PXP-11248 PXP-11258 POST /auth/mapping token support #163
Conversation
β¦st_auth_mapping_token_validation
| } | ||
| msg := fmt.Sprintf("Expected response to be these auth mappings from anonymous and logged-in groups: %v", expectedMappings) | ||
| for resource, actions := range result { | ||
| assert.Contains(t, expectedMappings, resource, msg) |
There was a problem hiding this comment.
Just for my understanding - if this "hulkhogan12" has auth mappings other than loggedIn or anonymous, this assert.Contains will fail. Is that correct?
|
|
||
| router.Handle("/auth/mapping", http.HandlerFunc(server.handleAuthMappingGET)).Methods("GET") | ||
| router.Handle("/auth/mapping", http.HandlerFunc(server.parseJSON(server.handleAuthMappingPOST))).Methods("POST") | ||
| router.Handle("/auth/mapping", http.HandlerFunc(server.handleAuthMappingPOST)).Methods("POST") |
There was a problem hiding this comment.
Is the main purpose of this change to bypass the baseHandler function call?
There was a problem hiding this comment.
The endpoint used to only accept input in the request body. Now that we allow passing a token and no body, we don't need parseJSON (it errors when there is no body). So i refactored the "body parsing" logic out of parseJSON so i could call it manually in handleAuthMappingPOST(), only when we need it. When only a token is passed, we don't call it
There was a problem hiding this comment.
that makes sense. so if this expression is satisfied
authHeader := r.Header.Get("Authorization"); authHeader != ""
then we don't parse the body.
Jira Tickets: PXP-11248 and PXP-11258
Changes from #159 + unit tests + fix
handleAuthMappingPOSTto work when no body is provided + minor refactoringNew Features
POST /auth/mappingsupports parsing username and client ID from a token instead of from the request body.POST /auth/mappingsupports tokens produced from a "client_credentials" OIDC flow.Breaking Changes
Bug Fixes
Improvements
Dependency updates
Deployment changes