Skip to content

Commit

Permalink
Merge pull request #1720 from okta/pr_1715_tgoodsell-tempus
Browse files Browse the repository at this point in the history
  • Loading branch information
MikeMondragon-okta authored Sep 12, 2023
2 parents ed0ce6f + fff31d3 commit 918083e
Show file tree
Hide file tree
Showing 8 changed files with 1,574 additions and 131 deletions.
2 changes: 2 additions & 0 deletions GNUmakefile
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ DEFAULT_SMOKE_TESTS?=\
TestAccResourceOktaAppAutoLoginApplication_crud \
TestAccResourceOktaAppBasicAuthApplication_crud \
TestAccResourceOktaAppBookmarkApplication_crud \
TestAccResourceOktaAppOauth_basic \
TestAccResourceOktaAppOauth_serviceWithJWKS \
TestAccResourceOktaAppSaml_crud \
TestAccResourceOktaAppSignOnPolicy_crud \
TestAccResourceOktaAppSignOnPolicy_crud \
Expand Down
28 changes: 27 additions & 1 deletion examples/okta_app_oauth/service_with_jwks.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,34 @@ resource "okta_app_oauth" "test" {

jwks {
kty = "RSA"
kid = "SIGNING_KEY"
kid = "SIGNING_KEY_RSA"
e = "AQAB"
n = "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff"
}
}

resource "okta_app_oauth" "test_ec" {
label = "test_ecAcc_replace_with_uuid"
type = "service"
response_types = ["token"]
grant_types = ["client_credentials"]
token_endpoint_auth_method = "private_key_jwt"

jwks {
kty = "EC"
kid = "SIGNING_KEY_EC"
x = "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I"
y = "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo"
}
}

# Test EC Key
# {
# "kty": "EC",
# "use": "sig",
# "crv": "P-256",
# "kid": "testing",
# "x": "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I",
# "y": "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo",
# "alg": "ES256"
# }
43 changes: 35 additions & 8 deletions okta/resource_okta_app_oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,16 @@ func resourceAppOAuth() *schema.Resource {
Optional: true,
Description: "RSA Modulus",
},
"x": {
Type: schema.TypeString,
Optional: true,
Description: "X coordinate of the elliptic curve point",
},
"y": {
Type: schema.TypeString,
Optional: true,
Description: "Y coordinate of the elliptic curve point",
},
},
},
},
Expand Down Expand Up @@ -595,11 +605,21 @@ func setOAuthClientSettings(d *schema.ResourceData, oauthClient *sdk.OpenIdConne
jwks := oauthClient.Jwks.Keys
arr := make([]map[string]interface{}, len(jwks))
for i, jwk := range jwks {
arr[i] = map[string]interface{}{
"kty": jwk.Kty,
"kid": jwk.Kid,
"e": jwk.E,
"n": jwk.N,
if jwk.Kty == "RSA" && jwk.E != "" && jwk.N != "" {
arr[i] = map[string]interface{}{
"kty": jwk.Kty,
"kid": jwk.Kid,
"e": jwk.E,
"n": jwk.N,
}
}
if jwk.Kty == "EC" && jwk.X != "" && jwk.Y != "" {
arr[i] = map[string]interface{}{
"kty": jwk.Kty,
"kid": jwk.Kid,
"x": jwk.X,
"y": jwk.Y,
}
}
}
err := setNonPrimitives(d, map[string]interface{}{"jwks": arr})
Expand Down Expand Up @@ -783,12 +803,19 @@ func buildAppOAuth(d *schema.ResourceData) *sdk.OpenIdConnectApplication {
if len(jwks) > 0 {
keys := make([]*sdk.JsonWebKey, len(jwks))
for i := range jwks {
keys[i] = &sdk.JsonWebKey{
key := &sdk.JsonWebKey{
Kid: d.Get(fmt.Sprintf("jwks.%d.kid", i)).(string),
Kty: d.Get(fmt.Sprintf("jwks.%d.kty", i)).(string),
E: d.Get(fmt.Sprintf("jwks.%d.e", i)).(string),
N: d.Get(fmt.Sprintf("jwks.%d.n", i)).(string),
}
if e, ok := d.Get(fmt.Sprintf("jwks.%d.e", i)).(string); ok {
key.E = e
key.N = d.Get(fmt.Sprintf("jwks.%d.n", i)).(string)
}
if x, ok := d.Get(fmt.Sprintf("jwks.%d.x", i)).(string); ok {
key.X = x
key.Y = d.Get(fmt.Sprintf("jwks.%d.y", i)).(string)
}
keys[i] = key
}
app.Settings.OauthClient.Jwks = &sdk.OpenIdConnectApplicationSettingsClientKeys{Keys: keys}
}
Expand Down
24 changes: 18 additions & 6 deletions okta/resource_okta_app_oauth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -266,22 +266,34 @@ func TestAccResourceOktaAppOauth_serviceWithJWKS(t *testing.T) {
config := mgr.GetFixtures("service_with_jwks.tf", t)
resourceName := fmt.Sprintf("%s.test", appOAuth)

