Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve distributed claims in idToken #172

Merged
merged 1 commit into from
May 29, 2018
Merged

Resolve distributed claims in idToken #172

merged 1 commit into from
May 29, 2018

Conversation

seanqsun
Copy link
Contributor

@seanqsun seanqsun commented May 25, 2018
edited
Loading

Updates #171
Needs more test cases and functionality. Right now, it only parses out the claims from the ID Token and puts them in distributedClaims

@seanqsun seanqsun changed the title Started work on distributed claim resolving Resolve distributed claims in idToken May 25, 2018
ericchiang
ericchiang reviewed May 29, 2018
View reviewed changes
Copy link
Collaborator

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should change the runGetToken signature to return an error. That way instead of checking if this idToken is nil we can check the returned error.

func (v verificationTest) runGetToken(t *testing.T) (*IDToken, error) {
    // ...
}

func (v verificationTest) run(t *testing.T) {
    err := v.runGetToken(t)
    if err != nil && !v.wantErr {
        t.Errorf("%v", err)
    }
    if err == nil && v.wantErr {
        t.Errorf("expected error")
    }
}

verify_test.go Outdated
"_claim_sources": {
"src1": {"endpoint": "123", "access_token":"1234"}
}
}`,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Formatting here looks wonky. Maybe try to clean this up a little?

verify_test.go Outdated
}{
{
test: verificationTest{
name: "No distributed claims",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Subtest names are usually shorter and don't contain spaces. Maybe "NoDistClaims"?

verify_test.go Outdated
},
{
test: verificationTest{
name: "Distributed claims match. 1 name : 1 source",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"1DistClaim"

verify_test.go Outdated
},
"_claim_sources": {
"src1": {"endpoint": "https://foo", "access_token":"1234"},
"src1": {"endpoint": "https://bar", "access_token":"1234"}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like an ambiguous test since the endpoint could be "https://foo" or "https://bar" probably better to drop this test case.

verify_test.go
},
signKey: newRSAKey(t),
},
want: map[string]claimSource{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should result in an error, right?

verify_test.go Outdated
func TestDistributedClaims(t *testing.T) {
tests := []struct {
test verificationTest
want map[string]claimSource
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a wantErr bool here to indicate that we want the ID token to fail parsing.

verify.go Outdated

//step through the token to mp claim names to claim sources"
for cn, src := range token.ClaimNames {
if src != "" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably

if src == "" {
    // return error
}
s, ok := token.ClaimsSources[src]
if !ok {
    // return error because source name doesn't exist
}
distributedClaims[cn] = s

@ericchiang
Copy link
Collaborator

Also having Fixes #171 in your PR comment will close the issue. You probably want Updates #171 or something like that :)

ericchiang
ericchiang approved these changes May 29, 2018
View reviewed changes
Copy link
Collaborator

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. squash and we'll merge it

@seanqsun seanqsun force-pushed the distributed-claims branch from b780fa6 to e7de812 Compare May 29, 2018 21:58
@ericchiang ericchiang merged commit 1bddd0c into coreos:v2 May 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericchiang ericchiang ericchiang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seanqsun @ericchiang