refactor: move OAuth2 provider code to dedicated package (#18746)

# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
2025-07-09 11:45:56 +00:00 · 2025-07-03 20:24:45 +02:00
parent 7fbb3ced5b
commit c65013384a
17 changed files with 1095 additions and 981 deletions
--- a/coderd/oauth2provider/oauth2providertest/fixtures.go
+++ b/coderd/oauth2provider/oauth2providertest/fixtures.go
@ -0,0 +1,41 @@
+package oauth2providertest
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+)
+
+// Test constants for OAuth2 testing
+const (
+	// TestRedirectURI is the standard test redirect URI
+	TestRedirectURI = "http://localhost:9876/callback"
+
+	// TestResourceURI is used for testing resource parameter
+	TestResourceURI = "https://api.example.com"
+
+	// Invalid PKCE verifier for negative testing
+	InvalidCodeVerifier = "wrong-verifier"
+)
+
+// OAuth2ErrorTypes contains standard OAuth2 error codes
+var OAuth2ErrorTypes = struct {
+	InvalidRequest       string
+	InvalidClient        string
+	InvalidGrant         string
+	UnauthorizedClient   string
+	UnsupportedGrantType string
+	InvalidScope         string
+}{
+	InvalidRequest:       "invalid_request",
+	InvalidClient:        "invalid_client",
+	InvalidGrant:         "invalid_grant",
+	UnauthorizedClient:   "unauthorized_client",
+	UnsupportedGrantType: "unsupported_grant_type",
+	InvalidScope:         "invalid_scope",
+}
+
+// GenerateCodeChallenge creates an S256 code challenge from a verifier
+func GenerateCodeChallenge(verifier string) string {
+	h := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(h[:])
+}