diff --git a/compose/compose.go b/compose/compose.go index 91dd4e6e..632186ee 100644 --- a/compose/compose.go +++ b/compose/compose.go @@ -82,18 +82,18 @@ func ComposeAllEnabled(config *fosite.Config, storage interface{}, key interface OAuth2RefreshTokenGrantFactory, OAuth2ResourceOwnerPasswordCredentialsFactory, RFC7523AssertionGrantFactory, + RFC8628DeviceFactory, + RFC8628DeviceAuthorizationTokenFactory, OpenIDConnectExplicitFactory, OpenIDConnectImplicitFactory, OpenIDConnectHybridFactory, OpenIDConnectRefreshFactory, + OpenIDConnectDeviceFactory, OAuth2TokenIntrospectionFactory, OAuth2TokenRevocationFactory, - RFC8628DeviceFactory, - RFC8628DeviceAuthorizationTokenFactory, - OAuth2PKCEFactory, PushedAuthorizeHandlerFactory, ) diff --git a/compose/compose_openid.go b/compose/compose_openid.go index 68178ddc..4e05a6c7 100644 --- a/compose/compose_openid.go +++ b/compose/compose_openid.go @@ -7,6 +7,7 @@ import ( "github.com/ory/fosite" "github.com/ory/fosite/handler/oauth2" "github.com/ory/fosite/handler/openid" + "github.com/ory/fosite/handler/rfc8628" "github.com/ory/fosite/token/jwt" ) @@ -77,3 +78,17 @@ func OpenIDConnectHybridFactory(config fosite.Configurator, storage interface{}, OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(strategy.(jwt.Signer), config), } } + +// OpenIDConnectDeviceFactory creates an OpenID Connect device ("device code flow") grant handler. +// +// **Important note:** You must add this handler *after* you have added an OAuth2 device authorization handler! +func OpenIDConnectDeviceFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} { + return &openid.OpenIDConnectDeviceHandler{ + OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage), + IDTokenHandleHelper: &openid.IDTokenHandleHelper{ + IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy), + }, + DeviceCodeStrategy: strategy.(rfc8628.DeviceCodeStrategy), + Config: config, + } +} diff --git a/device_request_handler.go b/device_request_handler.go index 30d54825..2f351083 100644 --- a/device_request_handler.go +++ b/device_request_handler.go @@ -17,7 +17,7 @@ import ( // NewDeviceRequest parses an http Request returns a Device request func (f *Fosite) NewDeviceRequest(ctx context.Context, r *http.Request) (_ DeviceRequester, err error) { - ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("github.com/ory/fosite").Start(ctx, "Fosite.NewAccessRequest") + ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("github.com/ory/fosite").Start(ctx, "Fosite.NewDeviceRequest") defer otelx.End(span, &err) request := NewDeviceRequest() diff --git a/handler/openid/flow_device_auth.go b/handler/openid/flow_device_auth.go new file mode 100644 index 00000000..3a54b494 --- /dev/null +++ b/handler/openid/flow_device_auth.go @@ -0,0 +1,50 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package openid + +import ( + "context" + + "github.com/ory/fosite/handler/rfc8628" + + "github.com/ory/fosite" + "github.com/ory/x/errorsx" +) + +// OpenIDConnectDeviceHandler a response handler for the Device Authorization Grant with OpenID Connect identity layer +type OpenIDConnectDeviceHandler struct { + OpenIDConnectRequestStorage OpenIDConnectRequestStorage + DeviceCodeStrategy rfc8628.DeviceCodeStrategy + + Config interface { + fosite.IDTokenLifespanProvider + } + + *IDTokenHandleHelper +} + +func (c *OpenIDConnectDeviceHandler) HandleDeviceEndpointRequest(ctx context.Context, dar fosite.DeviceRequester, resp fosite.DeviceResponder) error { + if !