Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GH-872: Add auth method defaults on client creation #878

Merged
merged 1 commit into from
Nov 9, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package client

import (
"slices"

"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
"github.com/hashicorp/go-cty/cty"
Expand Down Expand Up @@ -54,8 +52,13 @@ func expandClient(data *schema.ResourceData) *management.Client {
client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
}

if data.IsNewResource() && slices.Contains(client.GetGrantTypes(), "urn:ietf:params:oauth:grant-type:device_code") {
client.TokenEndpointAuthMethod = auth0.String("none")
if data.IsNewResource() {
switch client.GetAppType() {
case "native", "spa":
client.TokenEndpointAuthMethod = auth0.String("none")
case "regular_web", "non_interactive":
client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
}
}

return client
Expand Down
162 changes: 104 additions & 58 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2100,115 +2100,161 @@ func TestAccClientMetadataBehavior(t *testing.T) {
}

const testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue = `
resource "auth0_client" "my_client" {
resource "auth0_client" "my_client_ip_header" {
name = "Test IP Header Trusted - {{.testName}}"

is_token_endpoint_ip_header_trusted = true
}
`

const testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate = `
resource "auth0_client" "my_client" {
resource "auth0_client" "my_client_ip_header" {
name = "Test IP Header Trusted - {{.testName}}"

is_token_endpoint_ip_header_trusted = true
}

resource "auth0_client_credentials" "my_client_credentials" {
client_id = auth0_client.my_client.id
resource "auth0_client_credentials" "my_client_ip_header_credentials" {
client_id = auth0_client.my_client_ip_header.id

authentication_method = "client_secret_post"
}
`

func TestAccClientGetsCreatedWithIsTokenEndpointIPHeaderTrustedEnabled(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "client_secret_post"),
),
},
},
})
}

const testAccCreateClientWithDeviceCodeGrant = `
resource "auth0_client" "my_client" {
const testAccCreateNativeClientDefault = `
resource "auth0_client" "my_native_client" {
name = "Test Device Code Grant - {{.testName}}"
app_type = "native"
grant_types = ["urn:ietf:params:oauth:grant-type:device_code"]
oidc_conformant = true
}
`

const testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate = `
resource "auth0_client" "my_client" {
const testAccImportClientCredentialsForNativeClientDefault = `
resource "auth0_client" "my_native_client" {
name = "Test Device Code Grant - {{.testName}}"
app_type = "native"
grant_types = ["urn:ietf:params:oauth:grant-type:device_code"]
oidc_conformant = true
}

resource "auth0_client_credentials" "my_client_credentials" {
client_id = auth0_client.my_client.id
resource "auth0_client_credentials" "my_native_client_credentials" {
client_id = auth0_client.my_native_client.id

authentication_method = "none"
}
`

func TestAccClientGetsCreatedWithDeviceCodeGrant(t *testing.T) {
const testAccCreateRegularWebAppClientDefault = `
resource "auth0_client" "my_rwa_client" {
name = "Test Regular Web Defaults - {{.testName}}"
app_type = "regular_web"
}
`

const testAccImportClientCredentialsForRegularWebAppClientDefault = `
resource "auth0_client" "my_rwa_client" {
name = "Test Regular Web Defaults - {{.testName}}"
app_type = "regular_web"
}

resource "auth0_client_credentials" "my_rwa_client_credentials" {
client_id = auth0_client.my_rwa_client.id

authentication_method = "client_secret_post"
}
`

func TestAccClientCanSetDefaultAuthMethodOnCreate(t *testing.T) {
acctest.Test(t, resource.TestCase{
Steps: []resource.TestStep{
{
Config: acctest.ParseTestName(testAccCreateClientWithDeviceCodeGrant, t.Name()),
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_credentials",
Config: acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
ResourceName: "auth0_client_credentials.my_client_ip_header_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client_ip_header", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "none"),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_ip_header_credentials", "client_id", "auth0_client.my_client_ip_header", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_client_ip_header_credentials", "authentication_method", "client_secret_post"),
),
},
{
Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()), // Needed to reset the testing framework after the import state.
},
{
Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForNativeClientDefault, t.Name()),
ResourceName: "auth0_client_credentials.my_native_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_native_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_native_client_credentials", "client_id", "auth0_client.my_native_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_native_client_credentials", "authentication_method", "none"),
),
},
{
Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
},
{
Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
),
},
{
Config: acctest.ParseTestName(testAccImportClientCredentialsForRegularWebAppClientDefault, t.Name()),
ResourceName: "auth0_client_credentials.my_rwa_client_credentials",
ImportState: true,
ImportStateIdFunc: func(state *terraform.State) (string, error) {
clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_rwa_client", "id")
assert.NoError(t, err)
return clientID, nil
},
ImportStatePersist: true,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_rwa_client_credentials", "client_id", "auth0_client.my_rwa_client", "id"),
resource.TestCheckResourceAttr("auth0_client_credentials.my_rwa_client_credentials", "authentication_method", "client_secret_post"),
),
},
{
Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
},
},
})
}
Loading