Fix bug with missing & in authorization URL for OIDC

Also adds testing to ensure we don't break this again

oauth/oidc.py

@@ -2,7 +2,6 @@ import time
 import json
 import logging
 import urlparse
-import urllib
 
 import jwt
 
@@ -12,7 +11,8 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import load_der_public_key
 from jwkest.jwk import KEYS
 
-from oauth.base import OAuthService, OAuthExchangeCodeException, OAuthGetUserInfoException
+from oauth.base import (OAuthService, OAuthExchangeCodeException, OAuthGetUserInfoException,
+                        OAuthEndpoint)
 from oauth.login import OAuthLoginException
 from util.security.jwtutil import decode, InvalidTokenError
 
@@ -66,7 +66,7 @@ class OIDCLoginService(OAuthService):
     return list(set(login_scopes) & set(supported_scopes))
 
   def authorize_endpoint(self):
-    return self._get_endpoint('authorization_endpoint', response_type='code')
+    return self._get_endpoint('authorization_endpoint').with_param('response_type', 'code')
 
   def token_endpoint(self):
     return self._get_endpoint('token_endpoint')
@@ -92,16 +92,14 @@ class OIDCLoginService(OAuthService):
     query_params = urlparse.parse_qs(query, keep_blank_values=True)
     query_params.update(kwargs)
     query_params.update(custom_parameters)
-
-    updated_query = urllib.urlencode(query_params)
-    return urlparse.urlunsplit((scheme, netloc, path, updated_query, fragment))
+    return OAuthEndpoint(urlparse.urlunsplit((scheme, netloc, path, {}, fragment)), query_params)
 
   def validate(self):
     return bool(self.get_login_scopes())
 
   def validate_client_id_and_secret(self, http_client, app_config):
     # TODO: find a way to verify client secret too.
-    check_auth_url = http_client.get(self.get_auth_url())
+    check_auth_url = http_client.get(self.get_auth_url(app_config, '', '', []))
     if check_auth_url.status_code // 100 != 2:
       raise Exception('Got non-200 status code for authorization endpoint')