feat: client auth rework (#41)

This reworks client authentication preventing situations where authentication will pass when it shouldn't, and greatly enhances the available authentication mechanisms.
authelia · Mar 10, 2024 · 0e484f3 · 0e484f3
1 parent 08ccb01
commit 0e484f3
Show file tree

Hide file tree

Showing 129 changed files with 3,346 additions and 2,421 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -15,5 +15,5 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.21
+          go-version: 1.22
       - run: make test
diff --git a/README.md b/README.md
@@ -23,11 +23,12 @@ following list of differences:
 - [x] Replace string values with constants where applicable
       <sup>[commit](https://github.com/authelia/oauth2-provider/commit/de536dc0c9cd5f080c387621799e644319587bd0)</sup>
 - [ ] Simplify the internal JWT logic to leverage `github.com/golang-jwt/jwt/v5`
+      or other such libraries
 - [ ] Implement internal JWKS logic
 - [x] Higher Debug error information visibility (Debug Field includes the
       complete RFC6749 error with debug information if available)
 - Fixes:
-  - [x] Basic Scheme Rejects Special Characters
+  - [x] ~~Basic Scheme Rejects Special Characters~~
         <sup>[commit](https://github.com/authelia/oauth2-provider/commit/2314625eb1f21987a9199fb1cdf6da6cee4df965)</sup>
   - [x] RFC9068 must condition ignored
         <sup>[commit](https://github.com/authelia/oauth2-provider/commit/c6e7a18ee9066b8c17c6f30a180d44507e2e2ff1)</sup>
@@ -85,8 +86,11 @@ following list of differences:
   - [x] Revocation Flow per policy can decide to revoke Refresh Tokens on
         request <sup>[commit](e3ffc451f1c7056494f9dc3e51d47e84f12357de)</sup>
   - Client Authentication Rework:
-    - [ ] Client Secret Validation Interface
+    - [x] General Refactor
+    - [x] Prevent Multiple Client Authentication Methods
+    - [x] Client Secret Validation Interface
     - [ ] JWE support for Client Authentication and Issuance
+  - [x] Testing Package (mocks, etc)
   - [ ] Clock Drift Support
   - [ ] Key Management
   - [ ] Injectable Clock Configurator

diff --git a/access_error_test.go b/access_error_test.go
@@ -16,14 +16,14 @@ import (
 	"go.uber.org/mock/gomock"
 
 	. "authelia.com/provider/oauth2"
-	. "authelia.com/provider/oauth2/internal"
+	"authelia.com/provider/oauth2/testing/mock"
 )
 
 func TestWriteAccessError(t *testing.T) {
 	provider := &Fosite{Config: new(Config)}
 	header := http.Header{}
 	ctrl := gomock.NewController(t)
-	rw := NewMockResponseWriter(ctrl)
+	rw := mock.NewMockResponseWriter(ctrl)
 	defer ctrl.Finish()
 
 	rw.EXPECT().Header().AnyTimes().Return(header)