From 197e1e76af15e251f0be6e879b878c4fa116f413 Mon Sep 17 00:00:00 2001
From: Stephen Reid <stephen.reid@freeagent.com>
Date: Mon, 27 Jan 2020 14:55:33 +0000
Subject: [PATCH] add support for private_key_jwt and tls_client_auth

fix incorrect assertion in authenticator_spec

updates expected debugging output to include INFO instead of DEBUG

reduces specificity of test on debug output to allow for the difference between ruby versions

corrects text for authenticator_spec

Updates comments in authenticator to reflect apply_client_id not being used for private_key_jwt
---
 lib/oauth2/authenticator.rb       | 10 ++++++++++
 spec/oauth2/authenticator_spec.rb | 18 ++++++++++++++++++
 spec/oauth2/client_spec.rb        |  6 +++---
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb
index ce627920..6194b837 100644
--- a/lib/oauth2/authenticator.rb
+++ b/lib/oauth2/authenticator.rb
@@ -25,6 +25,10 @@ def apply(params)
         apply_basic_auth(params)
       when :request_body
         apply_params_auth(params)
+      when :tls_client_auth
+        apply_client_id(params)
+      when :private_key_jwt
+        params
       else
         raise NotImplementedError
       end
@@ -42,6 +46,12 @@ def apply_params_auth(params)
       {'client_id' => id, 'client_secret' => secret}.merge(params)
     end
 
+    # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth,
+    # we don't want to send the secret
+    def apply_client_id(params)
+      { 'client_id' => id }.merge(params)
+    end
+
     # Adds an `Authorization` header with Basic Auth credentials if and only if
     # it is not already set in the params.
     def apply_basic_auth(params)
diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb
index 49838da3..e4d60482 100644
--- a/spec/oauth2/authenticator_spec.rb
+++ b/spec/oauth2/authenticator_spec.rb
@@ -38,6 +38,24 @@
           :headers => {'A' => 'b'}
         )
       end
+
+      context 'using tls client authentication' do
+        let(:mode) { :tls_client_auth }
+
+        it 'does not add client_secret' do
+          output = subject.apply({})
+          expect(output).to eq('client_id' => 'foo')
+        end
+      end
+
+      context 'using private key jwt authentication' do
+        let(:mode) { :private_key_jwt }
+
+        it 'does not add client_secret or client_id' do
+          output = subject.apply({})
+          expect(output).to eq({})
+        end
+      end
     end
 
     context 'with Basic authentication' do
diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb
index 464a5b5a..62cb4ec2 100644
--- a/spec/oauth2/client_spec.rb
+++ b/spec/oauth2/client_spec.rb
@@ -251,9 +251,9 @@
           subject.request(:get, '/success')
         end
         logs = [
-          'INFO -- request: GET https://api.example.com/success',
-          'INFO -- response: Status 200',
-          'DEBUG -- response: Content-Type: "text/awesome"'
+          '-- request: GET https://api.example.com/success',
+          '-- response: Status 200',
+          '-- response: Content-Type: "text/awesome"'
         ]
         expect(output).to include(*logs)
       end