Skip to content

feat: allow storing extra oauth token properties in the database #10152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Oct 9, 2023
Merged

feat: allow storing extra oauth token properties in the database #10152

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
66ecf58
feat: add enhanced support for Slack OAuth
kylecarbs Oct 9, 2023
fdc6a5d
feat: allow storing extra oauth token properties in the database
kylecarbs Oct 9, 2023
4015619
Comments
kylecarbs Oct 9, 2023
b73fd0b
Fix db gen
kylecarbs Oct 9, 2023
fb66ac1
Comments
kylecarbs Oct 9, 2023
f18900c
Fix FE
kylecarbs Oct 9, 2023
4d62eba
Fix WithExtra
kylecarbs Oct 9, 2023
e2ac6c7
Fix assertion
kylecarbs Oct 9, 2023
8acbb58
Fix lint
kylecarbs Oct 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix assertion
  • Loading branch information
@kylecarbs
kylecarbs committed Oct 9, 2023
commit e2ac6c718e4caa64ee7c8378504db6f1e3ca6b8f
8 changes: 7 additions & 1 deletion coderd/externalauth/externalauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package externalauth_test

import (
"context"
"encoding/json"
"net/http"
"net/url"
"testing"
Expand Down Expand Up @@ -269,7 +270,7 @@ func TestRefreshToken(t *testing.T) {
FakeIDPOpts: []oidctest.FakeIDPOpt{
oidctest.WithMutateToken(func(token map[string]interface{}) {
token["authed_user"] = map[string]interface{}{
"access_token": "slack-user-token",
"access_token": token["access_token"],
}
}),
},
Expand All @@ -289,6 +290,11 @@ func TestRefreshToken(t *testing.T) {
require.NoError(t, err)
require.True(t, ok)
require.True(t, updated.OAuthExtra.Valid)
extra := map[string]interface{}{}
require.NoError(t, json.Unmarshal(updated.OAuthExtra.RawMessage, &extra))
mapping, ok := extra["authed_user"].(map[string]interface{})
require.True(t, ok)
require.Equal(t, updated.OAuthAccessToken, mapping["access_token"])
Comment on lines +293 to +297
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is 100% ok.

I am thinking of maybe exposing an easy way to hit the IDP with a Bearer token that would essentially do this check. The /userinfo will validate an access token for the request, but oauth2 is a subset of OIDC and does not have an easy UserInfo method to call from the token/config.

Just would be a nice helper to have like fake.UserInfo(accessToken string) or something convenient. Maybe 🤔

})
}

Expand Down