feat: export token expired error #342
Conversation
|
Hey @crenshaw-dev, I don't want to export every possible error. If you've got a specific use case where a typed error would be helpful (e.g. specific HTTP status codes from the provider), happy to add that. Do you have an example of what you're trying to do? Also, some of these errors arguably shouldn't be used problematically, since they're hit before we validate the signature check on the ID token. Eric |
|
@ericchiang there are two current use cases in Argo CD:
It's possible that test shouldn't exist. But I think the expired example is a reasonable use case. Would you be interested in a PR that only exports that error? |
|
I think a token expired error would be reasonable to add! That second test probably shouldn't be necessary? Just make sure your RS512 token doesn't return an error. So sounds like the API we'd want to add it (nit: exported error variables generally start with "Err", and error types end with "Error" https://pkg.go.dev/io#pkg-variables, https://pkg.go.dev/net#AddrError) Kinda a tangent, but I've also been thinking about having an oidctest package that would let you stand up a httptest provider with some basic configuration. Maybe that would be helpful too. |
Yeeeeah that would be proper. I was lazy and didn't want to have to set up a full mock OIDC provider. Maybe that would be easier than I assumed.
Good catch, will fix!
Yep, that would make some other tests I'm working on a lot easier I think! Maybe I can put some Intuit time towards that eventually. Updating the PR to be more minimal! |
crenshaw-dev
force-pushed
the
enable-error-is-for-verify
branch
from
f6ea9a9
to
bfb5c21
Compare
crenshaw-dev
changed the title
crenshaw-dev
force-pushed
the
enable-error-is-for-verify
branch
3 times, most recently
from
6f6a8a2
to
fb92e10
Compare
oidc/verify_test.go
Outdated
| @@ -12,6 +13,9 @@ import ( | |||
| "time" | |||
| ) | |||
|
|
|||
| // anyError is a fake error to match any error returned in a test. | |||
| var anyError = errors.New("") | |||
There was a problem hiding this comment.
This may or may not be the proper way to do this. lmk
There was a problem hiding this comment.
Add a new field and use that instead?
type verificationTest struct {
wantErr bool
wantErrIs error
}
|
@ericchiang ready for another look |
crenshaw-dev
force-pushed
the
enable-error-is-for-verify
branch
from
fb92e10
to
d168187
Compare
oidc/verify_test.go
Outdated
| @@ -12,6 +13,9 @@ import ( | |||
| "time" | |||
| ) | |||
|
|
|||
| // anyError is a fake error to match any error returned in a test. | |||
| var anyError = errors.New("") | |||
There was a problem hiding this comment.
Add a new field and use that instead?
type verificationTest struct {
wantErr bool
wantErrIs error
}
d168187
to
61adc6b
Compare
try to match style follow naming convention tests revert import change match format naming convention test errors.As instead of errors.Is
crenshaw-dev
force-pushed
the
enable-error-is-for-verify
branch
from
61adc6b
to
cefe5cc
Compare
|
@ericchiang updated |
|
thanks! |
Relates to #327
This allows
errors.Ischecking while preserving the exact same error messages for those who are doing string comparison.Preserving the exact same strings means some of the error messages (without context) look a little weird. But I think it's a reasonable tradeoff until it's time for another major version bump.
This PR would let me write unit tests in Argo CD without worrying that a change in go-oidc will break my string comparison checks.