Allow creating native apps with device code grant

auth0 · Sep 15, 2023 · f86623c · f86623c
1 parent f666fdb
commit f86623c
Show file tree

Hide file tree

Showing 3 changed files with 285 additions and 0 deletions.
diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go
@@ -1,6 +1,8 @@
 package client
 
 import (
+	"slices"
+
 	"github.com/auth0/go-auth0"
 	"github.com/auth0/go-auth0/management"
 	"github.com/hashicorp/go-cty/cty"
@@ -52,6 +54,10 @@ func expandClient(data *schema.ResourceData) *management.Client {
 		client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
 	}
 
+	if data.IsNewResource() && slices.Contains(client.GetGrantTypes(), "urn:ietf:params:oauth:grant-type:device_code") {
+		client.TokenEndpointAuthMethod = auth0.String("none")
+	}
+
 	return client
 }
 

diff --git a/internal/auth0/client/resource_test.go b/internal/auth0/client/resource_test.go
@@ -2151,3 +2151,64 @@ func TestAccClientGetsCreatedWithIsTokenEndpointIPHeaderTrustedEnabled(t *testin
 		},
 	})
 }
+
+const testAccCreateClientWithDeviceCodeGrant = `
+resource "auth0_client" "my_client" {
+	name            = "Test Device Code Grant - {{.testName}}"
+	app_type        = "native"
+	grant_types     = ["urn:ietf:params:oauth:grant-type:device_code"]
+	oidc_conformant = true
+}
+`
+
+const testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate = `
+resource "auth0_client" "my_client" {
+	name            = "Test Device Code Grant - {{.testName}}"
+	app_type        = "native"
+	grant_types     = ["urn:ietf:params:oauth:grant-type:device_code"]
+	oidc_conformant = true
+}
+
+resource "auth0_client_credentials" "my_client_credentials" {
+  client_id = auth0_client.my_client.id
+
+  authentication_method = "none"
+}
+`
+
+func TestAccClientGetsCreatedWithDeviceCodeGrant(t *testing.T) {
+	acctest.Test(t, resource.TestCase{
+		Steps: []resource.TestStep{
+			{
+				Config: acctest.ParseTestName(testAccCreateClientWithDeviceCodeGrant, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
+				),
+			},
+			{
+				Config:       acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate, t.Name()),
+				ResourceName: "auth0_client_credentials.my_client_credentials",
+				ImportState:  true,
+				ImportStateIdFunc: func(state *terraform.State) (string, error) {
+					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
+					assert.NoError(t, err)
+					return clientID, nil
+				},
+				ImportStatePersist: true,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
+					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
+					resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "none"),
+				),
+			},
+		},
+	})
+}
diff --git a/test/data/recordings/TestAccClientGetsCreatedWithDeviceCodeGrant.yaml b/test/data/recordings/TestAccClientGetsCreatedWithDeviceCodeGrant.yaml
@@ -0,0 +1,218 @@
+---
+version: 2
+interactions:
+    - id: 0
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 222
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            {"name":"Test Device Code Grant - TestAccClientGetsCreatedWithDeviceCodeGrant","app_type":"native","oidc_conformant":true,"grant_types":["urn:ietf:params:oauth:grant-type:device_code"],"token_endpoint_auth_method":"none"}
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients
+        method: POST
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: false
+        body: '{"name":"Test Device Code Grant - TestAccClientGetsCreatedWithDeviceCodeGrant","client_id":"EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx","client_secret":"[REDACTED]","app_type":"native","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":true,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["urn:ietf:params:oauth:grant-type:device_code"],"custom_login_page_on":true,"token_endpoint_auth_method":"none","refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 201 Created
+        code: 201
+        duration: 427.708333ms
+    - id: 1
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 5
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            null
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx
+        method: GET
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: true
+        body: '{"name":"Test Device Code Grant - TestAccClientGetsCreatedWithDeviceCodeGrant","client_id":"EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx","client_secret":"[REDACTED]","app_type":"native","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":true,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["urn:ietf:params:oauth:grant-type:device_code"],"custom_login_page_on":true,"token_endpoint_auth_method":"none","refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 200 OK
+        code: 200
+        duration: 136.421ms
+    - id: 2
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 5
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            null
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx
+        method: GET
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: true
+        body: '{"name":"Test Device Code Grant - TestAccClientGetsCreatedWithDeviceCodeGrant","client_id":"EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx","client_secret":"[REDACTED]","app_type":"native","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":true,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["urn:ietf:params:oauth:grant-type:device_code"],"custom_login_page_on":true,"token_endpoint_auth_method":"none","refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 200 OK
+        code: 200
+        duration: 176.893959ms
+    - id: 3
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 5
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            null
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx
+        method: GET
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: true
+        body: '{"name":"Test Device Code Grant - TestAccClientGetsCreatedWithDeviceCodeGrant","client_id":"EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx","client_secret":"[REDACTED]","app_type":"native","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":true,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["urn:ietf:params:oauth:grant-type:device_code"],"custom_login_page_on":true,"token_endpoint_auth_method":"none","refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000}}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 200 OK
+        code: 200
+        duration: 96.84475ms
+    - id: 4
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 5
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            null
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx?fields=client_id%2Capp_type&include_fields=true
+        method: GET
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: true
+        body: '{"statusCode":404,"error":"Not Found","message":"The client does not exist","errorCode":"inexistent_client"}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 404 Not Found
+        code: 404
+        duration: 223.971084ms
+    - id: 5
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 0
+        transfer_encoding: []
+        trailer: {}
+        host: terraform-provider-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: ""
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.1.0
+        url: https://terraform-provider-auth0-dev.eu.auth0.com/api/v2/clients/EuJCoubJs2Tg2jg9iIsRmEJGSQpV7ilx
+        method: DELETE
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: 0
+        uncompressed: false
+        body: ""
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 204 No Content
+        code: 204
+        duration: 224.244208ms