Skip to content

Commit

Permalink
fix: OAuth2 callback with self-signed Root CA. Fixes #6793 (#6978)
Browse files Browse the repository at this point in the history 
Signed-off-by: Niclas Schnickmann <[email protected]>
  • Loading branch information
@NextNiclas @sarabala1979
NextNiclas authored and sarabala1979 committed Dec 15, 2021
1 parent fbb51ac commit 94fe92f
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 10 deletions.
12 changes: 4 additions & 8 deletions server/auth/sso/sso.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,13 +96,10 @@ type providerInterface interface {
Verifier(config *oidc.Config) *oidc.IDTokenVerifier
}

type providerFactory func(ctx context.Context, issuer string, tlsConfig *tls.Config) (providerInterface, error)
type providerFactory func(ctx context.Context, issuer string) (providerInterface, error)

func providerFactoryOIDC(ctx context.Context, issuer string, tlsConfig *tls.Config) (providerInterface, error) {
// Create http client used by oidc provider to allow modification of underlying TLSClientConfig
httpClient := &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}
oidcContext := oidc.ClientContext(ctx, httpClient)
return oidc.NewProvider(oidcContext, issuer)
func providerFactoryOIDC(ctx context.Context, issuer string) (providerInterface, error) {
return oidc.NewProvider(ctx, issuer)
}

func New(c Config, secretsIf corev1.SecretInterface, baseHRef string, secure bool) (Interface, error) {
Expand Down Expand Up @@ -139,8 +136,7 @@ func newSso(
oidcContext = oidc.InsecureIssuerURLContext(oidcContext, c.IssuerAlias)
}

provider, err := factory(oidcContext, c.Issuer, &tls.Config{InsecureSkipVerify: c.InsecureSkipVerify})

provider, err := factory(oidcContext, c.Issuer)
if err != nil {
return nil, err
}
Expand Down
3 changes: 1 addition & 2 deletions server/auth/sso/sso_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package sso

import (
"context"
"crypto/tls"
"testing"
"time"

Expand All @@ -29,7 +28,7 @@ func (fakeOidcProvider) Verifier(config *oidc.Config) *oidc.IDTokenVerifier {
return nil
}

func fakeOidcFactory(ctx context.Context, issuer string, tlsConfig *tls.Config) (providerInterface, error) {
func fakeOidcFactory(ctx context.Context, issuer string) (providerInterface, error) {
return fakeOidcProvider{ctx, issuer}, nil
}

Expand Down

0 comments on commit 94fe92f

Please sign in to comment.