Extract Supervisor authorize endpoint string constants into apis pkg

apis/supervisor/idpdiscovery/v1alpha1/types_supervisor_idp_discovery.go.tmpl

@@ -39,26 +39,26 @@ func (r IDPFlow) String() string {
 	return string(r)
 }
 
-// SupervisorOIDCDiscoveryResponse is part of the response from a FederationDomain's OpenID Provider Configuration
+// OIDCDiscoveryResponse is part of the response from a FederationDomain's OpenID Provider Configuration
 // Document returned by the .well-known/openid-configuration endpoint. It ignores all the standard OpenID Provider
 // configuration metadata and only picks out the portion related to Supervisor identity provider discovery.
-type SupervisorOIDCDiscoveryResponse struct {
-	SupervisorDiscovery SupervisorOIDCDiscoveryResponseIDPEndpoint `json:"discovery.supervisor.pinniped.dev/v1alpha1"`
+type OIDCDiscoveryResponse struct {
+	SupervisorDiscovery OIDCDiscoveryResponseIDPEndpoint `json:"discovery.supervisor.pinniped.dev/v1alpha1"`
 }
 
-// SupervisorOIDCDiscoveryResponseIDPEndpoint contains the URL for the identity provider discovery endpoint.
-type SupervisorOIDCDiscoveryResponseIDPEndpoint struct {
+// OIDCDiscoveryResponseIDPEndpoint contains the URL for the identity provider discovery endpoint.
+type OIDCDiscoveryResponseIDPEndpoint struct {
 	PinnipedIDPsEndpoint string `json:"pinniped_identity_providers_endpoint"`
 }
 
-// SupervisorIDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint.
-type SupervisorIDPDiscoveryResponse struct {
-	PinnipedIDPs []SupervisorPinnipedIDP `json:"pinniped_identity_providers"`
+// IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint.
+type IDPDiscoveryResponse struct {
+	PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"`
 }
 
-// SupervisorPinnipedIDP describes a single identity provider as included in the response of a FederationDomain's
+// PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's
 // identity provider discovery endpoint.
-type SupervisorPinnipedIDP struct {
+type PinnipedIDP struct {
 	Name  string    `json:"name"`
 	Type  IDPType   `json:"type"`
 	Flows []IDPFlow `json:"flows,omitempty"`

apis/supervisor/oidc/types_supervisor_oidc.go.tmpl

@@ -0,0 +1,25 @@
+// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package oidc
+
+// Constants related to the Supervisor FederationDomain's authorization and token endpoints.
+const (
+	// AuthorizeUsernameHeaderName is the name of the HTTP header which can be used to transmit a username
+	// to the authorize endpoint when using a password flow, for example an OIDCIdentityProvider with a password grant
+	// or an LDAPIdentityProvider.
+	AuthorizeUsernameHeaderName = "Pinniped-Username"
+
+	// AuthorizePasswordHeaderName is the name of the HTTP header which can be used to transmit a password
+	// to the authorize endpoint when using a password flow, for example an OIDCIdentityProvider with a password grant
+	// or an LDAPIdentityProvider.
+	AuthorizePasswordHeaderName = "Pinniped-Password" //nolint:gosec // this is not a credential
+
+	// AuthorizeUpstreamIDPNameParamName is the name of the HTTP request parameter which can be used to help select which
+	// identity provider should be used for authentication by sending the name of the desired identity provider.
+	AuthorizeUpstreamIDPNameParamName = "pinniped_idp_name"
+
+	// AuthorizeUpstreamIDPTypeParamName is the name of the HTTP request parameter which can be used to help select which
+	// identity provider should be used for authentication by sending the type of the desired identity provider.
+	AuthorizeUpstreamIDPTypeParamName = "pinniped_idp_type"
+)