GH-872: Add auth method defaults on client creation (#878)

Add auth method defaults on client creation
auth0 · Nov 9, 2023 · 3f67c52 · 3f67c52
1 parent 0ebbe3f
commit 3f67c52
Show file tree

Hide file tree

Showing 5 changed files with 1,263 additions and 498 deletions.
diff --git a/internal/auth0/client/expand.go b/internal/auth0/client/expand.go
@@ -1,8 +1,6 @@
 package client
 
 import (
-	"slices"
-
 	"github.com/auth0/go-auth0"
 	"github.com/auth0/go-auth0/management"
 	"github.com/hashicorp/go-cty/cty"
@@ -54,8 +52,13 @@ func expandClient(data *schema.ResourceData) *management.Client {
 		client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
 	}
 
-	if data.IsNewResource() && slices.Contains(client.GetGrantTypes(), "urn:ietf:params:oauth:grant-type:device_code") {
-		client.TokenEndpointAuthMethod = auth0.String("none")
+	if data.IsNewResource() {
+		switch client.GetAppType() {
+		case "native", "spa":
+			client.TokenEndpointAuthMethod = auth0.String("none")
+		case "regular_web", "non_interactive":
+			client.TokenEndpointAuthMethod = auth0.String("client_secret_post")
+		}
 	}
 
 	return client

diff --git a/internal/auth0/client/resource_test.go b/internal/auth0/client/resource_test.go
@@ -2100,115 +2100,161 @@ func TestAccClientMetadataBehavior(t *testing.T) {
 }
 
 const testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue = `
-resource "auth0_client" "my_client" {
+resource "auth0_client" "my_client_ip_header" {
   name = "Test IP Header Trusted - {{.testName}}"
 
   is_token_endpoint_ip_header_trusted = true
 }
 `
 
 const testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate = `
-resource "auth0_client" "my_client" {
+resource "auth0_client" "my_client_ip_header" {
   name = "Test IP Header Trusted - {{.testName}}"
 
   is_token_endpoint_ip_header_trusted = true
 }
 
-resource "auth0_client_credentials" "my_client_credentials" {
-  client_id = auth0_client.my_client.id
+resource "auth0_client_credentials" "my_client_ip_header_credentials" {
+  client_id = auth0_client.my_client_ip_header.id
 
   authentication_method = "client_secret_post"
 }
 `
 
-func TestAccClientGetsCreatedWithIsTokenEndpointIPHeaderTrustedEnabled(t *testing.T) {
-	acctest.Test(t, resource.TestCase{
-		Steps: []resource.TestStep{
-			{
-				Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
-				),
-			},
-			{
-				Config:       acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
-				ResourceName: "auth0_client_credentials.my_client_credentials",
-				ImportState:  true,
-				ImportStateIdFunc: func(state *terraform.State) (string, error) {
-					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
-					assert.NoError(t, err)
-					return clientID, nil
-				},
-				ImportStatePersist: true,
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "is_token_endpoint_ip_header_trusted", "true"),
-					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
-					resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "client_secret_post"),
-				),
-			},
-		},
-	})
-}
-
-const testAccCreateClientWithDeviceCodeGrant = `
-resource "auth0_client" "my_client" {
+const testAccCreateNativeClientDefault = `
+resource "auth0_client" "my_native_client" {
 	name            = "Test Device Code Grant - {{.testName}}"
 	app_type        = "native"
 	grant_types     = ["urn:ietf:params:oauth:grant-type:device_code"]
 	oidc_conformant = true
 }
 `
 
-const testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate = `
-resource "auth0_client" "my_client" {
+const testAccImportClientCredentialsForNativeClientDefault = `
+resource "auth0_client" "my_native_client" {
 	name            = "Test Device Code Grant - {{.testName}}"
 	app_type        = "native"
 	grant_types     = ["urn:ietf:params:oauth:grant-type:device_code"]
 	oidc_conformant = true
 }
 
-resource "auth0_client_credentials" "my_client_credentials" {
-  client_id = auth0_client.my_client.id
+resource "auth0_client_credentials" "my_native_client_credentials" {
+  client_id = auth0_client.my_native_client.id
 
