From ff4da5d86831100f296fd7d756d1a46a8848b1d1 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 16 Dec 2024 14:47:29 -0500 Subject: [PATCH 1/2] fix client assertion not send through POST body Signed-off-by: Tien Nguyen --- internal/m2mauth/m2mauth.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/internal/m2mauth/m2mauth.go b/internal/m2mauth/m2mauth.go index f45adca..5840a3e 100644 --- a/internal/m2mauth/m2mauth.go +++ b/internal/m2mauth/m2mauth.go @@ -24,7 +24,6 @@ import ( "encoding/pem" "errors" "fmt" - "io" "net/http" "net/url" "os" @@ -224,7 +223,6 @@ func (m *M2MAuthentication) accessToken() (*okta.AccessToken, error) { return nil, err } - var tokenRequestBuff io.ReadWriter query := url.Values{} tokenRequestURL := fmt.Sprintf(okta.CustomAuthzV1TokenEndpointFormat, m.config.OrgDomain(), m.config.AuthzID()) @@ -232,8 +230,7 @@ func (m *M2MAuthentication) accessToken() (*okta.AccessToken, error) { query.Add("scope", m.config.CustomScope()) query.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer") query.Add("client_assertion", clientAssertion) - tokenRequestURL += "?" + query.Encode() - req, err := http.NewRequest("POST", tokenRequestURL, tokenRequestBuff) + req, err := http.NewRequest("POST", tokenRequestURL, strings.NewReader(query.Encode())) if err != nil { return nil, err } From 52ccddf46f6245d07ae820f2cd040385731f8d43 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 16 Dec 2024 16:14:49 -0500 Subject: [PATCH 2/2] update test Signed-off-by: Tien Nguyen --- test/fixtures/vcr/TestM2MAuthAccessToken.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/test/fixtures/vcr/TestM2MAuthAccessToken.yaml b/test/fixtures/vcr/TestM2MAuthAccessToken.yaml index c7d95c7..ccf1990 100644 --- a/test/fixtures/vcr/TestM2MAuthAccessToken.yaml +++ b/test/fixtures/vcr/TestM2MAuthAccessToken.yaml @@ -6,20 +6,30 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 0 + content_length: 533 transfer_encoding: [] trailer: {} host: test.dne-okta.com remote_addr: "" request_uri: "" - body: "" - form: {} + body: client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6ImtpZC1yb2NrIn0.eyJhdWQiOiJodHRwczovL21tb25kcmFnb24tYXdzLWNsaS0wMC5va3RhcHJldmlldy5jb20vb2F1dGgyL2F1czh3MjNyMTNOdnlVd2xuMWQ3L3YxL3Rva2VuIiwiZXhwIjoxNzM0Mzg2ODc4LCJpYXQiOjE3MzQzODMyNzgsImlzcyI6IjBvYTZmdndhYTVVSExUckppMWQ3Iiwic3ViIjoiMG9hNmZ2d2FhNVVITFRySmkxZDcifQ.BBhbrh0J0s9Az0Pf49YND1zuKYOhGzgLNzlAssZjaF74yFlowFdkceBg2uGxUkzQ1nn4F1Z1VmrrUiIQs8Ogsg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&grant_type=client_credentials&scope=okta-m2m-access + form: + client_assertion: + - eyJhbGciOiJSUzI1NiIsImtpZCI6ImtpZC1yb2NrIn0.eyJhdWQiOiJodHRwczovL21tb25kcmFnb24tYXdzLWNsaS0wMC5va3RhcHJldmlldy5jb20vb2F1dGgyL2F1czh3MjNyMTNOdnlVd2xuMWQ3L3YxL3Rva2VuIiwiZXhwIjoxNzM0Mzg2ODc4LCJpYXQiOjE3MzQzODMyNzgsImlzcyI6IjBvYTZmdndhYTVVSExUckppMWQ3Iiwic3ViIjoiMG9hNmZ2d2FhNVVITFRySmkxZDcifQ.BBhbrh0J0s9Az0Pf49YND1zuKYOhGzgLNzlAssZjaF74yFlowFdkceBg2uGxUkzQ1nn4F1Z1VmrrUiIQs8Ogsg + client_assertion_type: + - urn:ietf:params:oauth:client-assertion-type:jwt-bearer + grant_type: + - client_credentials + scope: + - okta-m2m-access headers: Accept: - application/json Content-Type: - application/x-www-form-urlencoded - url: https://test.dne-okta.com/oauth2/aus8w23r13NvyUwln1d7/v1/token?client_assertion=abc123&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&grant_type=client_credentials&scope=okta-m2m-access + X-Okta-Aws-Cli-Operation: + - m2m + url: https://test.dne-okta.com/oauth2/aus8w23r13NvyUwln1d7/v1/token method: POST response: proto: HTTP/2.0