(dar.GetGrantedScopes().Has("openid")) { + return nil + } + + if !dar.GetClient().GetGrantTypes().Has(string(fosite.GrantTypeDeviceCode)) { + return nil + } + + if len(resp.GetDeviceCode()) == 0 { + return errorsx.WithStack(fosite.ErrMisconfiguration.WithDebug("The device code has not been issued yet, indicating a broken code configuration.")) + } + + signature, err := c.DeviceCodeStrategy.DeviceCodeSignature(ctx, resp.GetDeviceCode()) + if err != nil { + return err + } + + if err := c.OpenIDConnectRequestStorage.CreateOpenIDConnectSession(ctx, signature, dar.Sanitize(oidcParameters)); err != nil { + return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error())) + } + + return nil +} diff --git a/handler/openid/flow_device_auth_test.go b/handler/openid/flow_device_auth_test.go new file mode 100644 index 00000000..a84e1e44 --- /dev/null +++ b/handler/openid/flow_device_auth_test.go @@ -0,0 +1,162 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package openid + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/golang/mock/gomock" + "github.com/ory/fosite/internal" + "github.com/pkg/errors" + + "github.com/stretchr/testify/require" + + "github.com/coocood/freecache" + + "github.com/ory/fosite" + "github.com/ory/fosite/handler/rfc8628" + "github.com/ory/fosite/token/hmac" + "github.com/ory/fosite/token/jwt" +) + +func TestDeviceAuth_HandleDeviceEndpointRequest(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + store := internal.NewMockOpenIDConnectRequestStorage(ctrl) + + config := &fosite.Config{ + MinParameterEntropy: fosite.MinParameterEntropy, + DeviceAndUserCodeLifespan: time.Hour * 24, + } + + signer := &jwt.DefaultSigner{ + GetPrivateKey: func(ctx context.Context) (interface{}, error) { + return key, nil + }, + } + + h := OpenIDConnectDeviceHandler{ + OpenIDConnectRequestStorage: store, + DeviceCodeStrategy: &rfc8628.DefaultDeviceStrategy{ + Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobar")}}, + RateLimiterCache: freecache.NewCache(1024 * 1024), + Config: config, + }, + Config: config, + IDTokenHandleHelper: &IDTokenHandleHelper{ + IDTokenStrategy: &DefaultStrategy{ + Signer: signer, + Config: config, + }, + }, + } + + session := &DefaultSession{ + Claims: &jwt.IDTokenClaims{ + Subject: "foo", + }, + Headers: &jwt.Headers{}, + } + + client := &fosite.DefaultClient{ + ID: "foo", + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + } + + testCases := []struct { + description string + authreq *fosite.DeviceRequest + authresp *fosite.DeviceResponse + setup func(authreq *fosite.DeviceRequest) + expectErr error + }{ + { + description: "should ignore because scope openid is not set", + authreq: &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"email"}, + }, + }, + }, + { + description: "should ignore because client grant type is invalid", + authreq: &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Client: &fosite.DefaultClient{ + GrantTypes: []string{string(fosite.GrantTypeAuthorizationCode)}, + }, + }, + }, + }, + { + description: "should fail because device code is not issued", + authreq: &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Client: client, + }, + }, + authresp: &fosite.DeviceResponse{}, + expectErr: fosite.ErrMisconfiguration, + }, + { + description: "should fail because cannot create session", + authreq: &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Client: client, + Session: session, + }, + }, + authresp: &fosite.DeviceResponse{ + DeviceCode: "device_code", + }, + setup: func(authreq *fosite.DeviceRequest) { + store. + EXPECT(). + CreateOpenIDConnectSession(gomock.Any(), gomock.Any(), gomock.Eq(authreq.Sanitize(oidcParameters))). + Return(errors.New("")) + }, + expectErr: fosite.ErrServerError, + }, + { + description: "should pass", + authreq: &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Client: client, + Session: session, + }, + }, + authresp: &fosite.DeviceResponse{ + DeviceCode: "device_code", + }, + setup: func(authreq *fosite.DeviceRequest) { + store. + EXPECT(). + CreateOpenIDConnectSession(gomock.Any(), gomock.Any(), gomock.Eq(authreq.Sanitize(oidcParameters))). + Return(nil) + }, + }, + } + + for i, testCase := range testCases { + t.Run(fmt.Sprintf("case=%d/description=%s", i, testCase.description), func(t *testing.T) { + if testCase.setup != nil { + testCase.setup(testCase.authreq) + } + + err := h.HandleDeviceEndpointRequest(context.Background(), testCase.authreq, testCase.authresp) + if testCase.expectErr != nil { + require.EqualError(t, err, testCase.expectErr.Error(), "%+v", err) + } else { + require.NoError(t, err, "%+v", err) + } + }) + } +} diff --git a/handler/openid/flow_device_token.go