feat(login): use new IDP templates (#5315)

The login uses the new template based IDPs with backwards compatibility for old IDPs
2025-08-12 04:07:31 +00:00 · 2023-02-28 21:20:58 +01:00
parent abacb6c5aa
commit 48f9815b7c
62 changed files with 1254 additions and 2165 deletions
--- a/internal/idp/providers/google/google.go
+++ b/internal/idp/providers/google/google.go
@@ -20,8 +20,8 @@ type Provider struct {
 }

 // New creates a Google provider using the [oidc.Provider] (OIDC generic provider)
-func New(clientID, clientSecret, redirectURI string, opts ...oidc.ProviderOpts) (*Provider, error) {
-	rp, err := oidc.New(name, issuer, clientID, clientSecret, redirectURI, userMapper, opts...)
+func New(clientID, clientSecret, redirectURI string, scopes []string, opts ...oidc.ProviderOpts) (*Provider, error) {
+	rp, err := oidc.New(name, issuer, clientID, clientSecret, redirectURI, scopes, userMapper, opts...)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/idp/providers/google/google_test.go
+++ b/internal/idp/providers/google/google_test.go
@@ -16,6 +16,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 		clientID     string
 		clientSecret string
 		redirectURI  string
+		scopes       []string
 	}
 	tests := []struct {
 		name   string
@@ -28,6 +29,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 			},
 			want: &oidc.Session{
 				AuthURL: "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState",
@@ -39,7 +41,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 			a := assert.New(t)
 			r := require.New(t)

-			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI)
+			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes)
 			r.NoError(err)

 			session, err := provider.BeginAuth(context.Background(), "testState")
--- a/internal/idp/providers/google/session_test.go
+++ b/internal/idp/providers/google/session_test.go
@@ -22,6 +22,7 @@ func TestSession_FetchUser(t *testing.T) {
 		clientID     string
 		clientSecret string
 		redirectURI  string
+		scopes       []string
 		httpMock     func()
 		authURL      string
 		code         string
@@ -55,6 +56,7 @@ func TestSession_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://openidconnect.googleapis.com").
 						Get("/v1/userinfo").
@@ -74,6 +76,7 @@ func TestSession_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://openidconnect.googleapis.com").
 						Get("/v1/userinfo").
@@ -110,6 +113,7 @@ func TestSession_FetchUser(t *testing.T) {
 				clientID:     "clientID",
 				clientSecret: "clientSecret",
 				redirectURI:  "redirectURI",
+				scopes:       []string{"openid"},
 				httpMock: func() {
 					gock.New("https://openidconnect.googleapis.com").
 						Get("/v1/userinfo").
@@ -162,7 +166,7 @@ func TestSession_FetchUser(t *testing.T) {

 			// call the real discovery endpoint
 			gock.New(issuer).Get(openid.DiscoveryEndpoint).EnableNetworking()
-			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI)
+			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes)
 			require.NoError(t, err)

 			session := &oidc.Session{