add client_id to support Microsoft Entra ID in int128/kubelogin

markush81 · peick · commit 91c299a34deb · 2025-01-05T12:25:31.000+01:00
merges golang#764 (golang#764)
diff --git a/oauth2.go b/oauth2.go
@@ -224,6 +224,7 @@ func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOpti
 	v := url.Values{
 		"grant_type": {"authorization_code"},
 		"code":       {code},
+		"client_id":  {c.ClientID},
 	}
 	if c.RedirectURL != "" {
 		v.Set("redirect_uri", c.RedirectURL)
@@ -280,6 +281,7 @@ func (tf *tokenRefresher) Token() (*Token, error) {
 	tk, err := retrieveToken(tf.ctx, tf.conf, url.Values{
 		"grant_type":    {"refresh_token"},
 		"refresh_token": {tf.refreshToken},
+		"client_id":     {tf.conf.ClientID},
 	})
 
 	if err != nil {
diff --git a/oauth2_test.go b/oauth2_test.go
@@ -108,7 +108,7 @@ func TestExchangeRequest(t *testing.T) {
 		if err != nil {
 			t.Errorf("Failed reading request body: %s.", err)
 		}
-		if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
+		if string(body) != "client_id=CLIENT_ID&code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
 			t.Errorf("Unexpected exchange payload; got %q", body)
 		}
 		w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
@@ -152,7 +152,7 @@ func TestExchangeRequest_CustomParam(t *testing.T) {
 		if err != nil {
 			t.Errorf("Failed reading request body: %s.", err)
 		}
-		if string(body) != "code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
+		if string(body) != "client_id=CLIENT_ID&code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
 			t.Errorf("Unexpected exchange payload, %v is found.", string(body))
 		}
 		w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
@@ -198,7 +198,7 @@ func TestExchangeRequest_JSONResponse(t *testing.T) {
 		if err != nil {
 			t.Errorf("Failed reading request body: %s.", err)
 		}
-		if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
+		if string(body) != "client_id=CLIENT_ID&code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {
 			t.Errorf("Unexpected exchange payload, %v is found.", string(body))
 		}
 		w.Header().Set("Content-Type", "application/json")
@@ -436,7 +436,7 @@ func TestTokenRefreshRequest(t *testing.T) {
 			t.Errorf("Unexpected Content-Type header %q", headerContentType)
 		}
 		body, _ := ioutil.ReadAll(r.Body)
-		if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN" {
+		if string(body) != "client_id=CLIENT_ID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN" {
 			t.Errorf("Unexpected refresh token payload %q", body)
 		}
 		w.Header().Set("Content-Type", "application/json")

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func TestExchangeRequest(t *testing.T) {`
`108`	`108`	`if err != nil {`
`109`	`109`	`t.Errorf("Failed reading request body: %s.", err)`
`110`	`110`	`}`
`111`		`- if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
	`111`	`+ if string(body) != "client_id=CLIENT_ID&code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
`112`	`112`	`t.Errorf("Unexpected exchange payload; got %q", body)`
`113`	`113`	`}`
`114`	`114`	`w.Header().Set("Content-Type", "application/x-www-form-urlencoded")`
`@@ -152,7 +152,7 @@ func TestExchangeRequest_CustomParam(t *testing.T) {`
`152`	`152`	`if err != nil {`
`153`	`153`	`t.Errorf("Failed reading request body: %s.", err)`
`154`	`154`	`}`
`155`		`- if string(body) != "code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
	`155`	`+ if string(body) != "client_id=CLIENT_ID&code=exchange-code&foo=bar&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
`156`	`156`	`t.Errorf("Unexpected exchange payload, %v is found.", string(body))`
`157`	`157`	`}`
`158`	`158`	`w.Header().Set("Content-Type", "application/x-www-form-urlencoded")`
`@@ -198,7 +198,7 @@ func TestExchangeRequest_JSONResponse(t *testing.T) {`
`198`	`198`	`if err != nil {`
`199`	`199`	`t.Errorf("Failed reading request body: %s.", err)`
`200`	`200`	`}`
`201`		`- if string(body) != "code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
	`201`	`+ if string(body) != "client_id=CLIENT_ID&code=exchange-code&grant_type=authorization_code&redirect_uri=REDIRECT_URL" {`
`202`	`202`	`t.Errorf("Unexpected exchange payload, %v is found.", string(body))`
`203`	`203`	`}`
`204`	`204`	`w.Header().Set("Content-Type", "application/json")`
`@@ -436,7 +436,7 @@ func TestTokenRefreshRequest(t *testing.T) {`
`436`	`436`	`t.Errorf("Unexpected Content-Type header %q", headerContentType)`
`437`	`437`	`}`
`438`	`438`	`body, _ := ioutil.ReadAll(r.Body)`
`439`		`- if string(body) != "grant_type=refresh_token&refresh_token=REFRESH_TOKEN" {`
	`439`	`+ if string(body) != "client_id=CLIENT_ID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN" {`
`440`	`440`	`t.Errorf("Unexpected refresh token payload %q", body)`
`441`	`441`	`}`
`442`	`442`	`w.Header().Set("Content-Type", "application/json")`