b/handler/openid/flow_device_token.go new file mode 100644 index 00000000..5456b0b4 --- /dev/null +++ b/handler/openid/flow_device_token.go @@ -0,0 +1,64 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package openid + +import ( + "context" + + "github.com/pkg/errors" + + "github.com/ory/fosite" + "github.com/ory/x/errorsx" +) + +func (c *OpenIDConnectDeviceHandler) HandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) error { + return errorsx.WithStack(fosite.ErrUnknownRequest) +} + +func (c *OpenIDConnectDeviceHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error { + if !c.CanHandleTokenEndpointRequest(ctx, requester) { + return errorsx.WithStack(fosite.ErrUnknownRequest) + } + + deviceCode := requester.GetRequestForm().Get("device_code") + signature, err := c.DeviceCodeStrategy.DeviceCodeSignature(ctx, deviceCode) + ar, err := c.OpenIDConnectRequestStorage.GetOpenIDConnectSession(ctx, signature, requester) + if errors.Is(err, ErrNoSessionFound) { + return errorsx.WithStack(fosite.ErrUnknownRequest.WithWrap(err).WithDebug(err.Error())) + } + if err != nil { + return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error())) + } + + if !ar.GetGrantedScopes().Has("openid") { + return errorsx.WithStack(fosite.ErrMisconfiguration.WithDebug("An OpenID Connect session was found but the openid scope is missing, probably due to a broken code configuration.")) + } + + if !requester.GetClient().GetGrantTypes().Has(string(fosite.GrantTypeDeviceCode)) { + return errorsx.WithStack(fosite.ErrUnauthorizedClient.WithHint("The OAuth 2.0 Client is not allowed to use the authorization grant \"urn:ietf:params:oauth:grant-type:device_code\".")) + } + + session, ok := ar.GetSession().(Session) + if !ok { + return errorsx.WithStack(fosite.ErrServerError.WithDebug("Failed to generate id token because session must be of type fosite/handler/openid.Session.")) + } + + claims := session.IDTokenClaims() + if claims.Subject == "" { + return errorsx.WithStack(fosite.ErrServerError.WithDebug("Failed to generate id token because subject is an empty string.")) + } + + claims.AccessTokenHash = c.GetAccessTokenHash(ctx, requester, responder) + + idTokenLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeDeviceCode, fosite.IDToken, c.Config.GetIDTokenLifespan(ctx)) + return c.IssueExplicitIDToken(ctx, idTokenLifespan, ar, responder) +} + +func (c *OpenIDConnectDeviceHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool { + return false +} + +func (c *OpenIDConnectDeviceHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool { + return requester.GetGrantTypes().ExactOne(string(fosite.GrantTypeDeviceCode)) +} diff --git a/handler/openid/flow_device_token_test.go b/handler/openid/flow_device_token_test.go new file mode 100644 index 00000000..54f9686e --- /dev/null +++ b/handler/openid/flow_device_token_test.go @@ -0,0 +1,277 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package openid + +import ( + "context" + "fmt" + "net/url" + "testing" + "time" + + "github.com/pkg/errors" + + "github.com/stretchr/testify/require" + + "github.com/coocood/freecache" + "github.com/golang/mock/gomock" + "github.com/ory/fosite/handler/rfc8628" + "github.com/ory/fosite/internal" + "github.com/ory/fosite/token/hmac" + "github.com/ory/fosite/token/jwt" + + "github.com/stretchr/testify/assert" + + "github.com/ory/fosite" +) + +func TestDeviceToken_HandleTokenEndpointRequest(t *testing.T) { + h := OpenIDConnectDeviceHandler{ + Config: &fosite.Config{}, + } + areq := fosite.NewAccessRequest(nil) + areq.Client = &fosite.DefaultClient{ + ResponseTypes: fosite.Arguments{"code"}, + } + + err := h.HandleTokenEndpointRequest(context.Background(), areq) + assert.EqualError(t, err, fosite.ErrUnknownRequest.Error()) +} + +func TestDeviceToken_PopulateTokenEndpointResponse(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + store := internal.NewMockOpenIDConnectRequestStorage(ctrl) + + config := &fosite.Config{ + MinParameterEntropy: fosite.MinParameterEntropy, + DeviceAndUserCodeLifespan: time.Hour * 24, + IDTokenLifespan: