fix: handle token hook auth config (#3677)

* fix: handle token hook auth config

* fix: bump golangci-lint

---------

Co-authored-by: Arne Luenser <arne.luenser@ory.sh>

.github/workflows/ci.yaml

@@ -94,7 +94,7 @@ jobs:
           GOGC: 100
         with:
           args: --timeout 10m0s
-          version: v1.53.2
+          version: v1.55.2
           skip-pkg-cache: true
       - name: Run go-acc (tests)
         run: |

Makefile

@@ -5,7 +5,7 @@ export PATH 					:= .bin:${PATH}
 export PWD 						:= $(shell pwd)
 export IMAGE_TAG 			:= $(if $(IMAGE_TAG),$(IMAGE_TAG),latest)
 
-GOLANGCI_LINT_VERSION = 1.53.3
+GOLANGCI_LINT_VERSION = 1.55.2
 
 GO_DEPENDENCIES = github.com/ory/go-acc \
 				  github.com/golang/mock/mockgen \

driver/config/provider.go

@@ -5,7 +5,6 @@ package config
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -482,8 +481,13 @@ func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSou
 
 type (
 	Auth struct {
-		Type   string          `json:"type"`
-		Config json.RawMessage `json:"config"`
+		Type   string     `json:"type"`
+		Config AuthConfig `json:"config"`
+	}
+	AuthConfig struct {
+		In    string `json:"in"`
+		Name  string `json:"name"`
+		Value string `json:"value"`
 	}
 	HookConfig struct {
 		URL  string `json:"url"`

driver/config/provider_test.go

@@ -443,18 +443,25 @@ func TestHookConfigs(t *testing.T) {
 		require.NotNil(t, hc)
 		assert.EqualValues(t, "http://localhost:8080/hook", hc.URL)
 
-		c.MustSet(ctx, key, map[string]any{
-			"url": "http://localhost:8080/hook2",
-			"auth": map[string]any{
-				"type":   "api_key",
-				"config": json.RawMessage(`{"in":"header","name":"my-header","value":"my-value"}`),
-			},
-		})
+		c.MustSet(ctx, key, `
+{
+	"url": "http://localhost:8080/hook2",
+	"auth": {
+		"type": "api_key",
+		"config": {
+			"in": "header",
+			"name": "my-header",
+			"value": "my-value"
+		}
+	}
+}`)
 		hc = getFunc(ctx)
 		require.NotNil(t, hc)
 		assert.EqualValues(t, "http://localhost:8080/hook2", hc.URL)
 		assert.EqualValues(t, "api_key", hc.Auth.Type)
-		assert.JSONEq(t, `{"in":"header","name":"my-header","value":"my-value"}`, string(hc.Auth.Config))
+		rawConfig, err := json.Marshal(hc.Auth.Config)
+		require.NoError(t, err)
+		assert.JSONEq(t, `{"in":"header","name":"my-header","value":"my-value"}`, string(rawConfig))
 	}
 }
 

go.mod

@@ -37,7 +37,7 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/oleiade/reflections v1.0.1
 	github.com/ory/analytics-go/v5 v5.0.1
-	github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034
+	github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7
 	github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe
 	github.com/ory/graceful v0.1.3
 	github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88

go.sum

@@ -591,6 +591,8 @@ github.com/ory/fosite v0.44.1-0.20230807113540-d4605bb2b3a6 h1:pJLf9Gx4CfhE+M0lP
 github.com/ory/fosite v0.44.1-0.20230807113540-d4605bb2b3a6/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk=
 github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034 h1:0afOTtuICtxga4Ni/PLQwsr45I0jAzsYXg/MaCoXFQs=
 github.com/ory/fosite v0.44.1-0.20231213153202-0d631f345034/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk=
+github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7 h1:EZEUk9sdC9cIKSqXipBz4eO84byOLLeVUnptgX7QFvM=
+github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk=
 github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe h1:rvu4obdvqR0fkSIJ8IfgzKOWwZ5kOT2UNfLq81Qk7rc=
 github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe/go.mod h1:z4n3u6as84LbV4YmgjHhnwtccQqzf4cZlSk9f1FhygI=
 github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8=

oauth2/oauth2_auth_code_test.go

@@ -1006,8 +1006,12 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
 				reg.Config().MustSet(ctx, config.KeyTokenHook, &config.HookConfig{
 					URL: hs.URL,
 					Auth: &config.Auth{
-						Type:   "api_key",
-						Config: json.RawMessage(`{"in": "header", "name": "Authorization", "value": "Bearer secret value"}`),
+						Type: "api_key",
+						Config: config.AuthConfig{
+							In:    "header",
+							Name:  "Authorization",
+							Value: "Bearer secret value",
+						},
 					},
 				})
 

oauth2/oauth2_client_credentials_test.go

@@ -290,8 +290,12 @@ func TestClientCredentials(t *testing.T) {
 				reg.Config().MustSet(ctx, config.KeyTokenHook, &config.HookConfig{
 					URL: hs.URL,
 					Auth: &config.Auth{
-						Type:   "api_key",
-						Config: json.RawMessage(`{"in": "header", "name": "Authorization", "value": "Bearer secret value"}`),
+						Type: "api_key",
+						Config: config.AuthConfig{
+							In:    "header",
+							Name:  "Authorization",
+							Value: "Bearer secret value",
+						},
 					},
 				})
 

oauth2/token_hook.go

@@ -71,20 +71,11 @@ func applyAuth(req *retryablehttp.Request, auth *config.Auth) error {
 
 	switch auth.Type {
 	case "api_key":
-		c := struct {
-			In    string `json:"in"`
-			Name  string `json:"name"`
-			Value string `json:"value"`
-		}{}
-		if err := json.Unmarshal(auth.Config, &c); err != nil {
-			return err
-		}
-
-		switch c.In {
+		switch auth.Config.In {
 		case "header":
-			req.Header.Set(c.Name, c.Value)
+			req.Header.Set(auth.Config.Name, auth.Config.Value)
 		case "cookie":
-			req.AddCookie(&http.Cookie{Name: c.Name, Value: c.Value})
+			req.AddCookie(&http.Cookie{Name: auth.Config.Name, Value: auth.Config.Value})
 		}
 	default:
 		return errors.Errorf("unsupported auth type %q", auth.Type)