Add support for defining custom query parameters for OIDC endpoints

Fixes https://jira.coreos.com/browse/QUAY-886
2018-04-06 12:48:03 -04:00 · 2018-04-06 12:48:03 -04:00 · 3cd314874f
commit 3cd314874f
parent b4849997e7
2 changed files with 50 additions and 4 deletions
--- a/oauth/test/test_oidc.py
+++ b/oauth/test/test_oidc.py
@ -79,6 +79,20 @@ def app_config(http_client, mailing_feature):
      'DEBUGGING': True,
    },

+    'OIDCWITHPARAMS_LOGIN_CONFIG': {
+      'CLIENT_ID': 'foo',
+      'CLIENT_SECRET': 'bar',
+      'SERVICE_NAME': 'Some Other Service',
+      'SERVICE_ICON': 'http://some/icon',
+      'OIDC_SERVER': 'http://fakeoidc',
+      'DEBUGGING': True,
+      'OIDC_ENDPOINT_CUSTOM_PARAMS': {
+        'authorization_endpoint': {
+          'some': 'param',
+        },
+      },
+    },
+
    'HTTPCLIENT': http_client,
  }

@ -90,6 +104,10 @@ def oidc_service(app_config):
 def another_oidc_service(app_config):
  return OIDCLoginService(app_config, 'ANOTHEROIDC_LOGIN_CONFIG')

+@pytest.fixture()
+def oidc_withparams_service(app_config):
+  return OIDCLoginService(app_config, 'OIDCWITHPARAMS_LOGIN_CONFIG')
+
@pytest.fixture()
 def discovery_content(userinfo_supported):
  return {
@ -218,13 +236,18 @@ def test_basic_config(oidc_service):

 def test_discovery(oidc_service, http_client, discovery_content, discovery_handler):
  with HTTMock(discovery_handler):
-    auth = discovery_content['authorization_endpoint'] + '?response_type=code&'
+    auth = discovery_content['authorization_endpoint'] + '?response_type=code'
    assert oidc_service.authorize_endpoint() == auth

    assert oidc_service.token_endpoint() == discovery_content['token_endpoint']
    assert oidc_service.user_endpoint() == discovery_content['userinfo_endpoint']
    assert set(oidc_service.get_login_scopes()) == set(discovery_content['scopes_supported'])

+def test_discovery_with_params(oidc_withparams_service, http_client, discovery_content, discovery_handler):
+  with HTTMock(discovery_handler):
+    auth = discovery_content['authorization_endpoint'] + '?response_type=code&some=param'
+    assert 'some=param' in oidc_withparams_service.authorize_endpoint()
+
 def test_filtered_discovery(another_oidc_service, http_client, discovery_content, discovery_handler):
  with HTTMock(discovery_handler):
    assert another_oidc_service.get_login_scopes() == ['openid']