   authentication_method = "none"
 }
 `
 
-func TestAccClientGetsCreatedWithDeviceCodeGrant(t *testing.T) {
+const testAccCreateRegularWebAppClientDefault = `
+resource "auth0_client" "my_rwa_client" {
+	name            = "Test Regular Web Defaults - {{.testName}}"
+	app_type        = "regular_web"
+}
+`
+
+const testAccImportClientCredentialsForRegularWebAppClientDefault = `
+resource "auth0_client" "my_rwa_client" {
+	name            = "Test Regular Web Defaults - {{.testName}}"
+	app_type        = "regular_web"
+}
+
+resource "auth0_client_credentials" "my_rwa_client_credentials" {
+  client_id = auth0_client.my_rwa_client.id
+
+  authentication_method = "client_secret_post"
+}
+`
+
+func TestAccClientCanSetDefaultAuthMethodOnCreate(t *testing.T) {
 	acctest.Test(t, resource.TestCase{
 		Steps: []resource.TestStep{
 			{
-				Config: acctest.ParseTestName(testAccCreateClientWithDeviceCodeGrant, t.Name()),
+				Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
+					resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
 				),
 			},
 			{
-				Config:       acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsDeviceCodeGrantOnCreate, t.Name()),
-				ResourceName: "auth0_client_credentials.my_client_credentials",
+				Config:       acctest.ParseTestName(testAccImportClientCredentialsForClientWithIsTokenEndpointIPHeaderTrustedSetToTrueOnCreate, t.Name()),
+				ResourceName: "auth0_client_credentials.my_client_ip_header_credentials",
 				ImportState:  true,
 				ImportStateIdFunc: func(state *terraform.State) (string, error) {
-					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client", "id")
+					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_client_ip_header", "id")
 					assert.NoError(t, err)
 					return clientID, nil
 				},
 				ImportStatePersist: true,
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "app_type", "native"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "oidc_conformant", "true"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.#", "1"),
-					resource.TestCheckResourceAttr("auth0_client.my_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
-					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_credentials", "client_id", "auth0_client.my_client", "id"),
-					resource.TestCheckResourceAttr("auth0_client_credentials.my_client_credentials", "authentication_method", "none"),
+					resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "name", fmt.Sprintf("Test IP Header Trusted - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_client_ip_header", "is_token_endpoint_ip_header_trusted", "true"),
+					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_client_ip_header_credentials", "client_id", "auth0_client.my_client_ip_header", "id"),
+					resource.TestCheckResourceAttr("auth0_client_credentials.my_client_ip_header_credentials", "authentication_method", "client_secret_post"),
+				),
+			},
+			{
+				Config: acctest.ParseTestName(testAccCreateClientWithIsTokenEndpointIPHeaderTrustedSetToTrue, t.Name()), // Needed to reset the testing framework after the import state.
+			},
+			{
+				Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
+				),
+			},
+			{
+				Config:       acctest.ParseTestName(testAccImportClientCredentialsForNativeClientDefault, t.Name()),
+				ResourceName: "auth0_client_credentials.my_native_client_credentials",
+				ImportState:  true,
+				ImportStateIdFunc: func(state *terraform.State) (string, error) {
+					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_native_client", "id")
+					assert.NoError(t, err)
+					return clientID, nil
+				},
+				ImportStatePersist: true,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "name", fmt.Sprintf("Test Device Code Grant - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "app_type", "native"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "oidc_conformant", "true"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client.my_native_client", "grant_types.0", "urn:ietf:params:oauth:grant-type:device_code"),
+					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_native_client_credentials", "client_id", "auth0_client.my_native_client", "id"),
+					resource.TestCheckResourceAttr("auth0_client_credentials.my_native_client_credentials", "authentication_method", "none"),
+				),
+			},
+			{
+				Config: acctest.ParseTestName(testAccCreateNativeClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
+			},
+			{
+				Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
 				),
 			},
+			{
+				Config:       acctest.ParseTestName(testAccImportClientCredentialsForRegularWebAppClientDefault, t.Name()),
+				ResourceName: "auth0_client_credentials.my_rwa_client_credentials",
+				ImportState:  true,
+				ImportStateIdFunc: func(state *terraform.State) (string, error) {
+					clientID, err := acctest.ExtractResourceAttributeFromState(state, "auth0_client.my_rwa_client", "id")
+					assert.NoError(t, err)
+					return clientID, nil
+				},
+				ImportStatePersist: true,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "name", fmt.Sprintf("Test Regular Web Defaults - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_rwa_client", "app_type", "regular_web"),
+					resource.TestCheckTypeSetElemAttrPair("auth0_client_credentials.my_rwa_client_credentials", "client_id", "auth0_client.my_rwa_client", "id"),
+					resource.TestCheckResourceAttr("auth0_client_credentials.my_rwa_client_credentials", "authentication_method", "client_secret_post"),
+				),
+			},
+			{
+				Config: acctest.ParseTestName(testAccCreateRegularWebAppClientDefault, t.Name()), // Needed to reset the testing framework after the import state.
+			},
 		},
 	})
 }