refactor(oauth2): remove dead feature flag check from server.go

The feature flag check in the else branch of server.go is dead code since serve.go always sets a default AllowedGrantTypes list. Move the gate entirely to cmd/dex/serve.go and remove the unused featureflags import. Restore server_test.go to match server.go behavior directly. Signed-off-by: Mathias Gebbe <mathias.gebbe@gmail.com>
3 weeks ago · 2f3c5a5314
2 changed files with 18 additions and 34 deletions
--- a/server/server.go
+++ b/server/server.go
@ -44,7 +44,6 @@ import (
 	"github.com/dexidp/dex/connector/oidc"
 	"github.com/dexidp/dex/connector/openshift"
 	"github.com/dexidp/dex/connector/saml"
-	"github.com/dexidp/dex/pkg/featureflags"
 	"github.com/dexidp/dex/server/signer"
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/web"
@ -266,9 +265,6 @@ func newServer(ctx context.Context, c Config) (*Server, error) {
 		}
 	} else {
 		for grant := range allSupportedGrants {
-			if grant == grantTypeClientCredentials && !featureflags.ClientCredentialGrantEnabledByDefault.Enabled() {
-				continue
-			}
 			supportedGrants = append(supportedGrants, grant)
 		}
 	}
--- a/server/server_test.go
+++ b/server/server_test.go
@ -1773,11 +1773,9 @@ func TestServerSupportedGrants(t *testing.T) {
 		resGrants []string
 	}{
 		{
-			name: "Simple",
-			config: func(c *Config) {
-				c.AllowedGrantTypes = nil
-			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
+			name:      "Simple",
+			config:    func(c *Config) {},
+			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
 		},
 		{
 			name:      "Minimal",
@ -1787,46 +1785,36 @@ func TestServerSupportedGrants(t *testing.T) {
 		{
 			name: "With password connector",
 			config: func(c *Config) {
-				c.AllowedGrantTypes = nil
 				c.PasswordConnector = "local"
 			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
+			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
 		},
 		{
-			name: "With token response",
+			name: "Without client credentials",
 			config: func(c *Config) {
-				c.AllowedGrantTypes = nil
-				c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken)
+				c.AllowedGrantTypes = []string{
+					grantTypeAuthorizationCode,
+					grantTypeRefreshToken,
+					grantTypeDeviceCode,
+					grantTypeTokenExchange,
+				}
 			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
+			resGrants: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
 		},
 		{
-			name: "All without feature flag",
+			name: "With token response",
 			config: func(c *Config) {
-				c.AllowedGrantTypes = nil
-				c.PasswordConnector = "local"
 				c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken)
 			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
-		},
-		{
-			name: "With client credentials feature flag",
-			config: func(c *Config) {
-				c.AllowedGrantTypes = nil
-				t.Setenv("DEX_CLIENT_CREDENTIAL_GRANT_ENABLED_BY_DEFAULT", "true")
-			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
+			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
 		},
 		{
-			name: "Explicit client credentials in AllowedGrantTypes",
+			name: "All",
 			config: func(c *Config) {
-				c.AllowedGrantTypes = []string{
-					grantTypeAuthorizationCode,
-					grantTypeClientCredentials,
-					grantTypeRefreshToken,
-				}
+				c.PasswordConnector = "local"
+				c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken)
 			},
-			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeRefreshToken},
+			resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeTokenExchange},
 		},
 	}