Merge pull request #167 from brendandburns/oidc

k8s-ci-robot · web-flow · commit a4f9d70b899d · 2019-01-14T17:55:36.000-08:00
Implement OIDC Authentication Support
diff --git a/src/oidc_auth.ts b/src/oidc_auth.ts
@@ -0,0 +1,20 @@
+import { Authenticator } from './auth';
+import { User } from './config_types';
+
+export class OpenIDConnectAuth implements Authenticator {
+    public isAuthProvider(user: User): boolean {
+        if (!user.authProvider) {
+            return false;
+        }
+        return user.authProvider.name === 'oidc';
+    }
+
+    public getToken(user: User): string | null {
+        if (!user.authProvider.config || !user.authProvider.config['id-token']) {
+            return null;
+        }
+        // TODO: Handle expiration and refresh here...
+        // TODO: Extract the 'Bearer ' to config.ts?
+        return `Bearer ${user.authProvider.config['id-token']}`;
+    }
+}
diff --git a/src/oidc_auth_test.ts b/src/oidc_auth_test.ts
@@ -0,0 +1,59 @@
+import { expect } from 'chai';
+
+import { User } from './config_types';
+import { OpenIDConnectAuth } from './oidc_auth';
+
+describe('OIDCAuth', () => {
+    const auth = new OpenIDConnectAuth();
+    it('should be true for oidc user', () => {
+        const user = {
+            authProvider: {
+                name: 'oidc',
+            },
+        } as User;
+
+        expect(auth.isAuthProvider(user)).to.equal(true);
+    });
+
+    it('should be false for other user', () => {
+        const user = {
+            authProvider: {
+                name: 'azure',
+            },
+        } as User;
+
+        expect(auth.isAuthProvider(user)).to.equal(false);
+    });
+
+    it('should be false for null user.authProvider', () => {
+        const user = {} as User;
+
+        expect(auth.isAuthProvider(user)).to.equal(false);
+    });
+
+    it('get a token if present', () => {
+        const token = 'some token';
+        const user = {
+            authProvider: {
+                name: 'oidc',
+                config: {
+                    'id-token': token,
+                },
+            },
+        } as User;
+
+        expect(auth.getToken(user)).to.equal(`Bearer ${token}`);
+    });
+
+    it('get null if token missing', () => {
+        const user = {
+            authProvider: {
+                name: 'oidc',
+                config: {
+                },
+            },
+        } as User;
+
+        expect(auth.getToken(user)).to.equal(null);
+    });
+});
