diff --git a/connector/atlassiancrowd/atlassiancrowd.go b/connector/atlassiancrowd/atlassiancrowd.go index d3683284..ca922147 100644 --- a/connector/atlassiancrowd/atlassiancrowd.go +++ b/connector/atlassiancrowd/atlassiancrowd.go @@ -87,16 +87,16 @@ func (c *Config) Open(id string, logger *slog.Logger) (connector.Connector, erro return &crowdConnector{Config: *c, logger: logger.With(slog.Group("connector", "type", "atlassiancrowd", "id", id))}, nil } -type crowdConnector struct { - Config - logger *slog.Logger -} - var ( _ connector.PasswordConnector = (*crowdConnector)(nil) _ connector.RefreshConnector = (*crowdConnector)(nil) ) +type crowdConnector struct { + Config + logger *slog.Logger +} + type refreshData struct { Username string `json:"username"` } diff --git a/connector/authproxy/authproxy.go b/connector/authproxy/authproxy.go index 3fe451b2..5756a0d4 100644 --- a/connector/authproxy/authproxy.go +++ b/connector/authproxy/authproxy.go @@ -68,6 +68,8 @@ func (c *Config) Open(id string, logger *slog.Logger) (connector.Connector, erro }, nil } +var _ connector.CallbackConnector = (*callback)(nil) + // Callback is a connector which returns an identity with the HTTP header // X-Remote-User as verified email. type callback struct { diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index cdfdb558..7d3084b2 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -15,6 +15,11 @@ import ( "github.com/dexidp/dex/connector" ) +var ( + _ connector.PasswordConnector = (*conn)(nil) + _ connector.RefreshConnector = (*conn)(nil) +) + type conn struct { Domain domainKeystone Host string @@ -103,11 +108,6 @@ type userResponse struct { } `json:"user"` } -var ( - _ connector.PasswordConnector = &conn{} - _ connector.RefreshConnector = &conn{} -) - // Open returns an authentication strategy using Keystone. func (c *Config) Open(id string, logger *slog.Logger) (connector.Connector, error) { _, err := uuid.Parse(c.Domain) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 9ac993c4..4cb7180e 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -301,6 +301,11 @@ func (c *Config) openConnector(logger *slog.Logger) (*ldapConnector, error) { return &ldapConnector{*c, userSearchScope, groupSearchScope, tlsConfig, logger}, nil } +var ( + _ connector.PasswordConnector = (*ldapConnector)(nil) + _ connector.RefreshConnector = (*ldapConnector)(nil) +) + type ldapConnector struct { Config @@ -312,11 +317,6 @@ type ldapConnector struct { logger *slog.Logger } -var ( - _ connector.PasswordConnector = (*ldapConnector)(nil) - _ connector.RefreshConnector = (*ldapConnector)(nil) -) - // do initializes a connection to the LDAP directory and passes it to the // provided function. It then performs appropriate teardown or reuse before // returning. diff --git a/connector/linkedin/linkedin.go b/connector/linkedin/linkedin.go index 0c24ff47..32e33aea 100644 --- a/connector/linkedin/linkedin.go +++ b/connector/linkedin/linkedin.go @@ -49,18 +49,16 @@ type connectorData struct { AccessToken string `json:"accessToken"` } -type linkedInConnector struct { - oauth2Config *oauth2.Config - logger *slog.Logger -} - -// LinkedIn doesn't provide refresh tokens, so refresh tokens issued by Dex -// will expire in 60 days (default LinkedIn token lifetime). var ( _ connector.CallbackConnector = (*linkedInConnector)(nil) _ connector.RefreshConnector = (*linkedInConnector)(nil) ) +type linkedInConnector struct { + oauth2Config *oauth2.Config + logger *slog.Logger +} + // LoginURL returns an access token request URL func (c *linkedInConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, []byte, error) { if c.oauth2Config.RedirectURL != callbackURL { diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go index be44bfd1..4d9e9e27 100644 --- a/connector/mock/connectortest.go +++ b/connector/mock/connectortest.go @@ -29,10 +29,9 @@ func NewCallbackConnector(logger *slog.Logger) connector.Connector { } var ( - _ connector.CallbackConnector = &Callback{} - - _ connector.PasswordConnector = passwordConnector{} - _ connector.RefreshConnector = passwordConnector{} + _ connector.CallbackConnector = &Callback{} + _ connector.RefreshConnector = &Callback{} + _ connector.TokenIdentityConnector = &Callback{} ) // Callback is a connector that requires no user interaction and always returns the same identity. @@ -97,6 +96,11 @@ func (c *PasswordConfig) Open(id string, logger *slog.Logger) (connector.Connect return &passwordConnector{c.Username, c.Password, logger}, nil } +var ( + _ connector.PasswordConnector = passwordConnector{} + _ connector.RefreshConnector = passwordConnector{} +) + type passwordConnector struct { username string password string diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index 7661a9f8..2ae13a69 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -16,6 +16,8 @@ import ( "github.com/dexidp/dex/pkg/httpclient" ) +var _ connector.CallbackConnector = (*oauthConnector)(nil) + type oauthConnector struct { clientID string clientSecret string diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 879d82d7..8e1fe724 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -379,8 +379,9 @@ func (c *Config) Open(id string, logger *slog.Logger) (conn connector.Connector, } var ( - _ connector.CallbackConnector = (*oidcConnector)(nil) - _ connector.RefreshConnector = (*oidcConnector)(nil) + _ connector.CallbackConnector = (*oidcConnector)(nil) + _ connector.RefreshConnector = (*oidcConnector)(nil) + _ connector.TokenIdentityConnector = (*oidcConnector)(nil) ) type oidcConnector struct { diff --git a/connector/saml/saml.go b/connector/saml/saml.go index b2e7d9b4..8ef434b6 100644 --- a/connector/saml/saml.go +++ b/connector/saml/saml.go @@ -232,6 +232,11 @@ func (c *Config) openConnector(logger *slog.Logger) (*provider, error) { return p, nil } +var ( + _ connector.SAMLConnector = (*provider)(nil) + _ connector.RefreshConnector = (*provider)(nil) +) + type provider struct { entityIssuer string ssoIssuer string @@ -257,9 +262,6 @@ type provider struct { logger *slog.Logger } -// Compile-time check that provider implements RefreshConnector -var _ connector.RefreshConnector = (*provider)(nil) - // cachedIdentity stores the identity from SAML assertion for refresh token support. // Since SAML has no native refresh mechanism, we cache the identity obtained during // the initial authentication and return it on subsequent refresh requests.