From 32b707cf46214af66987463188a13e0592c6266e Mon Sep 17 00:00:00 2001 From: Brian Tajuddin Date: Thu, 4 Jul 2024 01:31:40 -0700 Subject: [PATCH] feat(6222): remove @ and project from OIDC client ID (#8178) # Which Problems Are Solved The client ID for OIDC applications has an `@` in it, which is not allowed in some 3rd-party systems (such as AWS). # How the Problems Are Solved Per @fforootd and @hifabienne in #6222, remove the project suffix and the `@` from the client ID and just use the generated ID. # Additional Changes N/A # Additional Context - Closes #6222 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Livio Spring --- .../e2e/applications/applications.cy.ts | 4 +- internal/command/instance_test.go | 4 +- internal/command/project_application_api.go | 14 ++-- .../command/project_application_api_test.go | 64 +++++++++++++-- internal/command/project_application_oidc.go | 14 ++-- .../command/project_application_oidc_test.go | 77 +++++++++++++++++-- internal/domain/application_oauth.go | 18 +---- internal/query/oidc_client_test.go | 40 +++++++++- internal/query/testdata/oidc_client_jwt.json | 2 +- .../testdata/oidc_client_no_settings.json | 2 +- .../query/testdata/oidc_client_public.json | 2 +- .../testdata/oidc_client_public_old_id.json | 28 +++++++ .../query/testdata/oidc_client_secret.json | 2 +- 13 files changed, 220 insertions(+), 51 deletions(-) create mode 100644 internal/query/testdata/oidc_client_public_old_id.json diff --git a/e2e/cypress/e2e/applications/applications.cy.ts b/e2e/cypress/e2e/applications/applications.cy.ts index df3ea0c860..ec5932165d 100644 --- a/e2e/cypress/e2e/applications/applications.cy.ts +++ b/e2e/cypress/e2e/applications/applications.cy.ts @@ -37,7 +37,7 @@ describe('applications', () => { cy.get('[data-e2e="create-button"]').click(); cy.get('[id*=overlay]').should('exist'); cy.shouldConfirmSuccess(); - const expectClientId = new RegExp(`^.*[0-9]+\\@${testProjectName}.*$`); + const expectClientId = new RegExp(`^.*[0-9]+.*$`); cy.get('[data-e2e="client-id-copy"]').click(); cy.contains('[data-e2e="client-id"]', expectClientId); cy.clipboardMatches(expectClientId); @@ -64,7 +64,7 @@ describe('applications', () => { cy.get('[data-e2e="create-button"]').click(); cy.get('[id*=overlay]').should('exist'); cy.shouldConfirmSuccess(); - const expectClientId = new RegExp(`^.*[0-9]+\\@${testProjectName}.*$`); + const expectClientId = new RegExp(`^.*[0-9]+.*$`); cy.get('[data-e2e="client-id-copy"]').click(); cy.contains('[data-e2e="client-id"]', expectClientId); cy.clipboardMatches(expectClientId); diff --git a/internal/command/instance_test.go b/internal/command/instance_test.go index 9cfcbb6926..2fbed1845e 100644 --- a/internal/command/instance_test.go +++ b/internal/command/instance_test.go @@ -63,7 +63,7 @@ func projectAddedEvents(ctx context.Context, instanceID, orgID, id, owner string events = append(events, apiAppEvents(ctx, orgID, id, "auth-id", "Auth-API")...) consoleAppID := "console-id" - consoleClientID := "clientID@zitadel" + consoleClientID := "clientID" events = append(events, oidcAppEvents(ctx, orgID, id, consoleAppID, "Console", consoleClientID, externalSecure)...) events = append(events, instance.NewIAMConsoleSetEvent(ctx, @@ -90,7 +90,7 @@ func apiAppEvents(ctx context.Context, orgID, projectID, id, name string) []even project.NewAPIConfigAddedEvent(ctx, &project.NewAggregate(projectID, orgID).Aggregate, id, - "clientID@zitadel", + "clientID", "", domain.APIAuthMethodTypePrivateKeyJWT, ), diff --git a/internal/command/project_application_api.go b/internal/command/project_application_api.go index a697305ac9..b1ad53f893 100644 --- a/internal/command/project_application_api.go +++ b/internal/command/project_application_api.go @@ -35,7 +35,7 @@ func (c *Commands) AddAPIAppCommand(app *addAPIApp) preparation.Validation { return nil, zerrors.ThrowNotFound(err, "PROJE-Sf2gb", "Errors.Project.NotFound") } - app.ClientID, err = domain.NewClientID(c.idGenerator, project.Name) + app.ClientID, err = c.idGenerator.Next() if err != nil { return nil, zerrors.ThrowInternal(err, "V2-f0pgP", "Errors.Internal") } @@ -78,19 +78,19 @@ func (c *Commands) AddAPIApplicationWithID(ctx context.Context, apiApp *domain.A if existingAPI.State != domain.AppStateUnspecified { return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-mabu12", "Errors.Project.App.AlreadyExisting") } - project, err := c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) + _, err = c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) if err != nil { return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-9fnsa", "Errors.Project.NotFound") } - return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, project, appID) + return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, appID) } func (c *Commands) AddAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (_ *domain.APIApp, err error) { if apiApp == nil || apiApp.AggregateID == "" { return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-5m9E", "Errors.Project.App.Invalid") } - project, err := c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) + _, err = c.getProjectByID(ctx, apiApp.AggregateID, resourceOwner) if err != nil { return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-9fnsf", "Errors.Project.NotFound") } @@ -104,10 +104,10 @@ func (c *Commands) AddAPIApplication(ctx context.Context, apiApp *domain.APIApp, return nil, err } - return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, project, appID) + return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, appID) } -func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.APIApp, resourceOwner string, project *domain.Project, appID string) (_ *domain.APIApp, err error) { +func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.APIApp, resourceOwner string, appID string) (_ *domain.APIApp, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() @@ -121,7 +121,7 @@ func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.A } var plain string - err = domain.SetNewClientID(apiApp, c.idGenerator, project) + err = domain.SetNewClientID(apiApp, c.idGenerator) if err != nil { return nil, err } diff --git a/internal/command/project_application_api_test.go b/internal/command/project_application_api_test.go index 7f3d249bbc..8463f9ff99 100644 --- a/internal/command/project_application_api_test.go +++ b/internal/command/project_application_api_test.go @@ -117,7 +117,7 @@ func TestAddAPIConfig(t *testing.T) { ), project.NewAPIConfigAddedEvent(ctx, &agg.Aggregate, "appID", - "clientID@project", + "clientID", "", domain.APIAuthMethodTypePrivateKeyJWT, ), @@ -252,7 +252,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { project.NewAPIConfigAddedEvent(context.Background(), &project.NewAggregate("project1", "org1").Aggregate, "app1", - "client1@project", + "client1", "secret", domain.APIAuthMethodTypeBasic), ), @@ -278,7 +278,61 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { }, AppID: "app1", AppName: "app", - ClientID: "client1@project", + ClientID: "client1", + ClientSecretString: "secret", + AuthMethodType: domain.APIAuthMethodTypeBasic, + State: domain.AppStateActive, + }, + }, + }, + { + name: "create api app basic old ID format, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + project.NewProjectAddedEvent(context.Background(), + &project.NewAggregate("project1", "org1").Aggregate, + "project", true, true, true, + domain.PrivateLabelingSettingUnspecified), + ), + ), + expectPush( + project.NewApplicationAddedEvent(context.Background(), + &project.NewAggregate("project1", "org1").Aggregate, + "app1", + "app", + ), + project.NewAPIConfigAddedEvent(context.Background(), + &project.NewAggregate("project1", "org1").Aggregate, + "app1", + "client1@project1", + "secret", + domain.APIAuthMethodTypeBasic), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "app1", "client1@project1"), + }, + args: args{ + ctx: context.Background(), + apiApp: &domain.APIApp{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "project1", + }, + AppName: "app", + AuthMethodType: domain.APIAuthMethodTypeBasic, + }, + resourceOwner: "org1", + }, + res: res{ + want: &domain.APIApp{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "project1", + ResourceOwner: "org1", + }, + AppID: "app1", + AppName: "app", + ClientID: "client1@project1", ClientSecretString: "secret", AuthMethodType: domain.APIAuthMethodTypeBasic, State: domain.AppStateActive, @@ -306,7 +360,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { project.NewAPIConfigAddedEvent(context.Background(), &project.NewAggregate("project1", "org1").Aggregate, "app1", - "client1@project", + "client1", "", domain.APIAuthMethodTypePrivateKeyJWT), ), @@ -332,7 +386,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) { }, AppID: "app1", AppName: "app", - ClientID: "client1@project", + ClientID: "client1", AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT, State: domain.AppStateActive, }, diff --git a/internal/command/project_application_oidc.go b/internal/command/project_application_oidc.go index 6c9df8a69a..0d270a1919 100644 --- a/internal/command/project_application_oidc.go +++ b/internal/command/project_application_oidc.go @@ -68,7 +68,7 @@ func (c *Commands) AddOIDCAppCommand(app *addOIDCApp) preparation.Validation { return nil, zerrors.ThrowNotFound(err, "PROJE-6swVG", "Errors.Project.NotFound") } - app.ClientID, err = domain.NewClientID(c.idGenerator, project.Name) + app.ClientID, err = c.idGenerator.Next() if err != nil { return nil, zerrors.ThrowInternal(err, "V2-VMSQ1", "Errors.Internal") } @@ -126,19 +126,19 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting") } - project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) + _, err = c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) if err != nil { return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-3m9s2", "Errors.Project.NotFound") } - return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, project, appID) + return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, appID) } func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner string) (_ *domain.OIDCApp, err error) { if oidcApp == nil || oidcApp.AggregateID == "" { return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid") } - project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) + _, err = c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner) if err != nil { return nil, zerrors.ThrowPreconditionFailed(err, "PROJECT-3m9ss", "Errors.Project.NotFound") } @@ -152,10 +152,10 @@ func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCA return nil, err } - return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, project, appID) + return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, appID) } -func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner string, project *domain.Project, appID string) (_ *domain.OIDCApp, err error) { +func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner string, appID string) (_ *domain.OIDCApp, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() @@ -169,7 +169,7 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain } var plain string - err = domain.SetNewClientID(oidcApp, c.idGenerator, project) + err = domain.SetNewClientID(oidcApp, c.idGenerator) if err != nil { return nil, err } diff --git a/internal/command/project_application_oidc_test.go b/internal/command/project_application_oidc_test.go index 73cb837057..1e4106be08 100644 --- a/internal/command/project_application_oidc_test.go +++ b/internal/command/project_application_oidc_test.go @@ -158,7 +158,7 @@ func TestAddOIDCApp(t *testing.T) { project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate, domain.OIDCVersionV1, "id", - "clientID@project", + "clientID", "", []string{"https://test.ch"}, []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, @@ -214,6 +214,71 @@ func TestAddOIDCApp(t *testing.T) { }). Filter(), }, + want: Want{ + Commands: []eventstore.Command{ + project.NewApplicationAddedEvent(ctx, &agg.Aggregate, + "id", + "name", + ), + project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate, + domain.OIDCVersionV1, + "id", + "clientID", + "", + nil, + []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, + domain.OIDCApplicationTypeWeb, + domain.OIDCAuthMethodTypeNone, + nil, + false, + domain.OIDCTokenTypeBearer, + false, + false, + false, + 0, + nil, + false, + ), + }, + }, + }, + { + name: "correct with old ID format", + fields: fields{ + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "clientID@project"), + }, + args: args{ + app: &addOIDCApp{ + AddApp: AddApp{ + Aggregate: *agg, + ID: "id", + Name: "name", + }, + GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, + ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + Version: domain.OIDCVersionV1, + + ApplicationType: domain.OIDCApplicationTypeWeb, + AuthMethodType: domain.OIDCAuthMethodTypeNone, + AccessTokenType: domain.OIDCTokenTypeBearer, + }, + filter: NewMultiFilter(). + Append(func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { + return []eventstore.Event{ + project.NewProjectAddedEvent( + ctx, + &agg.Aggregate, + "project", + false, + false, + false, + domain.PrivateLabelingSettingUnspecified, + ), + }, nil + }). + Filter(), + }, want: Want{ Commands: []eventstore.Command{ project.NewApplicationAddedEvent(ctx, &agg.Aggregate, @@ -288,7 +353,7 @@ func TestAddOIDCApp(t *testing.T) { project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate, domain.OIDCVersionV1, "id", - "clientID@project", + "clientID", "secret", nil, []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, @@ -434,7 +499,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { &project.NewAggregate("project1", "org1").Aggregate, domain.OIDCVersionV1, "app1", - "client1@project", + "client1", "secret", []string{"https://test.ch"}, []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, @@ -488,7 +553,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { }, AppID: "app1", AppName: "app", - ClientID: "client1@project", + ClientID: "client1", ClientSecretString: "secret", AuthMethodType: domain.OIDCAuthMethodTypePost, OIDCVersion: domain.OIDCVersionV1, @@ -532,7 +597,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { &project.NewAggregate("project1", "org1").Aggregate, domain.OIDCVersionV1, "app1", - "client1@project", + "client1", "secret", []string{"https://test.ch"}, []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, @@ -586,7 +651,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) { }, AppID: "app1", AppName: "app", - ClientID: "client1@project", + ClientID: "client1", ClientSecretString: "secret", AuthMethodType: domain.OIDCAuthMethodTypePost, OIDCVersion: domain.OIDCVersionV1, diff --git a/internal/domain/application_oauth.go b/internal/domain/application_oauth.go index 0f2179d534..ada18d1fad 100644 --- a/internal/domain/application_oauth.go +++ b/internal/domain/application_oauth.go @@ -1,9 +1,6 @@ package domain import ( - "fmt" - "strings" - "github.com/zitadel/zitadel/internal/id" ) @@ -13,9 +10,9 @@ type oAuthApplication interface { requiresClientSecret() bool } -// ClientID random_number@projectname (eg. 495894098234@zitadel) -func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Project) error { - clientID, err := NewClientID(idGenerator, project.Name) +// ClientID random_number (eg. 495894098234) +func SetNewClientID(a oAuthApplication, idGenerator id.Generator) error { + clientID, err := idGenerator.Next() if err != nil { return err } @@ -24,15 +21,6 @@ func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Proje return nil } -func NewClientID(idGenerator id.Generator, projectName string) (string, error) { - rndID, err := idGenerator.Next() - if err != nil { - return "", err - } - - return fmt.Sprintf("%s@%s", rndID, strings.ReplaceAll(strings.ToLower(projectName), " ", "_")), nil -} - func SetNewClientSecretIfNeeded(a oAuthApplication, generate func() (encodedHash, plain string, err error)) (string, error) { if !a.requiresClientSecret() { return "", nil diff --git a/internal/query/oidc_client_test.go b/internal/query/oidc_client_test.go index 93bd428015..357c34f4e4 100644 --- a/internal/query/oidc_client_test.go +++ b/internal/query/oidc_client_test.go @@ -21,6 +21,8 @@ var ( testdataOidcClientJWT string //go:embed testdata/oidc_client_public.json testdataOidcClientPublic string + //go:embed testdata/oidc_client_public_old_id.json + testdataOidcClientPublicOldId string //go:embed testdata/oidc_client_secret.json testdataOidcClientSecret string //go:embed testdata/oidc_client_no_settings.json @@ -64,7 +66,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx InstanceID: "230690539048009730", AppID: "236647088211886082", State: domain.AppStateActive, - ClientID: "236647088211951618@tests", + ClientID: "236647088211951618", HashedSecret: "", RedirectURIs: []string{"http://localhost:9999/auth/callback"}, ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, @@ -92,6 +94,38 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx { name: "public client", mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientPublic}, "instanceID", "clientID", true), + want: &OIDCClient{ + InstanceID: "230690539048009730", + AppID: "236646457053020162", + State: domain.AppStateActive, + ClientID: "236646457053085698", + HashedSecret: "", + RedirectURIs: []string{"http://localhost:9999/auth/callback"}, + ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode}, + GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}, + ApplicationType: domain.OIDCApplicationTypeWeb, + AuthMethodType: domain.OIDCAuthMethodTypeNone, + PostLogoutRedirectURIs: nil, + IsDevMode: true, + AccessTokenType: domain.OIDCTokenTypeBearer, + AccessTokenRoleAssertion: false, + IDTokenRoleAssertion: false, + IDTokenUserinfoAssertion: false, + ClockSkew: 0, + AdditionalOrigins: nil, + PublicKeys: nil, + ProjectID: "236645808328409090", + ProjectRoleAssertion: true, + ProjectRoleKeys: []string{"role1", "role2"}, + Settings: &OIDCSettings{ + AccessTokenLifetime: 43200000000000, + IdTokenLifetime: 43200000000000, + }, + }, + }, + { + name: "public client", + mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientPublicOldId}, "instanceID", "clientID", true), want: &OIDCClient{ InstanceID: "230690539048009730", AppID: "236646457053020162", @@ -128,7 +162,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx InstanceID: "230690539048009730", AppID: "236646858984783874", State: domain.AppStateActive, - ClientID: "236646858984849410@tests", + ClientID: "236646858984849410", HashedSecret: "$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq", RedirectURIs: []string{"http://localhost:9999/auth/callback"}, ResponseTypes: []domain.OIDCResponseType{0}, @@ -160,7 +194,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx InstanceID: "239520764275982338", AppID: "239520764276441090", State: domain.AppStateActive, - ClientID: "239520764779364354@zitadel", + ClientID: "239520764779364354", HashedSecret: "", RedirectURIs: []string{ "http://test2-qucuh5.localhost:9000/ui/console/auth/callback", diff --git a/internal/query/testdata/oidc_client_jwt.json b/internal/query/testdata/oidc_client_jwt.json index 1bca6044d4..38dd22b570 100644 --- a/internal/query/testdata/oidc_client_jwt.json +++ b/internal/query/testdata/oidc_client_jwt.json @@ -2,7 +2,7 @@ "instance_id": "230690539048009730", "app_id": "236647088211886082", "state": 1, - "client_id": "236647088211951618@tests", + "client_id": "236647088211951618", "client_secret": null, "redirect_uris": ["http://localhost:9999/auth/callback"], "response_types": [0], diff --git a/internal/query/testdata/oidc_client_no_settings.json b/internal/query/testdata/oidc_client_no_settings.json index 59aff6ea42..2f3920a421 100644 --- a/internal/query/testdata/oidc_client_no_settings.json +++ b/internal/query/testdata/oidc_client_no_settings.json @@ -2,7 +2,7 @@ "instance_id": "239520764275982338", "app_id": "239520764276441090", "state": 1, - "client_id": "239520764779364354@zitadel", + "client_id": "239520764779364354", "client_secret": null, "redirect_uris": [ "http://test2-qucuh5.localhost:9000/ui/console/auth/callback", diff --git a/internal/query/testdata/oidc_client_public.json b/internal/query/testdata/oidc_client_public.json index 020c60311b..a4e4e45ba3 100644 --- a/internal/query/testdata/oidc_client_public.json +++ b/internal/query/testdata/oidc_client_public.json @@ -2,7 +2,7 @@ "instance_id": "230690539048009730", "app_id": "236646457053020162", "state": 1, - "client_id": "236646457053085698@tests", + "client_id": "236646457053085698", "client_secret": null, "redirect_uris": ["http://localhost:9999/auth/callback"], "response_types": [0], diff --git a/internal/query/testdata/oidc_client_public_old_id.json b/internal/query/testdata/oidc_client_public_old_id.json new file mode 100644 index 0000000000..020c60311b --- /dev/null +++ b/internal/query/testdata/oidc_client_public_old_id.json @@ -0,0 +1,28 @@ +{ + "instance_id": "230690539048009730", + "app_id": "236646457053020162", + "state": 1, + "client_id": "236646457053085698@tests", + "client_secret": null, + "redirect_uris": ["http://localhost:9999/auth/callback"], + "response_types": [0], + "grant_types": [0], + "application_type": 0, + "auth_method_type": 2, + "post_logout_redirect_uris": null, + "is_dev_mode": true, + "access_token_type": 0, + "access_token_role_assertion": false, + "id_token_role_assertion": false, + "id_token_userinfo_assertion": false, + "clock_skew": 0, + "additional_origins": null, + "project_id": "236645808328409090", + "project_role_assertion": true, + "project_role_keys": ["role1", "role2"], + "public_keys": null, + "settings": { + "access_token_lifetime": 43200000000000, + "id_token_lifetime": 43200000000000 + } +} diff --git a/internal/query/testdata/oidc_client_secret.json b/internal/query/testdata/oidc_client_secret.json index 0fb1d6f830..e695c8e077 100644 --- a/internal/query/testdata/oidc_client_secret.json +++ b/internal/query/testdata/oidc_client_secret.json @@ -2,7 +2,7 @@ "instance_id": "230690539048009730", "app_id": "236646858984783874", "state": 1, - "client_id": "236646858984849410@tests", + "client_id": "236646858984849410", "client_secret": "$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq", "redirect_uris": ["http://localhost:9999/auth/callback"], "response_types": [0],