time.Hour * 24, + } + + signer := &jwt.DefaultSigner{ + GetPrivateKey: func(ctx context.Context) (interface{}, error) { + return key, nil + }, + } + + h := OpenIDConnectDeviceHandler{ + OpenIDConnectRequestStorage: store, + DeviceCodeStrategy: &rfc8628.DefaultDeviceStrategy{ + Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobar")}}, + RateLimiterCache: freecache.NewCache(1024 * 1024), + Config: config, + }, + Config: config, + IDTokenHandleHelper: &IDTokenHandleHelper{ + IDTokenStrategy: &DefaultStrategy{ + Signer: signer, + Config: config, + }, + }, + } + + session := &DefaultSession{ + Claims: &jwt.IDTokenClaims{ + Subject: "foo", + }, + Headers: &jwt.Headers{}, + } + + client := &fosite.DefaultClient{ + ID: "foo", + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + } + + testCases := []struct { + description string + areq *fosite.AccessRequest + aresp *fosite.AccessResponse + setup func(areq *fosite.AccessRequest) + check func(t *testing.T, aresp *fosite.AccessResponse) + expectErr error + }{ + { + description: "should fail because the grant type is invalid", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeAuthorizationCode)}, + Request: fosite.Request{ + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + aresp: fosite.NewAccessResponse(), + expectErr: fosite.ErrUnknownRequest, + }, + { + description: "should fail because session not found", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + aresp: fosite.NewAccessResponse(), + setup: func(areq *fosite.AccessRequest) { + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(nil, ErrNoSessionFound) + }, + expectErr: fosite.ErrUnknownRequest, + }, + { + description: "should fail because session lookup fails", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(nil, errors.New("")) + }, + expectErr: fosite.ErrServerError, + }, + { + description: "should fail because auth request grant scope is invalid", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + authreq := &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"email"}, + Session: session, + }, + } + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(authreq, nil) + }, + expectErr: fosite.ErrMisconfiguration, + }, + { + description: "should fail because auth request's client grant type is invalid", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Client: &fosite.DefaultClient{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeAuthorizationCode)}, + }, + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + authreq := &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Session: session, + }, + } + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(authreq, nil) + }, + expectErr: fosite.ErrUnauthorizedClient, + }, + { + description: "should fail because auth request is missing session", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Client: client, + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + authreq := &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + }, + } + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(authreq, nil) + }, + expectErr: fosite.ErrServerError, + }, + { + description: "should fail because auth request session is missing subject claims", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Client: client, + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + authreq := &fosite.DeviceRequest{ + Request: fosite.Request{ + GrantedScope: fosite.Arguments{"openid", "email"}, + Session: NewDefaultSession(), + }, + } + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(authreq, nil) + }, + expectErr: fosite.ErrServerError, + }, + { + description: "should pass", + areq: &fosite.AccessRequest{ + GrantTypes: fosite.Arguments{string(fosite.GrantTypeDeviceCode)}, + Request: fosite.Request{ + Client: client, + Form: url.Values{"device_code": []string{"device_code"}}, + Session: session, + }, + }, + setup: func(areq *fosite.AccessRequest) { + authreq := &fosite.DeviceRequest{ + Request: fosite.Request{ + Client: client, + GrantedScope: fosite.Arguments{"openid", "email"}, + Session: session, + }, + } + store.EXPECT().GetOpenIDConnectSession(gomock.Any(), gomock.Any(), areq).Return(authreq, nil) + }, + check: func(t *testing.T, aresp *fosite.AccessResponse) { + assert.NotEmpty(t, aresp.GetExtra("id_token")) + + idToken, _ := aresp.GetExtra("id_token").