More unit tests and small error handling changes for OIDC password grant

2026-01-06 13:36:54 +00:00 · 2021-08-16 14:27:40 -07:00
parent 71d6281e39
commit 52cb0bbc07
5 changed files with 438 additions and 90 deletions
--- a/internal/upstreamoidc/upstreamoidc.go
+++ b/internal/upstreamoidc/upstreamoidc.go
@@ -73,7 +73,7 @@ func (p *ProviderConfig) AllowsPasswordGrant() bool {
 func (p *ProviderConfig) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error) {
 	// Disallow this grant when requested.
 	if !p.AllowPasswordGrant {
-		return nil, fmt.Errorf("resource owner password grant is not allowed for this upstream provider according to its configuration")
+		return nil, fmt.Errorf("resource owner password credentials grant is not allowed for this upstream provider according to its configuration")
 	}

 	// Note that this implicitly uses the scopes from p.Config.Scopes.
--- a/internal/upstreamoidc/upstreamoidc_test.go
+++ b/internal/upstreamoidc/upstreamoidc_test.go
@@ -147,7 +147,7 @@ func TestProviderConfig(t *testing.T) {
 			{
 				name:                  "password grant not allowed",
 				disallowPasswordGrant: true, // password grant is not allowed in this ProviderConfig
-				wantErr:               "resource owner password grant is not allowed for this upstream provider according to its configuration",
+				wantErr:               "resource owner password credentials grant is not allowed for this upstream provider according to its configuration",
 			},
 			{
 				name:            "token request fails with http error",