auth: Refactor the OIDC connector prior to moving out#18892
Merged
Conversation
Refactor the OIDC connector to its own type so it is simpler to move out of the `auth.Server` struct. This follows the same pattern as was done with the SAML connector - a new struct that the OIDC request methods are attached to, plugged into the `auth.Server`. Move some small amount of code around so when it comes to removing it later, it is largely confined to the oidc files and large contiguous blocks - makes it slightly simpler to review. Make `ValidateACRValues` a pure function as it did not use anything from the struct it was a method on, and move the test for it into `oidc_test.go`. Move `isHTTPS()` from `auth.go` to `oidc.go` as it is only used there and will later move out. Export `validateOIDCAuthCallbackReq` and `oidcAuthRawResponse` and move them to `oidc.go` so the web handler can also be moved to enterprise.
ryanclark
approved these changes
Nov 30, 2022
zmb3
approved these changes
Dec 1, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refactor the OIDC connector to its own type so it is simpler to move out
of the
auth.Serverstruct. This follows the same pattern as was donewith the SAML connector - a new struct that the OIDC request methods are
attached to, plugged into the
auth.Server.Move some small amount of code around so when it comes to removing it
later, it is largely confined to the oidc files and large contiguous
blocks - makes it slightly simpler to review.
Make
ValidateACRValuesa pure function as it did not use anything fromthe struct it was a method on, and move the test for it into
oidc_test.go.Move
isHTTPS()fromauth.gotooidc.goas it is only used thereand will later move out.
Export
validateOIDCAuthCallbackReqandoidcAuthRawResponseand movethem to
oidc.goso the web handler can also be moved to enterprise.Issue: https://github.com/gravitational/teleport.e/issues/525