Fix: Grant Types as List of Strings (#43)

* fix: grant types as list of strings * added function steps to validate input * fixed Values func * created new validation functions * fixed linter * updated docs * formatted tfsdk * make not-equal operator consistent
descope · Dec 17, 2024 · a35934b · a35934b
1 parent 82a3e2b
commit a35934b
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 23 deletions.
diff --git a/docs/raw/authentication/oauth.md b/docs/raw/authentication/oauth.md
@@ -215,9 +215,9 @@ The URL of the logo associated with the OAuth provider.
 grant_type
 ----------
 
-- Type: `string` 
+- Type: `list` of `string` 
 
-The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens
+The type of grants (`authorization_code` or `implicit`) to use when requesting access tokens
 from the OAuth provider.
 
 

diff --git a/docs/resources/project.md b/docs/resources/project.md
@@ -317,7 +317,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -364,7 +364,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -396,7 +396,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -428,7 +428,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -460,7 +460,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -492,7 +492,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -524,7 +524,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -556,7 +556,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -588,7 +588,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.
@@ -620,7 +620,7 @@ Optional:
 - `client_secret` (String, Sensitive) The client secret for the OAuth provider, used to authenticate the application with the provider.
 - `description` (String) A brief description of the OAuth provider.
 - `disabled` (Boolean) Setting this to `true` will disallow using this authentication method directly via API and SDK calls. Note that this does not affect authentication flows that are configured to use this authentication method.
-- `grant_type` (String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
+- `grant_type` (List of String) The type of grant (`authorization_code` or `implicit`) to use when requesting access tokens from the OAuth provider.
 - `issuer` (String)
 - `jwks_endpoint` (String) The URL where the application can retrieve JSON Web Key Sets (JWKS) for the OAuth provider.
 - `logo` (String) The URL of the logo associated with the OAuth provider.

diff --git a/internal/docs/docs.go b/internal/docs/docs.go
diff --git a/internal/models/authentication/oauth.go b/internal/models/authentication/oauth.go
@@ -88,9 +88,18 @@ func (m *OAuthModel) Validate(h *helpers.Handler) {
 	}
 }
 
-func ensureRequiredCustomProviderField(h *helpers.Handler, field types.String, fieldKey, name string) {
-	if field.ValueString() == "" {
-		h.Error(fmt.Sprintf("Custom provider must set their %s", fieldKey), "no %s found for custom provider %s", fieldKey, name)
+func ensureRequiredCustomProviderField(h *helpers.Handler, field any, fieldKey, name string) {
+	switch v := field.(type) {
+	case types.String:
+		if v.ValueString() == "" {
+			h.Error(fmt.Sprintf("Custom provider must set their %s", fieldKey), "no %s found for custom provider %s", fieldKey, name)
+		}
+	case []string:
+		if len(v) == 0 {
+			h.Error(fmt.Sprintf("Custom provider must set their %s", fieldKey), "no %s found for custom provider %s", fieldKey, name)
+		}
+	default:
+		h.Error(fmt.Sprintf("Invalid field type for %s", fieldKey), "unexpected type for field %s in custom provider %s", fieldKey, name)
 	}
 }
 
@@ -126,9 +135,21 @@ func validateSystemProvider(h *helpers.Handler, m *OAuthProviderModel, name stri
 	}
 }
 
-func ensureNoCustomProviderFields(h *helpers.Handler, field types.String, fieldKey, name string) {
-	if !field.IsUnknown() && !field.IsNull() {
-		h.Error(fmt.Sprintf("The %s field is reserved for custom providers", fieldKey), "%s is a system provider and cannot specify %s reserved for custom provider", name, fieldKey)
+func ensureNoCustomProviderFields(h *helpers.Handler, field any, fieldKey, name string) {
+	switch v := field.(type) {
+	case types.String:
+		if v.ValueString() != "" {
+			h.Error(fmt.Sprintf("The %s field is reserved for custom providers", fieldKey),
+				"%s is a system provider and cannot specify %s reserved for custom provider", name, fieldKey)
+		}
+	case []string:
+		if len(v) > 0 {
+			h.Error(fmt.Sprintf("The %s field is reserved for custom providers", fieldKey),
+				"%s is a system provider and cannot specify %s reserved for custom provider", name, fieldKey)
+		}
+	default:
+		h.Error(fmt.Sprintf("Invalid field type for %s", fieldKey),
+			"unexpected type for field %s in system provider %s", fieldKey, name)
 	}
 }
 
@@ -218,7 +239,7 @@ var OAuthProviderAttributes = map[string]schema.Attribute{
 	// editable for custom only
 	"description":            stringattr.Optional(),
 	"logo":                   stringattr.Optional(),
-	"grant_type":             stringattr.Optional(stringvalidator.OneOf("authorization_code", "implicit")),
+	"grant_type":             strlistattr.Optional(listvalidator.ValueStringsAre(stringvalidator.OneOf("authorization_code", "implicit"))),
 	"issuer":                 stringattr.Optional(),
 	"authorization_endpoint": stringattr.Optional(),
 	"token_endpoint":         stringattr.Optional(),
@@ -237,7 +258,7 @@ type OAuthProviderModel struct {
 	MergeUserAccounts       types.Bool                         `tfsdk:"merge_user_accounts"`
 	Description             types.String                       `tfsdk:"description"`
 	Logo                    types.String                       `tfsdk:"logo"`
-	GrantType               types.String                       `tfsdk:"grant_type"`
+	GrantType               []string                           `tfsdk:"grant_type"`
 	Issuer                  types.String                       `tfsdk:"issuer"`
 	AuthorizationEndpoint   types.String                       `tfsdk:"authorization_endpoint"`
 	TokenEndpoint           types.String                       `tfsdk:"token_endpoint"`
@@ -268,7 +289,9 @@ func (m *OAuthProviderModel) Values(h *helpers.Handler) map[string]any {
 	boolattr.Get(m.MergeUserAccounts, data, "trustProvidedEmails")
 	stringattr.Get(m.Description, data, "description")
 	stringattr.Get(m.Logo, data, "logo")
-	stringattr.Get(m.GrantType, data, "grantType")
+	if len(m.GrantType) > 0 {
+		strlistattr.Get(m.GrantType, data, "grantType")
+	}
 	stringattr.Get(m.Issuer, data, "issuer")
 	stringattr.Get(m.AuthorizationEndpoint, data, "authUrl")
 	stringattr.Get(m.TokenEndpoint, data, "tokenUrl")
@@ -304,7 +327,7 @@ func (m *OAuthProviderModel) SetValues(h *helpers.Handler, data map[string]any)
 	boolattr.Set(&m.MergeUserAccounts, data, "trustProvidedEmails")
 	stringattr.Set(&m.Description, data, "description")
 	stringattr.Set(&m.Logo, data, "logo")
-	stringattr.Set(&m.GrantType, data, "grantType")
+	m.GrantType = helpers.AnySliceToStringSlice(data, "grantType")
 	stringattr.Set(&m.Issuer, data, "issuer")
 	stringattr.Set(&m.AuthorizationEndpoint, data, "authUrl")
 	stringattr.Set(&m.TokenEndpoint, data, "tokenUrl")