feat: add oauth2 token exchange #12196

code-asher · 2024-02-16T19:29:33Z

Re-opened since the original got closed by stale bot and will not let me re-open after force-pushing!

Rename token hashed_secret to refresh_hash and later are new since that PR was last reviewed. The main thing is that a secret prefix was added.

#11778

enterprise/coderd/oauth2.go

Emyrk · 2024-02-20T21:56:43Z

coderd/database/dbauthz/dbauthz.go

+	// The user ID is on the API key so that has to be fetched.
+	key, err := q.db.GetAPIKeyByID(ctx, token.APIKeyID)
+	if err != nil {
+		return database.OAuth2ProviderAppToken{}, err
+	}


That is annoying 😢

coderd/database/dbmem/dbmem.go

Might have no match, and a -1 will panic.

This will be used as an ID that we can prefix into the secrets themselves. This is so we can salt the hashed secrets. The token query is for implementing the refresh flow.

Without this I think the tests would fail since they are not adding a prefix and there is no default.

github-actions bot assigned code-asher Feb 16, 2024

code-asher requested a review from Emyrk February 16, 2024 19:30

code-asher commented Feb 16, 2024

View reviewed changes

enterprise/coderd/oauth2.go Outdated Show resolved Hide resolved

code-asher mentioned this pull request Feb 20, 2024

feat: add oauth2 token exchange #11778

Merged

Emyrk approved these changes Feb 20, 2024

View reviewed changes

code-asher and others added 10 commits February 20, 2024 14:09

Add OAuth2 provider codes and tokens to database

f69a629

Check indexes in dbmem

73552bc

Might have no match, and a -1 will panic.

minor dbauthz changes

5916f55

use model struct over rbac.ResourceXX

566fe63

Rename token hashed_secret to refresh_hash

3240b4f

Format oauth2.sql

7d093c3

fixup! Rename token hashed_secret to refresh_hash

ce7bc3f

Add secret prefix column and query to get token

7b84d8c

This will be used as an ID that we can prefix into the secrets themselves. This is so we can salt the hashed secrets. The token query is for implementing the refresh flow.

Add oauth2 token exchange

d4d6e51

Clean up dbmem funcs

70cedd6

code-asher force-pushed the asher/oauth2-exchange-db branch from 0204adb to 70cedd6 Compare February 20, 2024 23:13

code-asher changed the title ~~feat: add oauth2 codes and tokens to database~~ feat: add oauth2 token exchange Feb 20, 2024

code-asher force-pushed the asher/oauth2-exchange-db branch from 7fd123e to da447c2 Compare February 20, 2024 23:21

Allow null on prefix after downgrade

e517d8e

Without this I think the tests would fail since they are not adding a prefix and there is no default.

code-asher force-pushed the asher/oauth2-exchange-db branch from da447c2 to e517d8e Compare February 20, 2024 23:28

code-asher merged commit 4d39da2 into main Feb 20, 2024

code-asher deleted the asher/oauth2-exchange-db branch February 20, 2024 23:58

github-actions bot locked and limited conversation to collaborators Feb 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add oauth2 token exchange #12196

feat: add oauth2 token exchange #12196

code-asher commented Feb 16, 2024 •

edited

Loading

Emyrk Feb 20, 2024

feat: add oauth2 token exchange #12196

feat: add oauth2 token exchange #12196

Conversation

code-asher commented Feb 16, 2024 • edited Loading

Emyrk Feb 20, 2024

Choose a reason for hiding this comment

code-asher commented Feb 16, 2024 •

edited

Loading