(string) + decodedIdToken, err := jwt.Parse(idToken, func(token *jwt.Token) (interface{}, error) { + return key.PublicKey, nil + }) + require.NoError(t, err) + + claims := decodedIdToken.Claims + assert.NotEmpty(t, claims["at_hash"]) + + idTokenExp := internal.ExtractJwtExpClaim(t, idToken) + internal.RequireEqualTime(t, time.Now().Add(time.Hour*24), *idTokenExp, time.Minute) + }, + }, + } + + for i, testCase := range testCases { + t.Run(fmt.Sprintf("case=%d/description=%s", i, testCase.description), func(t *testing.T) { + if testCase.setup != nil { + testCase.setup(testCase.areq) + } + + aresp := fosite.NewAccessResponse() + err := h.PopulateTokenEndpointResponse(context.Background(), testCase.areq, aresp) + if testCase.expectErr != nil { + require.EqualError(t, err, testCase.expectErr.Error(), "%+v", err) + } else { + require.NoError(t, err, "%+v", err) + } + + if testCase.check != nil { + testCase.check(t, aresp) + } + }) + } +} diff --git a/handler/openid/validator.go b/handler/openid/validator.go index f2531494..4a8f3060 100644 --- a/handler/openid/validator.go +++ b/handler/openid/validator.go @@ -60,9 +60,10 @@ func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req // unless the identity of the client can be proven, the request SHOULD // be processed as if no previous request had been approved. - checker := v.Config.GetRedirectSecureChecker(ctx) if stringslice.Has(requiredPrompt, "none") { - if !checker(ctx, req.GetRedirectURI()) { + redirectURI := req.GetRedirectURI() + checker := v.Config.GetRedirectSecureChecker(ctx) + if !checker(ctx, redirectURI) { return errorsx.WithStack(fosite.ErrConsentRequired.WithHint("OAuth 2.0 Client is marked public and redirect uri is not considered secure (https missing), but \"prompt=none\" was requested.")) } } diff --git a/handler/openid/validator_test.go b/handler/openid/validator_test.go index d22bb33e..f9b5d254 100644 --- a/handler/openid/validator_test.go +++ b/handler/openid/validator_test.go @@ -21,11 +21,12 @@ func TestValidatePrompt(t *testing.T) { config := &fosite.Config{ MinParameterEntropy: fosite.MinParameterEntropy, } - var j = &DefaultStrategy{ + j := &DefaultStrategy{ Signer: &jwt.DefaultSigner{ GetPrivateKey: func(_ context.Context) (interface{}, error) { return key, nil - }}, + }, + }, Config: &fosite.Config{ MinParameterEntropy: fosite.MinParameterEntropy, }, @@ -33,7 +34,7 @@ func TestValidatePrompt(t *testing.T) { v := NewOpenIDConnectRequestValidator(j, config) - var genIDToken = func(c jwt.IDTokenClaims) string { + genIDToken := func(c jwt.IDTokenClaims) string { s, _, err := j.Generate(context.TODO(), c.ToMapClaims(), jwt.NewHeaders()) require.NoError(t, err) return s diff --git a/handler/rfc8628/auth_handler_test.go b/handler/rfc8628/auth_handler_test.go index 220a0347..74f01050 100644 --- a/handler/rfc8628/auth_handler_test.go +++ b/handler/rfc8628/auth_handler_test.go @@ -8,7 +8,6 @@ import ( "testing" "time" - "github.com/golang/mock/gomock" "github.com/ory/fosite/storage" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -18,8 +17,6 @@ import ( ) func Test_HandleDeviceEndpointRequest(t *testing.T) { - ctrl := gomock.NewController(t) - defer ctrl.Finish() store := storage.NewMemoryStore() handler := rfc8628.DeviceAuthHandler{ Storage: store, diff --git a/handler/rfc8628/token_handler_test.go b/handler/rfc8628/token_handler_test.go index 8caa5911..8f894c64 100644 --- a/handler/rfc8628/token_handler_test.go +++ b/handler/rfc8628/token_handler_test.go @@ -35,7 +35,7 @@ var hmacshaStrategy = oauth2.NewHMACSHAStrategy( var RFC8628HMACSHAStrategy = DefaultDeviceStrategy{ Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")}}, - RateLimiterCache: freecache.NewCache(16384 * 64), + RateLimiterCache: freecache.NewCache(1024 * 1024), Config: &fosite.Config{ DeviceAndUserCodeLifespan: time.Hour * 24, },