OAuth: Forward id token to the data source (#42422)

* OAuth: Forward id token to the data source * Add tests * Forward id token in legacy API * Check if id_token is string or not
2025-02-25 18:55:37 -06:00 · 2021-11-29 17:40:05 +03:00
parent 58978dcf96
commit becfd776c3
3 changed files with 24 additions and 6 deletions
--- a/pkg/api/pluginproxy/ds_proxy_test.go
+++ b/pkg/api/pluginproxy/ds_proxy_test.go
@@ -487,15 +487,22 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
 			SignedInUser: &models.SignedInUser{UserId: 1},
 			Context:      &web.Context{Req: req},
 		}
+
+		token := &oauth2.Token{
+			AccessToken:  "testtoken",
+			RefreshToken: "testrefreshtoken",
+			TokenType:    "Bearer",
+			Expiry:       time.Now().AddDate(0, 0, 1),
+		}
+		extra := map[string]interface{}{
+			"id_token": "testidtoken",
+		}
+		token = token.WithExtra(extra)
 		mockAuthToken := mockOAuthTokenService{
-			token: &oauth2.Token{
-				AccessToken:  "testtoken",
-				RefreshToken: "testrefreshtoken",
-				TokenType:    "Bearer",
-				Expiry:       time.Now().AddDate(0, 0, 1),
-			},
+			token:        token,
 			oAuthEnabled: true,
 		}
+
 		var routes []*plugins.Route
 		secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
 		dsService := datasources.ProvideService(bus.New(), nil, secretsService)
@@ -507,6 +514,7 @@ func TestDataSourceProxy_routeRule(t *testing.T) {
 		proxy.director(req)

 		assert.Equal(t, "Bearer testtoken", req.Header.Get("Authorization"))
+		assert.Equal(t, "testidtoken", req.Header.Get("X-ID-Token"))
 	})

 	t.Run("When SendUserHeader config is enabled", func(t *testing.T) {