RedirectURL) { + t.Fatalf("Session created with incorrect RedirectURL: want=%#v got=%#v", ci.Metadata.RedirectURIs[0], ses.RedirectURL) } if ci.Credentials.ID != ses.ClientID { @@ -180,7 +182,7 @@ func TestServerLogin(t *testing.T) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "http", Host: "client.example.com", @@ -197,7 +199,7 @@ func TestServerLogin(t *testing.T) { sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo()) sm.GenerateCode = staticGenerateCodeFunc("fakecode") - sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURLs[0], "", false, []string{"openid"}) + sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURIs[0], "", false, []string{"openid"}) if err != nil { t.Fatalf("Unexpected error: %v", err) } @@ -269,7 +271,7 @@ func TestServerLoginDisabledUser(t *testing.T) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ url.URL{ Scheme: "http", Host: "client.example.com", @@ -286,7 +288,7 @@ func TestServerLoginDisabledUser(t *testing.T) { sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo()) sm.GenerateCode = staticGenerateCodeFunc("fakecode") - sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURLs[0], "", false, []string{"openid"}) + sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURIs[0], "", false, []string{"openid"}) if err != nil { t.Fatalf("Unexpected error: %v", err) } diff --git a/server/testutil.go b/server/testutil.go index fed05f25..b3770121 100644 --- a/server/testutil.go +++ b/server/testutil.go @@ -133,7 +133,7 @@ func makeTestFixtures() (*testFixtures, error) { Secret: testClientSecret, }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ testRedirectURL, }, }, diff --git a/user/api/api.go b/user/api/api.go index 2eea7f5c..0c5f5eac 100644 --- a/user/api/api.go +++ b/user/api/api.go @@ -153,7 +153,7 @@ func (u *UsersAPI) CreateUser(creds Creds, usr schema.User, redirURL url.URL) (s return schema.UserCreateResponse{}, mapError(err) } - validRedirURL, err := client.ValidRedirectURL(&redirURL, metadata.RedirectURLs) + validRedirURL, err := client.ValidRedirectURL(&redirURL, metadata.RedirectURIs) if err != nil { return schema.UserCreateResponse{}, ErrorInvalidRedirectURL } diff --git a/user/api/api_test.go b/user/api/api_test.go index 967db2ac..404fa9d8 100644 --- a/user/api/api_test.go +++ b/user/api/api_test.go @@ -136,7 +136,7 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) { Secret: "secrete", }, Metadata: oidc.ClientMetadata{ - RedirectURLs: []url.URL{ + RedirectURIs: []url.URL{ validRedirURL, }, },