ecResourceName := fmt.Sprintf("%s.test_ec", appOAuth)

oktaResourceTest(t, resource.TestCase{
PreCheck: testAccPreCheck(t),
ErrorCheck: testAccErrorChecks(t),
ProviderFactories: testAccProvidersFactories,
CheckDestroy: checkResourceDestroy(appOAuth, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
PreCheck: testAccPreCheck(t),
ErrorCheck: testAccErrorChecks(t),
ProtoV5ProviderFactories: testAccMergeProvidersFactories,
CheckDestroy: checkResourceDestroy(appOAuth, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
ensureResourceExists(resourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
resource.TestCheckResourceAttr(resourceName, "jwks.0.kty", "RSA"),
resource.TestCheckResourceAttr(resourceName, "jwks.0.kid", "SIGNING_KEY"),
resource.TestCheckResourceAttr(resourceName, "jwks.0.kid", "SIGNING_KEY_RSA"),
resource.TestCheckResourceAttr(resourceName, "jwks.0.e", "AQAB"),
resource.TestCheckResourceAttr(resourceName, "jwks.0.n", "owfoXNHcAlAVpIO41840ZU2tZraLGw3yEr3xZvAti7oEZPUKCytk88IDgH7440JOuz8GC_D6vtduWOqnEt0j0_faJnhKHgfj7DTWBOCxzSdjrM-Uyj6-e_XLFvZXzYsQvt52PnBJUV15G1W9QTjlghT_pFrW0xrTtbO1c281u1HJdPd5BeIyPb0pGbciySlx53OqGyxrAxPAt5P5h-n36HJkVsSQtNvgptLyOwWYkX50lgnh2szbJ0_O581bqkNBy9uqlnVeK1RZDQUl4mk8roWYhsx_JOgjpC3YyeXA6hHsT5xWZos_gNx98AHivNaAjzIzvyVItX2-hP0Aoscfff"),
),
},
{
Config: config,
Check: resource.ComposeTestCheckFunc(
ensureResourceExists(ecResourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kty", "EC"),
resource.TestCheckResourceAttr(ecResourceName, "jwks.0.kid", "SIGNING_KEY_EC"),
resource.TestCheckResourceAttr(ecResourceName, "jwks.0.x", "K37X78mXJHHldZYMzrwipjKR-YZUS2SMye0KindHp6I"),
resource.TestCheckResourceAttr(ecResourceName, "jwks.0.y", "8IfvsvXWzbFWOZoVOMwgF5p46mUj3kbOVf9Fk0vVVHo"),
),
},
},
})
}
Expand Down Expand Up @@ -352,7 +364,7 @@ func TestAccResourceOktaAppOauth_redirect_uris(t *testing.T) {
"https://*.example.com/"
]
response_types = ["code"]
}
}
`,
Check: resource.ComposeTestCheckFunc(
ensureResourceExists(resourceName, createDoesAppExist(sdk.NewOpenIdConnectApplication())),
Expand Down
2 changes: 2 additions & 0 deletions sdk/v2_jsonWebKey.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@ type JsonWebKey struct {
N string `json:"n,omitempty"`
Status string `json:"status,omitempty"`
Use string `json:"use,omitempty"`
X string `json:"x,omitempty"` // NOTE: EC X parameter is undocumented in docs and oas3 but still valid in the API
X5c []string `json:"x5c,omitempty"`
X5t string `json:"x5t,omitempty"`
X5tS256 string `json:"x5t#S256,omitempty"`
X5u string `json:"x5u,omitempty"`
Y string `json:"y,omitempty"` // NOTE: EC Y parameter is undocumented in docs and oas3 but still valid in the API
}
Loading

0 comments on commit 918083e

Please sign in to comment.