Skip to content

Commit

Permalink
GH-872: Add auth method defaults on client creation (#878)
Browse files Browse the repository at this point in the history
Add auth method defaults on client creation
  • Loading branch information
sergiught authored Nov 9, 2023
1 parent 0ebbe3f commit 3f67c52
Show file tree
Hide file tree
Showing 5 changed files with 1,263 additions and 498 deletions.
11 changes: 7 additions & 4 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package client

import (
"slices"

"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
"github.com/hashicorp/go-cty/cty"
Expand Down Expand Up @@ -54,8 +52,13 @@ func expandClient(data *schema.ResourceData) *management.Client {
client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
}

if data.IsNewResource() && slices.Contains(client.GetGrantTypes(), "urn:ietf:params:oauth:grant-type:device_code") {
client.TokenEndpointAuthMethod = auth0.String("none")
if data.IsNewResource() {
switch client.GetAppType() {
case "native", "spa":
client.TokenEndpointAuthMethod = auth0.String("none")
case "regular_web", "non_interactive":
client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
}
}

return client
Expand Down
162 changes: 104 additions & 58 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2100,115 +2100,161 @@ func TestAccClientMetadataBehavior(t *testing.T) {
}

const testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue = `
resource "auth0_client" "my_client" {
resource "auth0_client" "my_client_ip_header" {
name = "Test IP Header Trusted - {{.testName}}"
is_token_endpoint_ip_header_trusted = true
}
`

const testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate = `
resource "auth0_client" "my_client" {
resource "auth0_client" "my_client_ip_header" {
name = "Test IP Header Trusted - {{.testName}}"
is_token_endpoint_ip_header_trusted = true
}
resource "auth0_client_credentials" "my_client_credentials" {
client_id = auth0_client.my_client.id
resource "auth0_client_credentials" "my_client_ip_header_credentials" {
client_id = auth0_client.my_client_ip_header.id
authentication_method = "client_secret_post"
}
`

func TestAccClientGetsCreatedWithIsTokenEndpointIPHeaderTrustedEnabled(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "client_secret_post"),
),
},
},
})
}

const testAccCreateClientWithDeviceCodeGrant = `
resource "auth0_client" "my_client" {
const testAccCreateNativeClientDefault = `
resource "auth0_client" "my_native_client" {
name = "Test Device Code Grant - {{.testName}}"
app_type = "native"
grant_types = ["urn:ietf:params:oauth:grant-type:device_code"]
oidc_conformant = true
}
`

const testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate = `
resource "auth0_client" "my_client" {
const testAccImportClientCredentialsForNativeClientDefault = `
resource "auth0_client" "my_native_client" {
name = "Test Device Code Grant - {{.testName}}"
app_type = "native"
grant_types = ["urn:ietf:params:oauth:grant-type:device_code"]
oidc_conformant = true
}
resource "auth0_client_credentials" "my_client_credentials" {
client_id = auth0_client.my_client.id
resource "auth0_client_credentials" "my_native_client_credentials" {
client_id = auth0_client.my_native_client.id
authentication_method = "none"
}
`

func TestAccClientGetsCreatedWithDeviceCodeGrant(t *testing.T) {
const testAccCreateRegularWebAppClientDefault = `
resource "auth0_client" "my_rwa_client" {
name = "Test Regular Web Defaults - {{.testName}}"
app_type = "regular_web"
}
`

const testAccImportClientCredentialsForRegularWebAppClientDefault = `
resource "auth0_client" "my_rwa_client" {
name = "Test Regular Web Defaults - {{.testName}}"
app_type = "regular_web"
}
resource "auth0_client_credentials" "my_rwa_client_credentials" {
client_id = auth0_client.my_rwa_client.id
authentication_method = "client_secret_post"
}
`

func TestAccClientCanSetDefaultAuthMethodOnCreate(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithDeviceCodeGrant, t.Name()),
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_credentials",
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_ip_header_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client_ip_header", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "none"),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_ip_header_credentials", "client_id", "auth0_client.my_client_ip_header", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_ip_header_credentials", "authentication_method", "client_secret_post"),
),
},
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()), // Needed to reset the testing framework after the import state.
},
{
Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForNativeClientDefault, t.Name()),
ResourceName: "auth0_client_credentials.my_native_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_native_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_native_client_credentials", "client_id", "auth0_client.my_native_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_native_client_credentials", "authentication_method", "none"),
),
},
{
Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
},
{
Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForRegularWebAppClientDefault, t.Name()),
ResourceName: "auth0_client_credentials.my_rwa_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_rwa_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_rwa_client_credentials", "client_id", "auth0_client.my_rwa_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_rwa_client_credentials", "authentication_method", "client_secret_post"),
),
},
{
Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
},
},
})
}
Loading

0 comments on commit 3f67c52

Please sign in to comment.