Skip to content

Commit

Permalink
AUTH-6066 Add hybrid and implicit grant type support
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajholland
ajholland committed May 22, 2024
1 parent dff7a6e commit 0ce636a
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 13 deletions.
3 changes: 3 additions & 0 deletions .changelog/2131.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
access_application: Add support for Hybrid/Implicit flows and options
```
26 changes: 16 additions & 10 deletions access_application.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,11 @@ type RefreshTokenOptions struct {
Lifetime string `json:"lifetime,omitempty"`
}

type HybridAndImplicitOptions struct {
ReturnIDTokenFromAuthorizationEndpoint *bool `json:"return_id_token_from_authorization_endpoint,omitempty"`
ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"return_access_token_from_authorization_endpoint,omitempty"`
}

type SaasApplication struct {
// Items common to both SAML and OIDC
AppID string `json:"app_id,omitempty"`
Expand All @@ -230,16 +235,17 @@ type SaasApplication struct {
SamlAttributeTransformJsonata string `json:"saml_attribute_transform_jsonata"`

// OIDC saas app
ClientID string `json:"client_id,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
RedirectURIs []string `json:"redirect_uris,omitempty"`
GrantTypes []string `json:"grant_types,omitempty"`
Scopes []string `json:"scopes,omitempty"`
AppLauncherURL string `json:"app_launcher_url,omitempty"`
GroupFilterRegex string `json:"group_filter_regex,omitempty"`
CustomClaims []OIDCClaimConfig `json:"custom_claims,omitempty"`
AllowPKCEWithoutClientSecret *bool `json:"allow_pkce_without_client_secret,omitempty"`
RefreshTokenOptions *RefreshTokenOptions `json:"refresh_token_options,omitempty"`
ClientID string `json:"client_id,omitempty"`
ClientSecret string `json:"client_secret,omitempty"`
RedirectURIs []string `json:"redirect_uris,omitempty"`
GrantTypes []string `json:"grant_types,omitempty"`
Scopes []string `json:"scopes,omitempty"`
AppLauncherURL string `json:"app_launcher_url,omitempty"`
GroupFilterRegex string `json:"group_filter_regex,omitempty"`
CustomClaims []OIDCClaimConfig `json:"custom_claims,omitempty"`
AllowPKCEWithoutClientSecret *bool `json:"allow_pkce_without_client_secret,omitempty"`
RefreshTokenOptions *RefreshTokenOptions `json:"refresh_token_options,omitempty"`
HybridAndImplicitOptions *HybridAndImplicitOptions `json:"hybrid_and_implicit_options,omitempty"`
}

type AccessAppLauncherCustomization struct {
Expand Down
24 changes: 21 additions & 3 deletions access_application_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1112,7 +1112,7 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
"client_id": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
"client_secret": "secret",
"redirect_uris": ["https://saas.example.com"],
"grant_types": ["authorization_code"],
"grant_types": ["authorization_code", "hybrid", "implicit"],
"scopes": ["openid", "email", "profile", "groups"],
"app_launcher_url": "https://saas.example.com",
"group_filter_regex": ".*",
Expand All @@ -1126,7 +1126,11 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
"required": true,
"scope": "profile"
}
]
],
"hybrid_and_implicit_options": {
"return_id_token_from_authorization_endpoint": true,
"return_access_token_from_authorization_endpoint": true
}
}
}
}
Expand Down Expand Up @@ -1156,7 +1160,7 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
ClientID: "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
ClientSecret: "secret",
RedirectURIs: []string{"https://saas.example.com"},
GrantTypes: []string{"authorization_code"},
GrantTypes: []string{"authorization_code", "hybrid", "implicit"},
Scopes: []string{"openid", "email", "profile", "groups"},
AppLauncherURL: "https://saas.example.com",
GroupFilterRegex: ".*",
Expand All @@ -1169,6 +1173,10 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
Scope: "profile",
},
},
HybridAndImplicitOptions: &HybridAndImplicitOptions{
ReturnIDTokenFromAuthorizationEndpoint: BoolPtr(true),
ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
},
},
CreatedAt: &createdAt,
UpdatedAt: &updatedAt,
Expand All @@ -1182,6 +1190,7 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
Name: "Admin Saas Site",
SaasApplication: &SaasApplication{
AuthType: "oidc",
GrantTypes: []string{"authorization_code", "hybrid", "implicit"},
RedirectURIs: []string{"https://saas.example.com"},
AppLauncherURL: "https://saas.example.com",
GroupFilterRegex: ".*",
Expand All @@ -1194,6 +1203,10 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
Scope: "profile",
},
},
HybridAndImplicitOptions: &HybridAndImplicitOptions{
ReturnIDTokenFromAuthorizationEndpoint: BoolPtr(true),
ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
},
},
SessionDuration: "24h",
})
Expand All @@ -1208,6 +1221,7 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
Name: "Admin Saas Site",
SaasApplication: &SaasApplication{
AuthType: "oidc",
GrantTypes: []string{"authorization_code", "hybrid", "implicit"},
RedirectURIs: []string{"https://saas.example.com"},
AppLauncherURL: "https://saas.example.com",
GroupFilterRegex: ".*",
Expand All @@ -1220,6 +1234,10 @@ func TestCreateOIDCSaasAccessApplications(t *testing.T) {
Scope: "profile",
},
},
HybridAndImplicitOptions: &HybridAndImplicitOptions{
ReturnIDTokenFromAuthorizationEndpoint: BoolPtr(true),
ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
},
},
SessionDuration: "24h",
})
Expand Down

0 comments on commit 0ce636a

Please sign in to comment.