support OIDC protocol

Signed-off-by: hongming <hongming@kubesphere.io>
2021-09-14 18:06:28 +08:00
parent 4b5b1c64bc
commit 8c5c6a7dee
5 changed files with 199 additions and 30 deletions
--- a/pkg/apiserver/authentication/token/issuer_test.go
+++ b/pkg/apiserver/authentication/token/issuer_test.go
@@ -87,11 +87,19 @@ func TestNewIssuer(t *testing.T) {
 		name:             options.OAuthOptions.Issuer,
 		secret:           []byte(options.JwtSecret),
 		maximumClockSkew: options.MaximumClockSkew,
-		signKey: &jose.JSONWebKey{
-			Key:       signKey,
-			KeyID:     keyID,
-			Algorithm: jwt.SigningMethodRS256.Alg(),
-			Use:       "sig",
+		signKey: &Keys{
+			SigningKey: &jose.JSONWebKey{
+				Key:       signKey,
+				KeyID:     keyID,
+				Algorithm: jwt.SigningMethodRS256.Alg(),
+				Use:       "sig",
+			},
+			SigningKeyPub: &jose.JSONWebKey{
+				Key:       signKey.Public(),
+				KeyID:     keyID,
+				Algorithm: jwt.SigningMethodRS256.Alg(),
+				Use:       "sig",
+			},
 		},
 	}
 	if !reflect.DeepEqual(got, want) {
@@ -116,8 +124,10 @@ func TestNewIssuerGenerateSignKey(t *testing.T) {

 	iss := got.(*issuer)
 	assert.NotNil(t, iss.signKey)
-	assert.NotNil(t, iss.signKey.Key)
-	assert.NotNil(t, iss.signKey.KeyID)
+	assert.NotNil(t, iss.signKey.SigningKey)
+	assert.NotNil(t, iss.signKey.SigningKeyPub)
+	assert.NotNil(t, iss.signKey.SigningKey.KeyID)
+	assert.NotNil(t, iss.signKey.SigningKeyPub.KeyID)
 }

 func Test_issuer_IssueTo(t *testing.T) {