From 8e0ae820340f40593c497d155c27e2211f948df4 Mon Sep 17 00:00:00 2001 From: Lars Lehtonen Date: Fri, 15 Nov 2019 16:31:22 -0800 Subject: [PATCH] connector/oidc: replace deprecated oauth2.RegisterBrokenAuthHeaderProvider with oauth2.Endpoint.AuthStyle --- connector/oidc/oidc.go | 21 +++++---------------- connector/oidc/oidc_test.go | 2 ++ 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 341e4e0a..2c199112 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -9,7 +9,6 @@ import ( "net/http" "net/url" "strings" - "sync" "time" "github.com/coreos/go-oidc" @@ -85,18 +84,6 @@ func knownBrokenAuthHeaderProvider(issuerURL string) bool { return false } -// golang.org/x/oauth2 doesn't do internal locking. Need to do it in this -// package ourselves and hope that other packages aren't calling it at the -// same time. -var registerMu = new(sync.Mutex) - -func registerBrokenAuthHeaderProvider(url string) { - registerMu.Lock() - defer registerMu.Unlock() - - oauth2.RegisterBrokenAuthHeaderProvider(url) -} - // Open returns a connector which can be used to login users through an upstream // OpenID Connect provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { @@ -108,13 +95,15 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e return nil, fmt.Errorf("failed to get provider: %v", err) } + endpoint := provider.Endpoint() + if c.BasicAuthUnsupported != nil { // Setting "basicAuthUnsupported" always overrides our detection. if *c.BasicAuthUnsupported { - registerBrokenAuthHeaderProvider(provider.Endpoint().TokenURL) + endpoint.AuthStyle = oauth2.AuthStyleInParams } } else if knownBrokenAuthHeaderProvider(c.Issuer) { - registerBrokenAuthHeaderProvider(provider.Endpoint().TokenURL) + endpoint.AuthStyle = oauth2.AuthStyleInParams } scopes := []string{oidc.ScopeOpenID} @@ -131,7 +120,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e oauth2Config: &oauth2.Config{ ClientID: clientID, ClientSecret: c.ClientSecret, - Endpoint: provider.Endpoint(), + Endpoint: endpoint, Scopes: scopes, RedirectURL: c.RedirectURI, }, diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index f766a875..f5f53e6b 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -111,6 +111,7 @@ func TestHandleCallback(t *testing.T) { } defer testServer.Close() serverURL := testServer.URL + basicAuth := true config := Config{ Issuer: serverURL, ClientID: "clientID", @@ -120,6 +121,7 @@ func TestHandleCallback(t *testing.T) { UserIDKey: tc.userIDKey, UserNameKey: tc.userNameKey, InsecureSkipEmailVerified: tc.insecureSkipEmailVerified, + BasicAuthUnsupported: &basicAuth, } conn, err := newConnector(config)