diff --git a/.schema/config.schema.json b/.schema/config.schema.json index 4ddd7fd233..23f847e1dd 100644 --- a/.schema/config.schema.json +++ b/.schema/config.schema.json @@ -201,8 +201,8 @@ "default": "none", "description": "Sets the strategy validation algorithm." }, - "scopesValidator": { - "title": "Scope Validator", + "scopeValidation": { + "title": "Scope Validation", "type": "string", "enum": ["default", "any"], "default": "default", @@ -611,8 +611,8 @@ "scope_strategy": { "$ref": "#/definitions/scopeStrategy" }, - "scopes_validator": { - "$ref": "#/definitions/scopesValidator" + "scope_validation": { + "$ref": "#/definitions/ScopeValidation" }, "token_from": { "title": "Token From", @@ -722,8 +722,8 @@ "scope_strategy": { "$ref": "#/definitions/scopeStrategy" }, - "scopes_validator": { - "$ref": "#/definitions/scopesValidator" + "scope_validation": { + "$ref": "#/definitions/scopeValidation" }, "pre_authorization": { "title": "Pre-Authorization", diff --git a/credentials/scopes_logical_validator.go b/credentials/scopes_logical_validator.go index 8081e69ab8..b2057ba78c 100644 --- a/credentials/scopes_logical_validator.go +++ b/credentials/scopes_logical_validator.go @@ -9,7 +9,7 @@ import ( "github.com/ory/herodot" ) -type ScopesValidator func(scopeResult map[string]bool) error +type ScopeValidation func(scopeResult map[string]bool) error func DefaultValidation(scopeResult map[string]bool) error { for sc, result := range scopeResult { diff --git a/credentials/verifier.go b/credentials/verifier.go index 2d51404272..0b19901c9c 100644 --- a/credentials/verifier.go +++ b/credentials/verifier.go @@ -29,7 +29,7 @@ type ValidationContext struct { Issuers []string Audiences []string ScopeStrategy fosite.ScopeStrategy - ScopesValidator ScopesValidator + ScopeValidation ScopeValidation Scope []string KeyURLs []url.URL } diff --git a/credentials/verifier_default.go b/credentials/verifier_default.go index c3f270b88a..b7573ef597 100644 --- a/credentials/verifier_default.go +++ b/credentials/verifier_default.go @@ -126,7 +126,7 @@ func (v *VerifierDefault) Verify( scopeResult[sc] = r.ScopeStrategy(s, sc) } - if err := r.ScopesValidator(scopeResult); err != nil { + if err := r.ScopeValidation(scopeResult); err != nil { return nil, err } diff --git a/credentials/verifier_default_test.go b/credentials/verifier_default_test.go index 7710af0d8f..dd67a041db 100644 --- a/credentials/verifier_default_test.go +++ b/credentials/verifier_default_test.go @@ -52,7 +52,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -78,7 +78,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "not-scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: AnyValidation, + ScopeValidation: AnyValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -104,7 +104,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "not-scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -131,7 +131,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -157,7 +157,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -183,7 +183,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -227,7 +227,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-rsa-single.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -247,7 +247,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -267,7 +267,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -287,7 +287,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -307,7 +307,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -327,7 +327,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", @@ -348,7 +348,7 @@ func TestVerifierDefault(t *testing.T) { Scope: []string{"scope-1", "scope-2"}, KeyURLs: []url.URL{*x.ParseURLOrPanic("file://../test/stub/jwks-hs.json")}, ScopeStrategy: fosite.ExactScopeStrategy, - ScopesValidator: DefaultValidation, + ScopeValidation: DefaultValidation, }, token: