updates

chanzuckerberg · Dec 17, 2024 · 867c81c · 867c81c
1 parent b4901ba
commit 867c81c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 18 deletions.
diff --git a/oidc_cli/aws_sts.go b/oidc_cli/aws_sts.go
@@ -71,7 +71,7 @@ func (tf *tokenFetcher) fetchFullToken(ctx context.Context) (*client.Token, erro
 	tf.mu.Lock()
 	defer tf.mu.Unlock()
 
-	return oidc_impl.GetToken(ctx, tf.conf.OIDCClientID, tf.conf.OIDCIssuerURL, []string{})
+	return oidc_impl.GetToken(ctx, tf.conf.OIDCClientID, tf.conf.OIDCIssuerURL)
 }
 
 func (tf *tokenFetcher) FetchToken(ctx context.Context) ([]byte, error) {

diff --git a/oidc_cli/oidc_impl/client/client.go b/oidc_cli/oidc_impl/client/client.go
@@ -19,7 +19,7 @@ import (
 // Client is an oauth client
 type Client struct {
 	provider    *oidc.Provider
-	oauthConfig *oauth2.Config
+	OauthConfig *oauth2.Config
 	verifier    *oidc.IDTokenVerifier
 	server      *server
 
@@ -36,7 +36,7 @@ type Config struct {
 }
 
 // NewClient returns a new client
-func NewClient(ctx context.Context, config *Config, scopes []string, clientOptions ...Option) (*Client, error) {
+func NewClient(ctx context.Context, config *Config, clientOptions ...Option) (*Client, error) {
 	provider, err := oidc.NewProvider(ctx, config.IssuerURL)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not create oidc provider")
@@ -47,22 +47,11 @@ func NewClient(ctx context.Context, config *Config, scopes []string, clientOptio
 		return nil, err
 	}
 
-	oauth_scopes := []string{
-		oidc.ScopeOpenID,
-		oidc.ScopeOfflineAccess,
-		"email",
-		"groups",
-	}
-
-	if len(scopes) > 0 {
-		oauth_scopes = scopes
-	}
-
 	oauthConfig := &oauth2.Config{
 		ClientID:    config.ClientID,
 		RedirectURL: fmt.Sprintf("http://localhost:%d", server.GetBoundPort()),
 		Endpoint:    provider.Endpoint(),
-		Scopes:      oauth_scopes,
+		Scopes:      []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "email", "groups"},
 	}
 
 	oidcConfig := &oidc.Config{
@@ -74,7 +63,7 @@ func NewClient(ctx context.Context, config *Config, scopes []string, clientOptio
 	clientConfig := &Client{
 		provider:    provider,
 		verifier:    verifier,
-		oauthConfig: oauthConfig,
+		OauthConfig: oauthConfig,
 
 		server: server,
 		customMessages: map[oidcStatus]string{

diff --git a/oidc_cli/oidc_impl/token_getter.go b/oidc_cli/oidc_impl/token_getter.go
@@ -17,7 +17,7 @@ const (
 
 // GetToken gets an oidc token.
 // It handles caching with a default cache and keyring storage.
-func GetToken(ctx context.Context, clientID string, issuerURL string, scopes []string, clientOptions ...client.Option) (*client.Token, error) {
+func GetToken(ctx context.Context, clientID string, issuerURL string, clientOptions ...client.Option) (*client.Token, error) {
 	fileLock, err := pidlock.NewLock(lockFilePath)
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to create lock")
@@ -34,7 +34,7 @@ func GetToken(ctx context.Context, clientID string, issuerURL string, scopes []s
 		},
 	}
 
-	c, err := client.NewClient(ctx, conf, scopes, clientOptions...)
+	c, err := client.NewClient(ctx, conf, clientOptions...)
 	if err != nil {
 		return nil, errors.Wrap(err, "Unable to create client")
 	}