From 303259de40c2bab7da651cb570587d672da20095 Mon Sep 17 00:00:00 2001 From: Finn Date: Fri, 13 Mar 2026 20:29:48 -0700 Subject: [PATCH] Enable public clients also allow overriding the provided hostname Signed-off-by: Finn --- handlers.go | 18 +++++++++++++----- mockoidc.go | 11 ++++++++++- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/handlers.go b/handlers.go index d1405f1..fa9c68d 100644 --- a/handlers.go +++ b/handlers.go @@ -198,7 +198,12 @@ func (m *MockOIDC) Token(rw http.ResponseWriter, req *http.Request) { } func (m *MockOIDC) validateTokenParams(rw http.ResponseWriter, req *http.Request) bool { - if !assertPresence([]string{"client_id", "client_secret", "grant_type"}, rw, req) { + requiredParams := []string{"client_id", "grant_type"} + if !m.PublicClient { + requiredParams = append(requiredParams, "client_secret") + } + + if !assertPresence(requiredParams, rw, req) { return false } @@ -207,10 +212,13 @@ func (m *MockOIDC) validateTokenParams(rw http.ResponseWriter, req *http.Request if !equal { return false } - equal = assertEqual("client_secret", m.ClientSecret, - InvalidClient, "Invalid client secret", rw, req) - if !equal { - return false + + if !m.PublicClient { + equal = assertEqual("client_secret", m.ClientSecret, + InvalidClient, "Invalid client secret", rw, req) + if !equal { + return false + } } return true diff --git a/mockoidc.go b/mockoidc.go index e66ca58..55838d8 100644 --- a/mockoidc.go +++ b/mockoidc.go @@ -20,12 +20,15 @@ var NowFunc = time.Now type MockOIDC struct { ClientID string ClientSecret string + PublicClient bool AccessTTL time.Duration RefreshTTL time.Duration CodeChallengeMethodsSupported []string + Hostname string + // Normally, these would be private. Expose them publicly for // power users. Server *http.Server @@ -202,7 +205,13 @@ func (m *MockOIDC) Addr() string { if m.tlsConfig != nil { proto = "https" } - return fmt.Sprintf("%s://%s", proto, m.Server.Addr) + + hostname := m.Hostname + if hostname == "" { + hostname = m.Server.Addr + } + + return fmt.Sprintf("%s://%s", proto, hostname) } // Issuer returns the OIDC Issuer that will be in `iss` token claims