sign(jwt.MapClaims{ "sub": "sub", diff --git a/driver/configuration/provider.go b/driver/configuration/provider.go index 4b5dd6841f..18234deb55 100644 --- a/driver/configuration/provider.go +++ b/driver/configuration/provider.go @@ -72,7 +72,7 @@ type Provider interface { PrometheusHideRequestPaths() bool PrometheusCollapseRequestPaths() bool - ToScopesValidation(value string, key string) credentials.ScopesValidator + ToScopeValidation(value string, key string) credentials.ScopeValidation ToScopeStrategy(value string, key string) fosite.ScopeStrategy ParseURLs(sources []string) ([]url.URL, error) JSONWebKeyURLs() []string diff --git a/driver/configuration/provider_koanf.go b/driver/configuration/provider_koanf.go index 7bc70edb8b..f1ab8dfc50 100644 --- a/driver/configuration/provider_koanf.go +++ b/driver/configuration/provider_koanf.go @@ -271,7 +271,7 @@ func (v *KoanfProvider) getURL(value string, key string) *url.URL { return u } -func (v *KoanfProvider) ToScopesValidation(value string, key string) credentials.ScopesValidator { +func (v *KoanfProvider) ToScopeValidation(value string, key string) credentials.ScopeValidation { switch strings.ToLower(value) { case "default": return credentials.DefaultValidation diff --git a/driver/configuration/provider_koanf_public_test.go b/driver/configuration/provider_koanf_public_test.go index 57ccf63e3c..0fb474585a 100644 --- a/driver/configuration/provider_koanf_public_test.go +++ b/driver/configuration/provider_koanf_public_test.go @@ -389,7 +389,7 @@ func TestKoanfProvider(t *testing.T) { }) } -func TestToScopesValidation(t *testing.T) { +func TestToScopeValidation(t *testing.T) { p, err := configuration.NewKoanfProvider( context.Background(), nil, @@ -398,11 +398,11 @@ func TestToScopesValidation(t *testing.T) { ) require.NoError(t, err) - assert.Nil(t, p.ToScopesValidation("default", "foo")(map[string]bool{"foo": true})) - assert.NotNil(t, p.ToScopesValidation("default", "foo")(map[string]bool{"foo": true, "bar": false})) - assert.Nil(t, p.ToScopesValidation("any", "foo")(map[string]bool{"foo": true, "bar": false})) - assert.NotNil(t, p.ToScopesValidation("any", "foo")(map[string]bool{})) - assert.NotNil(t, p.ToScopesValidation("whatever", "foo")(map[string]bool{"foo": true, "bar": false})) + assert.Nil(t, p.ToScopeValidation("default", "foo")(map[string]bool{"foo": true})) + assert.NotNil(t, p.ToScopeValidation("default", "foo")(map[string]bool{"foo": true, "bar": false})) + assert.Nil(t, p.ToScopeValidation("any", "foo")(map[string]bool{"foo": true, "bar": false})) + assert.NotNil(t, p.ToScopeValidation("any", "foo")(map[string]bool{})) + assert.NotNil(t, p.ToScopeValidation("whatever", "foo")(map[string]bool{"foo": true, "bar": false})) } diff --git a/pipeline/authn/authenticator_jwt.go b/pipeline/authn/authenticator_jwt.go index 80e9acbfa5..a5fea11f27 100644 --- a/pipeline/authn/authenticator_jwt.go +++ b/pipeline/authn/authenticator_jwt.go @@ -34,7 +34,7 @@ type AuthenticatorOAuth2JWTConfiguration struct { AllowedAlgorithms []string `json:"allowed_algorithms"` JWKSURLs []string `json:"jwks_urls"` ScopeStrategy string `json:"scope_strategy"` - ScopesValidator string `json:"scopes_validator"` + ScopeValidation string `json:"scope_validation"` BearerTokenLocation *helper.BearerTokenLocation `json:"token_from"` } @@ -112,7 +112,7 @@ func (a *AuthenticatorJWT) Authenticate(r *http.Request, session *Authentication Issuers: cf.Issuers, Audiences: cf.Audience, ScopeStrategy: a.c.ToScopeStrategy(cf.ScopeStrategy, "authenticators.jwt.Config.scope_strategy"), - ScopesValidator: a.c.ToScopesValidation(cf.ScopesValidator, "authenticators.jwt.Config.scopes_validator"), + ScopeValidation: a.c.ToScopeValidation(cf.ScopeValidation, "authenticators.jwt.Config.scope_validation"), }) if err != nil { de := herodot.ToDefaultError(err, "")